[Company Logo Image]    

Home
Services
Site Search
Products
Security
About Us
"Help & Tips"

Hit Counter

140 Village Shopping Center Westminster, MD 21157   (410)- 848-7100

Computer services designed around the way you live & work!

This pages quick Links:

Phishing   Identity Theft   Access Control   File Sharing - P2P   "Post-it" - Passwords

IT Techs & Admins   Data Encryption   Securing PCs   Anonymity   Vulnerability

Couri Technology - Our 10 "Laws" of Security

Learn what you can do to prevent becoming a victim of Hacking...

Couri Tech is helping our customers defend themselves against Hackers, Crackers and Electronic Data Thieves! We help defend your digital and virtual identity on the electronic front!

Law#1 - If you see a penny and pick it up, all day long will you have good luck?... Not Necessarily!  You could contract PC viruses (or even lose your identity)!

  • Once a bad guy has enticed you into loading a program or picking up their file and loading it to your PC, you hand over control to what the program is designed to do!

    • You could be transmitting bank account and credit card numbers to a hostile source

    • You may be infecting yourself with PC Virus or Trojan Horse!

  • The old saying that if it looks to good to be real, it probably isn't... is most often true!

    • In the case of "free computer programs" that help stop viruses or state they will protect your PC, be 100% it is a sure and reputable link you are following if using a web search!

    • Use McAfee Site Advisor to check the web for valid links (if available)

      • Be certain the link generates a before visiting or downloading any software

  • Never click an email link that takes you to a bank, payment portal, or other site that is asking you for personal or private information if you didn't first request the site to send you the link!

    • This is called a "Phishing Scam", (i.e.) Phishing for information!

    • Verify any site "link" you've been given by calling the requestor or services provider

    • Add any email contact list user names to your address book in advance when you create an account with a company (such as your electric company, or gas utility provider)

    • Do not respond to requests that don't match the email you have listed in your address book without verifying

    • Call information requestors by dialing their "known and published" phone number (or) contact them using other best practices contact confirmation methods such as visiting their location

  • Do not assume that a web "link" or email request that includes an "800" phone number is giving you a correct number

    • It's just as easy to set up an (800) or (888) type phone number that leads to a scam artist, as it is to set up a scam email (and) website. All take merely minutes to establish and are easily removed!

    • Call information (or 411 where available) and get a legitimate phone number, it usually takes weeks to establish a phone number in 411, and requires a verification process before new listings occur

  • Nothing is free, and "no one ever gives away the keys to the kingdom" -

  • Not at least without getting something better in return

  • So the next time you see a penny, ask yourself where its been and who's going to want it back... with interest?

Law #2: If a bad guy can alter the operating system on your computer, it's not your computer anymore!

You probably wouldn't let your teenage children, their friends from school, or mere acquaintances handle or protect your bank account or retirement funds... "right"?

  • Often times that's exactly what you do when you allow your children, friends, or others who diagnose your PC problems

If you protect your PC like you would protect your money, you only allow yourself (or) a trained professional to make decisions about how its used!

  • When you allow access to your PC, you allow access to everything contained on it, and everything you do or have ever done is potentially being compromised as a result.

  • Create and use separate usernames or accounts on your PC and be sure your private folders are password protected (and/or) will only be viewable when your PC is logged in as your identity

  • Use a password protected screensaver to lock your PC within a short time period of inactivity if your PC is in an easily available space to others

  • Log out of your PC when you are not using it!

Unknowingly many PC users risk losing years of work, or can even face years of hardship if their data is compromised

  •  Identity theft is at epidemic proportion, and it's no longer a crime being perpetrated by seedy criminals, can even be your next door neighbor

  • Never allow anyone you wouldn't trust with your most trusted secrets access your PC, its registry files, or operating system files as an administrative user

  • If you "have to allow" this type of access to your computer for purposes of PC repairs or upgrades, be 100% sure the repair technician is a licensed professional

    • Ask to see credentials, certifications, business card and "only use professionals you contacted first"!

