Bits & Bytes: Common insecurities may surprise you
March 30, 2011
Park your car on the side of the road and leave a pile of money on the passenger seat, making sure that it's easily visible to everyone passing by. Would you be astonished if a criminal took the opportunity to steal from your car? Now, you can generally avoid the risk by doing something no more sophisticated than storing the money out of sight, maybe in your glove compartment. How can this be applied to your digital information? It is a matter of understanding what makes your information, such as bank and credit card details, easily visible to those wishing to capitalize on crimes of opportunity and how to keep your information out of sight.
What you might find surprising is how easy it is to keep private information private; it is generally no more difficult than hiding something in your glove compartment. One of the more common ways your information becomes visible is via "clear" network communication. This refers to the sending of information across the Internet or other network that can be easily intercepted by a third party in much the same way as hearing another party's conversation in a crowded room. This can be caused by including sensitive information in a fax, e-mail or sending information across a wireless a network.
Faxing, at one time, was considered an acceptably secure form of communication as it involved sending information directly from you to your desired recipient. In 2011, that has changed a bit. Many organizations and individuals use some type of "e-fax" service and many individuals and organizations may use such a service without even realizing it. An e-fax service refers to a service that provides fax capability, however the Internet is used to send the fax instead of a dedicated phone line. The recipient and sender don't feel that the Internet is being used. Sending and receiving an e-fax can be done the same way as sending/receiving a conventional fax. Companies may establish e-fax service as it can reduce cost by more than half and offers other nice features. For most tasks e-faxing can be desirable, however, if you are sending a fax that contains sensitive private information to someone using an e-fax service, that information would be available to anyone on the Internet.
In addition, even companies without e-fax service, may e-mail your fax after receiving it, thus making your information visible across the Internet. As the effects of the security issues surrounding e-fax use is still not fully understood by every organization and, as some employees of organizations may be unaware of their e-fax use, it is recommended in 2011 to avoid including any sensitive information in a fax unless you can verify that at both ends there is no e-fax use or intra-company e-mailing of your information.
We also found that some companies (even very large ones) are suggesting that their customers e-mail information and, that by including that information in a PDF attachment, it is secure. It is important to understand that information contained in an e-mail attachment is as insecure as the rest of the e-mail. There is a feature available that allows everyone to easily send and receive encrypted e-mail. Using this method, information can safely be sent across the Internet with no practical chance of a third party interpreting your information.
Aside from the Internet, your information can be obtained wirelessly. Using cheap high gain antennas, criminals, can easily scan an entire area for insecure wireless networks. One confusing thing about securing a wireless network is that it is possible to establish a wireless password without securing a network. If you have a single wireless password for your network that you use for any of your computers, then you are using an older system called PSK which is only password protected, but not secure. Think of PSK as having a sensitive conversation behind a shoji door; someone on the other side couldn't see you, but they could easily hear everything you are saying. If you really wanted to keep that conversation private you would go behind a thick solid door; in the wireless world this is called EAP. EAP offers complete wireless security to ensure your information cannot be "heard" by others.
Interconnected networks such as the Internet were created to enable easy mass sharing of information and help accelerate the progression of society. By taking simple precautions you can use these great resources while still keeping all of your information private; this is truly a no compromise solution.
(Bits & Bytes is a computer troubleshooting advice column provided by Zebis, a single point of contact managed service provider located on Sanibel serving clients worldwide.)