I have a firewall – am I good?

Firewalls are one of the many components defending our networks and computers from unwanted connections. But how do they help keep us secure? Imagine a firewall as a building with many doors. Each door controls access to a particular service on your computer.  For example, hosting a web page or running a database on your computer would be a legitimate service.  If you would like people outside the building to view your web page, you would need to open the door controlling access to that particular service.  Conversely, preventing unwanted outside connections to your database means you need to shut the door controlling access to that service. This type of control prevents people from just wandering in and connecting to any open service on your computer.  Keep in mind that people inside the building can come and go as they please.

So how do the bad guys manage to get in if the doors are closed?

  • Laptops or other portable devices coming into the house may carry infections that can open a door from the inside
  • Unauthorized Wi-Fi access points can open a backdoor into the house
  • Malicious code in a smartphone app can be hidden in legitimate services that can execute when brought back inside the house
  • Unpatched services that have an open door can be exploited to allow additional levels of access
  • People opening their email inside the house can release a virus infecting them or the rest of the building

To make it more difficult for hackers from gaining access, additional defense mechanisms such as anti-virus, anti-spam, and patching your computers are used in conjunction with the firewalls.  Employing various technologies such as these is known as Defense in Depth, and it helps to head off the intruders whenever they manage to find an opening.

So while firewalls may be considered our first line of defense, they are by no means our only tool in the security toolbox to help keep us secure.

Social Media – What Hackers Can Learn About You in Less than 30 Minutes

Have you ever stopped to think how much information about yourself is freely available online? With over 2 billion active social media accounts today, hackers are shifting their focus to target social media users. In less than 30 minutes, nearly anyone can learn your name, email address, location, past work experience, hobbies, and more just by looking at your profile. If hackers gain access to other information such as a credit card or social security number, they can even apply for loans and mortgages in your name.

Here are some ways to protect your personal information and keep your online presence secure when using social media by visiting one of industry’s leading authority on security awareness.  What Hackers Can Learn From Social Media in Less than 30 Minutes.  (pdf viewer is required).

Additional Resources:

Stay Safe Online
Staying Safe on Social Networking Sites
5 Tips for Social Media Security and Privacy



Protecting Your Digital Life – 2 Steps Ahead

Using a password alone to secure your data on online accounts is the first step toward protecting yourself. Learn how to take the second step and add an extra layer of security and take control of your online accounts with 2 step authentication. Get more at www.stopthinkconnect.org/2stepsahead.

This video is courtesy of the Stop.Think.Connect campaign as part of the National Cyber Security Awareness Month.

Two-step, multi-factor authentication or 2FA is a security tool that uses multiple verification techniques to prove that the person attempting to log onto an account is really that person.

One method with which many of us are already familiar is that special code we receive via phone text after we’ve logged onto a password-protected site or app on our laptop or other device from a browser we normally don’t use. We gain access to our account only after we correctly enter the code.  Banks have been doing this for years to protect your information.

Two-factor authentication can combine multiple types of verification.

Some of these methods include:

  • Something you know: a password, code, passphrase or PIN
  • Something you have: a physical token, chip,  or phone

These methods provide an extra layer of security. Most people only have one layer – their password – to protect their account. But combining something you know (your password) with something you have (your phone, token, etc.), makes your account even more secure.

In just one example of its use, Information Technology has enabled two-factor authentication for system administrators accessing UML resources from off-campus locations via our Virtual Private Network (VPN).  Stay tuned for more 2FA announcements accessing other applications like HR Direct and SIS.

Big sites already using two-factor authentication include Facebook, Twitter, Dropbox, Gmail, PayPal, eBay, and Amazon Web Services.

Turn It On: See step-by-step instructions on how to add two-factor authentication to more than 100 online accounts



How To Create a Cyber Secure Home

Most homes have devices linked to their wireless networks, including computers, laptops, gaming devices, TVs, tablets, and smartphones that access the Internet. To protect your home network and your family, you need to have the right tools in place and confidence that you and your family members can use the Internet safely and securely.

Secure Your Computers / Devices

The first step is to keep a clean machine and make sure all of your Internet-enabled devices have the latest operating system, web browsers and security software. These are the best defenses against viruses, malware, and other online threats.  This includes mobile devices that access your wireless network.  Whenever possible, enable automatic updating.