  • Never approve a "cold call" service request without verifying the source and their business identity

    • Check your states business records online first to be sure the technician or business is  certified, insured and legitimate

  • Check your local Better Business Bureau to see if the company has any known "bad listings" or a lengthy list of service complaints

Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore!

What could a bad guy do with your PC if he has unrestricted physical access?

  • How about steal it, smash it, reconfigure it, Hack it, put a Virus on it, put a password stealer or keystroke logger on it... and more!

The thought that you may not have any enemies isn't the point!

  • A person who is looking to steal or cause destruction rarely cares how you feel about the world, or specifically what your thoughts are

  • Some people will steal from you simply because they can

  • Often times your thoughts play no role in their crimes or decisions

  • What else can a bad guy do with your PC..., the possibilities are endless

    • What's the worst that could happen you might ask yourself, maybe you identify yourself as a "no risk" type of user.

  • Guess again?

If your PC connection is hijacked and then your resources are used to help coordinate an attack on a government resource, bank or other business entity you are liable!

  • YOU CAN BECOME LEGALLY LIABLE FOR DAMAGES & SUFFERING CAUSED FOR NEGLIGENCE TO SECURE YOUR PC THROUGH REASONABLE MEASURES!

    • Like a drunk driver, you become responsible for your lack of control over your PC, or "vehicle" since it is attached to any publicly available resource (such as the internet) where it can do harm when used improperly

What can you do to prevent unauthorized use of your PC?

  • Lock servers and PCs up wherever possible in restricted areas

  • Use specific logins for every user, and use strong passwords (8 characters or more and combining numbers and letters)

  • Change passwords often and do not re-use passwords

    • Only provide access to your hardware or data using "known and trusted" sources... even then, set up log files that record access times and store logs separately from your actual PC

  • Use desktop and notebook cable lockdown devices to keep your PCs from easily being walked off with

  • Use encryption on your data and passwords, so if your PC does get stolen... your data can't be read

  • Don't use blank, or easy to guess passwords as a measure of protection

    • Above all never give anyone administrative access to your machine when you are not available to monitor their use unless you are 100% positive they are trustworthy

  • Backup your data frequently using methods such as external hard drives, thumb drives or online web backups

Law #4: If you allow a bad guy to upload programs to your website, it's not your website any more!

  • If you use a shared server for hosting your website, read the administrative policy regarding uploads by clients.

    • If any one site being hosted (on the shared server) then all accounts may be is compromised, your data may be at risk.

    • Shared servers share absolutely... even Merchant Data which may include credit system information, customer databases, confidential company information files and more.

  • Ask about business insurance policies that cover you in the event of theft, or even system failures and downtime.

    • If the server accesses files stored locally on your system, remember that host allows this then "Most likely" - to all their customers - so who's responsible for losses caused by the hosts failure to remain online due to a security breach? 

    • In this case you are only as protected as the other clients are trustworthy.

      • If you are not willing to give up the benefit of website security on a co-hosted or shared hosting server, you can always ask about the cost of hosting your own server

    •  Even if your being hosted at your providers facility, you may not always want to share!

Law #5: Weak passwords trump strong security!

  • Ever seen a "post-it note" password system?

    • Who hasn't..., we see this all the time?

      • The question is why would anyone even bother to use a password then?

    • You don't normally see someone posting their bank account number on their license plates (or) call and ask to have their private phone numbers with known telemarketers ...

      • yet every day these people give up their most basic protection of their possessions by showing the world how to access everything they have stored on their PC.

  • So, what can you do to prevent this? Use a pass phrase instead of a password, such as the following phrase:  "I never met a man I didn't like"!

