|Ten Golden Rules for Secured Internet Use|
|By Itzik Aharon, the Quality Bytes Company
Human errors deriving mainly from unawareness, cause many users and especially organization, even though they may be well secured, to fall for the various dangers lurking around on the internet. The surfer's responsibility alone cannot solve the problem. There is a need to integrate an environmental responsibility in the organization along with integrating security solutions that provide an overall and extensive answer to this problem.
We gathered ten golden rules for proper use of the internet. These rules will assist the surfer, either in an organization or at home, in the war against the many security threats that are abundant on the net:
1. A protective shell must be created and maintained - use an anti-virus program and update it as frequently as the program will enable, even once in every 15 minutes. Download security updates and use them;
2. Operate an IPS system for identifying, warning and blocking attacks identified as coming from within and from outside the organization's network. An effective IPS system is one that identifies signatures in the content of the transferred data, and updates itself frequently and automatically from the internet;
3. Do not be tempted to open an e-mail message from an unidentified source or one that seem suspicious, and do not be tempted to give personal information and passwords to parties that contact you via the e-mail even if the source seems reliable;
4. Create sophisticated and complex passwords and change them frequently. Where it is relevant (the Active Directory environment, the ERP system, etc.) you must enforce password strictness policies, which prevent the users from changing their password to an easy one such as "123456";
5. It is highly recommended to use a broadband management system and define it so that virus attacks, defected and "wild" applications do not block the access to the internet and to the organization's private phone system;
6. It is feasible to prevent human error - it is possible to re-define the sites that certain computers have access to, especially those from which the surfers type-in personal or financial information into the network;
7. You must be careful and avoid installing CDs sent to you from parties outside the company and that are not familiar to you - in most cases it might be a sophisticated spying software program;
8. You should avoid freely installing the browser programs and their additions. Most of these programs transmit data from the users' computers out to the developers of these programs. Tool bars, screensaver programs, screen additions - all may transmit out data on the users' habits of using the computer and the internet, and most of them even put the stability of the computer at risk;
9. Do not trust sites that do not carry a valid certificate. When entering each secured site in which you need to execute financial activities or update your personal information, pay attention to the certificate the website uses - it should have a small lock icon on the bottom right hand side. Phony sites will use an unauthentic certificate that will cause the following warning message: "Security Warning", as you enter the site. Be aware, by clicking twice on the lock icon it is possible to find out to which the party the certificate was issued and its validity;
10. Do not allow an anonymous entrance (from any address) to the server that is located on the inner network and that contains sensitive data such as network passwords, the mail database, the data system or ERP. Such an access should be given only to permanent and familiar addresses. It is highly recommended that the transfer protocol be coded, that the access is done through the server located on the DMZ, and that runs a Locked Down application, such as the VPN and the HTTPS Reverse Proxy. In addition, no anonymous access out should be opened (to any address) in the direct ports. Surfing should be transferred through a proxy server. E-mail should be transferred through Mail Relay. Other protocols should be transferred through mediate applications designed for this purpose.