Update your
operating system and applications

Security holes in software are often discovered, so the software developer usually distributes fixes/patches/updates
that address these issues. Virus and spyware scanning software also prompts you to update their definitions to detect more recent threats.

Scan for Viruses

UCLA provides Sophos Anti-Virus for free (www.bol.ucla.edu/software/sophos)
and we install it on the computers we issue, so I’ll assume that’s what you’re
using.

Scan for Spyware

UCLA provides Webroot Spy Sweeper for free (www.bol.ucla.edu/software/spysweeper).
Windows users should periodically scan for spyware…

Get a Second Opinion

No virus/spyware (aka malware) scanner detects all threats. To improve your chances of detecting and removing threats, or if you don’t have a virus/spyware scanner installed, try an online malware detection/removal utility.

• Trend Micro Housecall (Windows)
  http://housecall.trendmicro.com/

If you encounter anything puzzling or suspicious, contact me as usual.

1. Enable WPA (recommended) or WEP encryption on your router
   To oversimply, enabling encryption “password-protects” your wireless network. It’s kinda like your router and your computer doing a secret handshake before each transmittion. Yes, WEP and WPA can be hacked by moderately knowledgeable geeks. WEP can be hacked in minutes, but to do so is beyond casual Joe who just wants free internet. WPA is well… much stronger… so use WPA. If your router is so old it doesn’t offer WPA encryption, either use WEP (better than nothing) or buy a new router.
   Whichever one you use, always use a strong password (random is better) or the encryption becomes more or less useless.
   To enable encryption on your router, refer to the manual :oP. You’ll also need to configure the wireless profile on the computers connecting to the router.

Oh ummm… I guess that’s just the key thing for a relatively secure network. There’s a few other things you can try to make your network more secure, but I don’t mention them because they’re mostly crap. They don’t hurt though. It comes down to this:

• If Joe Shmoe wants to steal your internet, either of the afforementioned encryption methods is enough to keep him out.
• If Joe Shmoe is actually l337 h@x0r, he’ll quickly get through WEP and the other crappy “security measures” most articles suggest.
• It will be quite difficult or near impossible (not worth the effort) to get through WPA that has a strong key (“password”).

If all you do on the internet is read webcomics and blogs, you probably don’t have much to be concerned about, but if you manage any finances, consider using WPA encryption.

Why create strong passwords?

Pretend I’m a criminal (pretend)… I cracked your password. Now I can…

• Change your password.
• Access shared sensitive information on a network. If your account is part of a group, their data has also been compromised.
• Conduct illegal activity using that account. Don’t take it personally. I just prefer not to conduct illegal activity on my own account.
• Possibly access login information for your other, more important, accounts. I can view registration e-mails or have password reminders sent to that e-mail account if you used it to register for other accounts.

What can I do to increase my safety?

• Change your password periodically
  Viruses and spyware may find or intercept your login information. You can’t always tell if your login information has been compromised, so change your passwords every few months.
• Use different passwords for different sites
  If a password on one account is compromised, your other accounts won’t be automatically compromised.
• You can write down hints
  Write a sufficient hint, not the password. Keep them somewhere safe, like your wallet or a safe. A Post-It note on your monitor may seem like a fortress of security, but research indicates it’s deceptively easy to access. (Or use a password manager. Details at the bottom of this post.)

What’s a strong password?

Your password may not be as strong as you think. Widely available “brute force” password cracking tools make rapid attempts at guessing your password, often from “dictionaries” of default passwords, common passwords, English words and phrases, and literally every combination of characters depending on how patient the intruder is.

To increase your password strength…

1. Increase the length. Shoot for at least 8 characters.
2. Increase the variety of characters by mixing letters, numbers and symbols.
3. Increase the apparent randomness. Do not use words, names, or anything directly associated with you or the username (birthday, address).
4. Make it something you’ll remember. Passwords are intended to keep others from accessing your resources.

This information and the work involved in changing the way you handle your passwords may seem overwhelming. It may not be necessary to take all these measures, but please give the issue some thought and be aware the easiest targets are the complacent ones.

If this all seems like too much work, consider a popular option: Use a password manager. This is software that keeps track of your passwords, so you only need one password to access everything. Click here to see popular password managers for Windows and Mac.

If you want to prevent people from leeching your internet and snooping around your network and possibly even messing with your router’s settings, take the following steps:

1. Enable WPA (recommended) or WEP encryption on your router
   To oversimplify, enabling encryption “password-protects” your wireless network. It’s like your router and your computer doing a secret handshake before each transmission. Yes, WEP and WPA can be hacked by moderately knowledgeable geeks. WEP can be hacked in minutes, but to do so is beyond casual Joe who just wants free internet. WPA is well… much stronger… so use WPA. If your router is so old it doesn’t offer WPA encryption, either use WEP (better than nothing) or buy a new router.
   Whichever one you use, always use a strong password (random is better) or the encryption becomes more or less useless.
   To enable encryption on your router, refer to the manual :oP. You may need to configure the wireless profile on the computers connecting to the router, but in most cases you’ll simply be prompted for the “password” (or key) upon connecting to the network.

Oh ummm… I guess that’s just the key thing for a relatively secure network. There’s a few other things you can try to make your network more secure, but I don’t mention them because they’re mostly crap. They don’t hurt, though. It comes down to this:

• If Joe Shmoe wants to steal your internet, either of the aforementioned encryption methods is enough to keep him out.
• If Joe Shmoe is actually l337 h@x0r, he’ll quickly get through WEP and the other crappy “security measures” most articles suggest.
• It will be quite difficult or near impossible (not worth the effort) to get through WPA that has a strong key (“password”).

If all you do on the internet is read webcomics and blogs, you probably don’t have much to be concerned about, but if you manage any finances, consider using WPA encryption.