A site devoted to discussing techniques that promote quality and ethical practices in software development.

Thursday, April 23, 2009

Always be vigilant about security even at places you feel comfortable - the office

The recent article on WSJ only brings home the truth that you must always be vigilant with online security, particularly on a terminal that's not yours and that your privacy is taken at lip service.

Any USB drive or your own materials that reside on company's machine must be protected using suitable encrypting device, such as TrueCrypt. If you suspect keyloggers are planted, use keyfiles with your TrueCrypt volume designed to foil keyloggers from capturing your password.

Any passwords that you need to submit to a site must be managed securely, using tool such as Password Safe, and never allow that to be cached on that machine. If it is convenient to you, it is also convenient to your attacker, who could be your supervisor, as confirmed in the WSJ article. It is important to use this kind of tool that avoids exposing the password to preying eyes.

Always use strong password and if you use things like Password Safe, you should always use the generated password by this tool.

E-Mail communication through the company's channel must be suitably protected. You can use Password Safe's command-line operations:
  pwsafe -e filename
To encrypt the file and
  pwsafe -d filename
To decrypt the file. It is advisable to perform these operations on a TrueCrypt volume to avoid residues being picked up.

A better option is to use the field and time tested free PGP, commercial version or GNU PGP.

Trust no one, no matter how warm the smile appears to be, and treat all environment as hostile are the best advice.

No comments:

Blog Archive