If possible, have two computers at home: one for parents and one for the children.  If you are sharing one computer, make sure you have separate accounts for everyone and the children do not have privileged (administrative) access.

Secure Yourself

Cyber attackers have learned years ago that the best way to get something is simply to ask for it. Use your common sense as your best defense.  If a message seems odd, suspicious, or too good to be true, it may be an attack.   Examples:

Someone calls your pretending to be Microsoft tech support. They claim your computer is infected and would like remote access to your computer to “fix” it, or want you to purchase their fake anti-virus software.

“Phishing” emails are very convincing and are designed to fool you into opening an infected attachment or clicking on a malicious link. These emails may appear to come from a friend or organization you know.  If you are not sure or something just doesn’t look right, call the user or company using a phone number you know to be valid and legitimate.  With the explosion of social media, cyber criminals may even use details from your social media accounts to craft a customized message.

Secure Your Home Network

A wireless network means connecting an Internet access point – such as a cable modem – to a wireless router. Going wireless is a convenient way to allow multiple devices to connect to the Internet from different areas of your home. However, unless you secure your router, you’re vulnerable to people accessing information on your computer, using your Internet service for free and potentially using your network to commit cyber crimes.

  • Change the name of your router: The default ID – called a “service set identifier” (SSID) is assigned by the manufacturer. Change your router to a name that is unique to you and won’t be easily guessed by others.
  • Change the pre-set password on your router: When creating a new password, make sure it is long and strong, using a mix of numbers, letters and symbols.  Be careful with whom you share this password.
  • Configure your Wi-Fi network so that if anyone wants to join it, they must use the password.  Additionally, always configure your router to use the latest encryption, which is currently WPA2.
  • Be aware of all the devices connected to your home network, including baby monitors, gaming consoles, sound systems, TVs, and smartphones.   They all can be used as attack vectors into your homes.  Make sure that they are running the latest versions of the software (sometimes called firmware) on them, downloadable from the manufacturer.
  • If connecting to UMass Lowell resources (i.e. servers, network file shares, you must use the campus VPN solution (https://vpn.uml.edu) to encrypt the traffic from your home device to the UMass Lowell network.

Secure your Accounts

Like most people, you probably have many accounts online and on your devices and computers. Here are some simple steps to protect them:

  • Always use strong passwords that are hard to guess.  If possible, use passphrases such as “RedSoxAreTheBest!”
  • Use different passwords for each of your accounts and devices.  If you have too many accounts and too many passwords, use a password manager to securely store them.  These are applications that securely store all of your passwords in an encrypted vault.
  • Use a two-step verification whenever possible.  This is also called 2 Factor Authentication (2FA).  This uses a password and something else to log into your account such as a code sent to your smartphone.  Banks have been using this for a few years now.
  • On social media sites, post only what you want the public to see.  Assume anything you post will eventually be seen by your neighbors, strangers, or even your management.

Have You Been Hacked?

No matter how secure you are, sooner or later you may become a victim of an online crime or even hacked. Here are some tips:

  • Create regular backups of all your personal information.  If your computer or mobile device is hacked, the only way you can recover all of your personal information may be from backups.
  • If one of your online accounts have been hacked, immediately log in and change your password to something strong and unique.  If you no longer have access, contact the company.  If you use that same password on other accounts, change it on those too.
  • Monitor all of your credit cards.  If you see any charges you do not recognize, contact the credit card company right away and consider “freezing” your credit.
  • When banking and shopping, check to be sure the sites is security enabled. Look for web addresses with “https://” which means the site takes extra measures to help secure your information. “http://” is not secure.

Top 10 Ways to Keep Your Information and Data Safe!

Steven couldn’t wait for his first year at college. But what he didn’t know was how a simple list could protect him from a world of hurt!

Follow the top ten ways to keep your information and data safe online, and avoid Steven’s mistakes.

1) Install the University’s free antivirus software
2) Create strong passwords
3) Be Careful what you store online
4) Limit your public online presence
5) Lock or log off unattended devices
6) Keep your devices updates
7) Regularly check your online accounts
8) Be aware of phishing scams
9) Download files legally
10) Secure your mobile devices

For more information, visit: