Personal Digital Assessment

I had not been planning on writing about this just yet but a recent incident has brought it up. Lets talk briefly about your digital life. These days, computers and smartphones keep us so connected. Beyond that, the other network enabled devices at home that we don’t ever think about like your DVR, alarm system, media streaming device or SmartTV. We forget how connected everything is and become complacent.

There are a few good practices to go through on a monthly basis to ensure that there are no known security holes. I have an actual form that I fill out around my house to track my maintenance. That might be a little OCD but I find that it helps when I notice something unusual and go back to reference my previous months forms and notes to compare. The basic idea is that you should be rolling through all of your accounts and devices and checking for unusual activity, failed logon attempts, outdated software or firmware, good backups, recently changed and secure password (convenience vs security comes up), new or reoccurring technical issues, AV updates,  and a few others. Lets take a look at the list and why they are important.

  1. Backups
    1. I backup everything. I have two on-premise NAS (network attached storage) devices that have several terabytes of storage in a redundant disk setup (RAID). Both are fully encrypted and stored in secured locations in my home. I use one for data storage while the other is exclusively backups. I have a set backup schedule that will alert me of any failures or warnings. In addition (this is likely overkill), my backups get uploaded to an offsite location via encrypted VPN tunnel. Great setup but some times the system doesn’t work the way it is supposed to. That is where the backup check comes in play. Monthly, I will review the backup  schedule and history to ensure that backups have been running, completing, and uploading offsite. I also will mount a few of the backups and perform test restores to ensure that some critical files are being saved correctly, with out corruption. If you have never been through the pain of needing a critical file from backup only to find out your backups are no good, I envy you.
    2. What gets documented:
      1. Description of backup system
      2. Date and time of last completed backup
      3. Are backups completing as expected?
      4. Any issues noted for local or offsite backups?
        1. Resolution?
      5. Location of test restores
      6. Free space on local and remote backup storage
  2. Passwords
    1. I have a knack for remembering passwords but not everyone does. This step will likely cause serious inconvenience for a lot of people. I change my passwords as often as every 30 days. I have a schedule made up with 30 and 90 day password cycles. For my more critical passwords for my important accounts or data, they get changed every 30 days. For my less important or laughably important data, I change them every 90 days. Even for the unimportant, keep them changing. It only takes 1 compromised account on a device to let someone in and allow them to search for data or further vulnerabilities. Additionally, keep the passwords secure. Password1 or 1234 are not good passwords. Uppercase and lower case, numbers, symbols, and password length should be considered. It is widely said that using a password such as 2n3F@!83ngud98gn#NBKH><ib! will be secure and that is correct. But damn if I could remember THAT. Instead, understand that using easy to remember phrases that combine uppercase, lowercase, numbers, symbols is just as secure. Lets say that you really like unicorns, the color orange, the year 1776, and Benjamin Franklin. Like, a lot. Try a password like “BenFranklinRodeanORANGEunicorn1776!”. The amount of computer processing needed to crack that password is greater than a shorter password of random letters and numbers, something called password entropy.password_strength Which is easier to remember? Also, avoid birthdays, family names, addresses, or other well known items. Stick to random, but not so random you can’t remember.
    2. The list of passwords to change should include the usuals like email, social media, etc. but also extend to your equipment like home modem/router, wireless, streaming media device, networked storage or other networking equipment, etc. Don’t forget anything! Remember, if it connects to the network, it is a potential point of attack.
    3. What gets documented
      1. Which passwords were changed and when
  3. Software/Firmware
    1. Each month, I check every bit of installed software on my computers, servers, and mobile devices for updates and patches. These are commonly released for performance improvements, bug fixes, and fixing security vulnerabilities. This is to include definition updates to any anti-virus software or web filtering software in use. Beyond that, firmware needs to be checked for updates. This gets more annoying and I only do this every 90 days. Firmware, for those that don’t know, is the underlying programming that runs hardware. For example, your wireless router probably doesn’t get routine software updates, but from time to time, the firmware that controls the processor, memory, radios, etc will get an update. This is usually in the form a link on the vendors site that you must go look for.
    2. What gets documented