    • Try using just the first letters of this phrase... "InmamIdl"

      • Lets say you might then even change some things about it such as adding a few capital letters or making some letters such as the letter "I" into the number (1) or, using the number "3" in the place of an "E"...,

      • the resulting password would be 1nmam1dl which is far more secure than the first . It's also a phrase you can remember without resorting to a "post-it" note

  • Its also always good to add a character such as a ? or $ somewhere in the Username Password Line if possible

  • The result may look like this - 1Nmam1dl! This password will often take months or years to crack - unless it's written on your monitor as a "post-it password"

    • If you leave a "password post-it" in your top drawer of your desk or monitor, or under your keyboard you may as well just hand over your checkbook - pre-signed!

  • Given away freely to anyone who looks, everything you hold privately as data is compromised the second your password is known by others.

Law #6: A computer is only as secure as the administrator is trustworthy!

  • The administrator holds absolute power and control over everything your computer does.

  • Before you give this type of access to just anyone, check their credentials, ask for PC certifications or references and be sure you are dealing with a trustworthy and reputable source!

    • Certified technicians carry credentials cards (most often), you can always check their Microsoft, Comp-TIA A+, net+, etc..., or even Dell, HP or other certifications online

  • If possible create a separate "admin" account that they can use, but be sure your files are privately controlled and stored before giving unnecessary access over.

    • Never tell your PC to remember passwords, instead use an encrypted file that only you have access to in order to store your passwords.

  • Disable the actual named "administrator" account and instead, give each administrator a separate account with administrative privileges

    • Do not use one username for all accounts - even administrators should use different name

    • No username should be easy to guess (such as admin)

    • This way you can tell which admin is doing what using the log files

  • Finally, consider taking steps to make it more difficult for a rogue administrator to cover his tracks.

    • For instance, store audit data on write-only media, or house System A's audit data on System B, and make sure that the two systems have different administrators

  • The more accountable your administrators are, the less likely you are to have problems

Law #7: Encrypted data is only as secure as the decryption key!

  • One in 10 houses have a key under the mat (or) in a hide-a-key within 5 feet of a front door. It's amazing how many people think this is safe, and how many crooks know it isn't!

    • If you wouldn't be likely to leave your house front door open and then go on vacation. you probably wouldn't knowingly leave your most confidential personal data in such a vulnerable state either.

  • Encrypting your data and then sticking the decryption key on a piece of paper and lying next to your PC isn't practicing security

    • Store your system keys or cryptographic keys on another privately secured disk rather than the same "local" hard drive, and use Syskey to secure your windows boot up screen with a password requirement of at least 12 characters and make use of the pass phrase method mentioned previously.

  • If you have the need for strict security & the ability to do so..., require the insertion of a thumb drive to load your operating system, or use a thumb scanner (avg. cost $50)

    • Never store your password authentication key on the same PC if it can be accessed by others (in particular any laptop or mobile computers). This includes cell phones, PDA's and other handheld devices that can store and transmit potentially confidential data.

  • If you require security, practice security as a methodology... , always remember the worst can always happen at any moment

Law #8: Out of date virus scanners & un-patched operating systems - are only marginally better than no virus scanner at all & data theft waiting to happen!

  • Every day there are new viruses introduced to the internet. We all know this, and it is unfortunately a fact of life on the internet

  • If you don't protect your PC by updating your Anti-Virus program you are at a huge risk of becoming infected

    •  Nearly 95% of all PCs are infected with Spyware, Malware, Viruses, Trojan Horses, Greyware, Adware or other malicious hacking programs right now

    • All viruses are destructive in nature, most will steal data and often re-direct your confidential data to run itself through someone else's servers (to their benefit) 

  • Daily updates of anti-virus definition files, and getting your operating systems updates frequently are your best protection

  • If you don't have a regular schedule of scanning your PC for infections by using an array of detection software, then you are only as strong as your weakest protected link

  • Let a few Spyware programs load at the expense of having a good Anti-Virus program and the backdoor is open to anything out there. Multi-pronged approaches work best.

  • There is a multitude of free programs out there that you can download that say they protect you, many are there to hurt you

  • If you really want to know which programs are best for protection, ask a professional technician to help you.

  • Visit your operating system manufacturers website (such as Microsoft.com) and search for best security programs they may recommend such as Spybot - Anti-Spyware or run a keyword search for "security"

    • Your operating system and the programs that reside on your PC are more than just internet browsers (such as AOL), your PC holds information regarding your identity

  • If you are relying solely on your internet browsers default security settings to protect your PC, you are sorely lacking in full PC protection.

Law #9: Absolute anonymity isn't practical, in real life or on the Web!

  • The internet is a public forum of users interacting together!

    • You can hide sometimes, but given enough time and effort anyone can track you and find out where you've been or what you've done, and can learn what you do when you are online

  • Websites for example often log your assigned login session IP (Internet Protocol) address when you use their services

    • This means there is a public record of you visiting the site

      • Even using an anonymous server, your modem or router may not mask your IP using public PCs

      • Internet cafes are not a safe haven from discovery, and often because they are publicly available systems they are often frequented by hackers looking for easy targets

  • Making use of "anonymous ID"- type software may mask you to some degree, but nothing will make you 100% transparent on the web (everything leaves some footprint or clue that can be followed

    • Any web you visit, may re-sell your information at any time to other people

    • If you ever visited a website at any time, this means your identity and IP has already been recorded, and often it has already been resold within 24 hours

    So..., What can be done?

    • Use common sense when surfing the web

  • Read the confidentiality statements when you subscribe to a service or visit a site that requires you leave personal information, then unsubscribe from their mailing lists or tell them you wish to be removed from their re-sellers list

    • Maybe one of the best protections that is most practical to use, is to not use your real name for anything you don't absolutely have to? 

  • Create a web persona or screen name such as "Ima Dguy" instead of using your real name

    • As a separate security measure you should never use the same password for a website as your PC or any other accounts that hold valuable data - that way if one is compromised, not all will follow

  • Create your own method whereby you can remember a password for any given site, such a using the websites name backwards.

    • An example of this would be using tfosorcim for a login password to get into your Microsoft web account (and for those of you who think that we (as a company) are only "that simple", don't even bother trying it!

  • The point is to do something rather than have one username and password for everything you do

    • If the bad guys get a password to one site, then they may have passwords to all your sites

      • To us that is a scary prospect that we'd rather avoid at all costs.

Law #10: Technology is not a panacea!

  • No matter who you are.., or what gadgets you own - you just aren't going to be invulnerable!

  • In reality all the extra gadgets you live with require more security that are at increasing risks of new attack methods on a daily basis.

  • Banks get robbed, how many people would rather steal from a blackberry or laptop than a bank?

  • It isn't just the software system, or the physical access to your system that can be compromised

    • People, and poor training are usually more responsible for larger losses to a business over time than any one robbery can make in a single take

    • Unwittingly, your secretary or associates may be using your administrative password at times, if ever given to them... to run simple duties such as printing a vendor check

    • Create different user accounts for everyone that needs administrative access in the vent one password is compromised so all "admins" don't have to be compromised at once company-wide if a password leak occurs

  • The solution is to recognize two essential points

    • First - Security consists of both technology and policy - that is, it's the combination of the technology and how it's used that ultimately determines how secure your systems are

    • Second - security is a journey, not a destination - it isn't a problem that can be "solved" once and for all

  • Good security is the result of constant series of moves and countermoves between the good guys and the bad guys

    • The key is to ensure that you have good security awareness and exercise sound judgment. There are resources available to help you do this. The Microsoft Security website, for instance, has hundreds of white papers, best practices guides, checklists and tools, and we're developing more all the time

  • Combine great technology with sound judgment, and you'll have rock-solid security

Send mail to webmaster@couritech.com with questions or comments about this web site.
For Warranty Terms and Conditions information please click here! For Terms and Conditions of All Sales information please click here!
Copyright © 2007 Couri Technology - This website designed and hosted by Couri Technology This site last updated: 11/23/2007

Couri Technology & Digimajig are subsidiary's of Couri Enterprises, LLC - Both are copyrighted © for protection!