Security: Safe Practices
This article is a collection of material from different sources. I take neither credit nor blame for the ideas--only for putting them together. It is a work in progress and will be updated from time to time
The mac user is one of the greatest security features on the mac. Developing safe practices can help secure your mac from “intruders” of many kinds. Here are some tips on safe practices which can help you do that.
Set you email account Options to exclusive, or whatever the designation is, so that all email from senders not in your address book will go into a "bulk or junk mail" folder. Junk email should be treated as such, junk. If you don’t recognize the sender, delete the email.
Don’t fall for hoaxes. Check them on Google by typing the title with the word "hoax" at the end. Always check out forwarded stories before forwarding.
Restrain the urge to forward everything. If you must forward be discriminating and recipient specific. This is not only a courtesy to your recipients, but it might protect them from viruses or trojans, especially if they do not have the protection of Mac OS X. If forwarding to multiple recipients, use Bcc. (blind copy) so as not to publish your recipients' email addresses to the world.
Beware of “phishing”, emails that look like they come from legitimate sources, with websites that look authentic, but are not. If you have an account with that agency go to their secure website and click on "Contact Us", or similar link and check the authenticity of the communication you received.
Do not download files from sources you are not certain you can trust, and, even if you do, do not authenticate to install unless you know what you are about to install.
Do not give out any more information than you need to give out.
• You probably don’t even have accounts with the banks, firms, etc., sending the E-mails.
• Even if you did, banks and legitimate businesses send you security warnings via paper letters sent through the postal system, not via E-mail.
• You probably have never told your bank your e-mail address. If you do on-line banking, some computer somewhere knows your e-mail address, but this is not the same as the bank itself. The bank will contact you via postal letter.
• If a Web site demands a name and e-mail address before it gives you, say, a free Acrobat document on computer security, make one up. A good one to use is the mythical william.gates@msn.com living in the mythical town of Redmond, WA.
• If you must give valid information to, say, your bank, limit what you give out. A web site has no need of your Social Security number, or your mother’s maiden name, or your birth date.
• Keep in mind that firms often sell information they collect. So if a site absolutely insists on a bunch of irrelevant personal information, make it up. You won’t mind them selling fiction to someone else.
• One common data harvesting technique used by legitimate sites is the personal question with personal answer technique, used for verifying identity of lost passwords and such. In this technique – entirely legitimate – the site might ask for your birth date. But since the business might sell the birth date, don’t give them your birth date. Give the birth date of your pet hamster. Or see if the site accepts “chocolate” as a birth date. Everyone knows things go better with chocolate.
See also
Security: Maintenance
Security: OS Hardening
The mac user is one of the greatest security features on the mac. Developing safe practices can help secure your mac from “intruders” of many kinds. Here are some tips on safe practices which can help you do that.
Set you email account Options to exclusive, or whatever the designation is, so that all email from senders not in your address book will go into a "bulk or junk mail" folder. Junk email should be treated as such, junk. If you don’t recognize the sender, delete the email.
Don’t fall for hoaxes. Check them on Google by typing the title with the word "hoax" at the end. Always check out forwarded stories before forwarding.
Restrain the urge to forward everything. If you must forward be discriminating and recipient specific. This is not only a courtesy to your recipients, but it might protect them from viruses or trojans, especially if they do not have the protection of Mac OS X. If forwarding to multiple recipients, use Bcc. (blind copy) so as not to publish your recipients' email addresses to the world.
Beware of “phishing”, emails that look like they come from legitimate sources, with websites that look authentic, but are not. If you have an account with that agency go to their secure website and click on "Contact Us", or similar link and check the authenticity of the communication you received.
Do not download files from sources you are not certain you can trust, and, even if you do, do not authenticate to install unless you know what you are about to install.
Do not give out any more information than you need to give out.
• You probably don’t even have accounts with the banks, firms, etc., sending the E-mails.
• Even if you did, banks and legitimate businesses send you security warnings via paper letters sent through the postal system, not via E-mail.
• You probably have never told your bank your e-mail address. If you do on-line banking, some computer somewhere knows your e-mail address, but this is not the same as the bank itself. The bank will contact you via postal letter.
• If a Web site demands a name and e-mail address before it gives you, say, a free Acrobat document on computer security, make one up. A good one to use is the mythical william.gates@msn.com living in the mythical town of Redmond, WA.
• If you must give valid information to, say, your bank, limit what you give out. A web site has no need of your Social Security number, or your mother’s maiden name, or your birth date.
• Keep in mind that firms often sell information they collect. So if a site absolutely insists on a bunch of irrelevant personal information, make it up. You won’t mind them selling fiction to someone else.
• One common data harvesting technique used by legitimate sites is the personal question with personal answer technique, used for verifying identity of lost passwords and such. In this technique – entirely legitimate – the site might ask for your birth date. But since the business might sell the birth date, don’t give them your birth date. Give the birth date of your pet hamster. Or see if the site accepts “chocolate” as a birth date. Everyone knows things go better with chocolate.
See also
Security: Maintenance
Security: OS Hardening
0 Comments:
Post a Comment
<< Home