      1. What was checked for updates?
      2. What was actually updated?
      3. Previous and new version numbers
      4. Source of update
  4. Reviewing Logs
    1. Pretty much every device has some sort of log. The big ones to monitor are computers, servers, phones (if you can gain access to them), and networking equipment.
    2. Computers and Servers
      1. I typically review the logs for software and applications to ensure that I don’t have any weird problems or broken software. This includes looking for failed updates, failed virus scans, etc. Additionally, I review the system logs for deeper issues with the operating system as a whole. Next, I review any access logs that record successful and failed logon attempts. Just this morning, I located repeated failed attempts to connect to one of my servers. auditWell that IP address is in Germany. The logs further indicate that from many different IP addresses, a whole list of usernames is being tested. Why I have open access shouldn’t bother  you. I don’t really. I run what is called a honeypot that looks like an open and insecure network to assist an unnamed security firm gather attack and threat data. I know it is an insecure network but I monitor it anyway. My personal production network has almost no access from the outside. The little external access is heavily restricted, authenticated, and encrypted. It should be noted that this honeypot network runs on a 100% physically and logically separated network. Nothing interconnects at any point until you track back to the large backbone that the 2 internet providers share.
      2. For network equipment, I look for similar things. Unusual bandwidth usage and access attempts, both successful and failed. If someone was in fact able to break a password, I want to know about it so I can change it. In the image below, we can see the log events describing IPS Detection Alert (Intrusion Prevention).logI like to know about these and keep an eye on them. More often than not, it is just a bot doing a port scan and nothing to worry about. When you see repeated access attempts though, you need to take action.
      3. What gets documented
        1. Any issues found
        2. Any resolutions
        3. If failed logon attempts
          1. From where?
          2. What username?
          3. Date & Time
          4. Were they successful?
          5. Were they blocked?
  5. User Access
    1. I like to go through my devices and make sure that no users have administrative access, other than the ones I intend. Mrs. Townsend, when we were first dating, would get upset with me that I would not give her an admin user on my computer. It annoyed her that if she wanted to install something, it asked for the admin password. The risk is that if you don’t know what you are doing (or even if you do and just aren’t paying attention) other software or vulnerable software can slip in past your AV product with an install. If you don’t have any admin users other than ones your trust, it lessens the risk.
    2. What gets documented
      1. Any unexpected admin users?
      2. Who added them?
      3. When were they added?
      4. Why were they added?
      5. Were they removed?
  6. Expiration Dates &Warranty
    1. I go through and check for any upcoming expiration dates on AV products, security tools, content filtering, etc. I also check hardware warranties as well. Nothing like finding yourself with a broken device that is no longer covered under a warranty, especially if it is mission critical. Keep up with your subscriptions and warranties and renew them when they come up. Helps keep you secure and reliable.
    2. What gets docuemnted
      1. What was up for renewal?
      2. Was it renewed?
      3. When does it next expire?
  7. Misc. Hardware
    1. I like to give everything a once over to make sure there are no warning lights or grinding noises. Those usually indicate a Not Good situation. Amber warning lights usually turn to red lights or grinding noises. Fix it before it fails.
    2. I also like to check my backup batteries and make sure they will hold a charge and are still in good shape. What good is the alarm system if the power goes out and takes the alarm with it?
    3. What gets documented
      1. Any issues found
      2. Any resolutions including new hardware ordered
  8. Issue Tracking
    1. I note down any issues I found and what I did to resolve them. This helps me track issues as well as solutions to locate any patterns that might be indicative of a larger underlying hardware or network problem or of some type of hacking attempt.

I take all of this information and populate a pre-built form that gets filed away. Once a quarter, I review the year-to-date forms for patterns or larger issues and proceed as needed. The monthly reviews take me an hour or less while the quarterly reviews take all of 15 minutes. Save yourself the headache or lost data, broken equipment, or a security breach and operation compromise and be proactive.

 

 

Advertisements

2 Comments

Add yours →

  1. Reblogged this on The Survival Library and commented:
    Very good post on securing your electronic life.

    Like

  2. Very thorough post on keeping your digital life safe and secure. I’ve seen businesses that are not as well organized as you are.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: