December 24 – Most importantly, stay informed

We have finally come to and end in our Christmas calendar “24 tips for a secure Christmas” with a new tip every day until Christmas. Finally, our security tip #24 for a secure Christmas is most importantly, stay informed. It is very important to stay up to date in order to be able to make decisions and have all the information at hand. Being unaware of a security vulnerability that came out during the morning can mean that your systems are compromised in the evening. At Basefarm we post security related information on our blog, which can be one way to stay informed.

We hope you have found this Christmas calendar useful and we hope that we have learned you some new security tips for a secure Christmas.

Competition – chance to win a Christmas gift!

Now, we would like YOU to tell us how your secure Christmas looks like. Send an e-mail to blog@basefarm.com and illustrate your secure Christmas in a short text, photo or video. We appreciate if you are creative and please send a few words on what you like with our company blog 🙂 The prize for the winner is an Ipad mini from Apple! We will contact the winner after Christmas.

As this will probably be the last blog post from us this year, we would like to thank all of our readers for this year and wish you a Merry Christmas and a Happy New Year!

Have a secure Christmas!

ipad-mini-step1-black-2013 ipad-mini-step1-white-2013

 Previous security tips from our Christmas calendar

 

December 23 – Use Antivirus

Time flies! Tomorrow we will give you our last security tip for a secure Christmas. It will be the most important tip from our point of view. Tomorrow you will finally also find out how to win a Christmas gift from us at Basefarm! But first, we will give you security tip #23 today that is to use antivirus. While Antivirus is certainly not the rescuer of all, it still gives you a basic form of protection that should not be underestimated. It relies on MD5 hashes to find viruses on your computer, and while that means you will probably not find viruses tailored specifically for you, it means it will find the generic virus strings that are going around on the Internet.

basefarm-use-antivirus

Previous security tips from our Christmas calendar

 

December 22 – Deploy encryption whenever it is available

It’s time for another tip for a secure Christmas. Security tip #22 in this Christmas calendar is to deploy encryption whenever it is available. You should make sure that you encrypt whatever that can be encrypted, especially if you are traveling for Christmas and are in public spaces. The reason for this is of course that someone managing to get a hold of your servers, laptops, mobile phones or tablets when you don’t have encryption and would have the keys to kingdom. Everything on the devices would be available for them, which most likely include files that they should not have access to. Certain systems cannot run encryption for various reasons, but workstations, mobile phones and tablets are three things that should always have encryption.

basefarm-mobile-devices-

Previous security tips from our Christmas calendar

December 21 – Delete data securely

Security tip #21 in our Christmas calendar is to delete data securely. When deleting data, it is important to make sure it’s completely wiped. Simply emptying the trash bin or running “rm” on a file doesn’t mean it’s fully deleted. The file can still be returned to its original state by very little work. In order to make it non-recoverable you should wipe your file with one pass, meaning you will overwrite it with 1’s before returning it to 0’s. Tools you can use to do this for Windows include sdelete, and shred for Linux. Those with a larger budget should of course consider a degauser, and those who simply want to completely destroy the entire hard drive should be sure to drive a screwdriver through the discs of the hard drive as burning or putting it in water won’t help you.

basefarm-delete-button

Previous security tips from our Christmas calendar

BF-SIRT Newsletter 2013-51

This week shows the importance of keeping up-to-date. As we reported earlier in a post, there was a patch for a ColdFusion vulnerability in the end of November. This has now been used on multiple sites, and you can read here about how Attackers exploited ColdFusion vulnerability to install Microsoft IIS malware
The newsletter will take a small break now, to return on the 2nd week of 2014 (11th of January to be exact). We hope everyone have a great holiday!

Top 5 Security links
Botnet Enlists Firefox Users to Hack Web Sites
Resurgence of malware signed with stolen certificates
Unlocking CryptoLocker: How infosec bods hunt the fiends behind it
Attackers exploited ColdFusion vulnerability to install Microsoft IIS malware
Foreign attackers hacked elections site during government shutdown

Top 5 Business Intelligence links
IT pros are playing cat and mouse with cybercriminals
The Case for a Compulsory Bug Bounty
93% of large organisations had a security breach last year
Energy Department Breach Years In Making, Investigators Say
Report: In 2013, more than one million U.S. computers were infected with banking trojans

BF-SIRT Posts
December 20 – Remove unnecessary programs or services from your computer
December 19 – Log out or lock your computer when stepping away
December 18 – Never share passwords or passphrases
December 17 – Practice the principle of least privilege (PoLP)
December 16 – Use an Intrusion Detection System
December 15 – Deploy two-factor authentication
December 14 – Have security on all your devices

December 20 – Remove unnecessary programs or services from your computer

Only five tips left for a secure Christmas, and you can soon win a Christmas gift in this Christmas calendar! Security tip #20 is to remove unnecessary programs or services from your computer. You should make sure that your system only have the minimum required software for your task installed. This is not only due to performance reasons, but the more applications you install, the more attack vectors you leave open for an attacker. Do you really need Adobe Reader on your system, or is using the built in one enough? Most likely, the built in PDF reader is more than enough (and if it isn’t for a certain file, then you should really question the validity of that file).

basefarm-robot-pc

Previous security tips from our Christmas calendar

December 19 – Log out or lock your computer when stepping away

It’s time for another tip for a secure Christmas. Security tip #19 is to log out or lock your computer when stepping away, even for a moment. This is also very important to remember during travel times such as Christmas, as that means a lot of people go by train or plane. It’s easy to leave it on when passing through security or leaving it on the table when looking through your bag, but that also means it might be gone when you look back.

BASEFARM

Previous security tips from our Christmas calendar