New technologies make it easier for all of us to get our work done online, communicate with others, and take advantage of all the internet-based entertainment that's available today. But many of those same technologies have also made it easier for cybercriminals to do their dirty deeds.
Below are the top 10 online technologies that cybercriminals love to exploit and, where applicable, how users can protect themselves, both at home and at work, when using those technologies.
1. Broadband connectivity
Broadband has many advantages for users, including high speed at a relatively low cost and the 'always-on' nature that eliminates the need to log onto the ISP each time you want to access internet resources.
However, those same characteristics also make it the perfect technology for exploitation by hackers and attackers. Having your computer connected to the net 24/7 means cybercriminals have a much greater window of opportunity to gain access and steal your data, crash your computer or otherwise do harm.
The high speed of new access technologies means a 'drive-by download' can put even a large malicious file on your machine in just seconds.
2. Wi-Fi networking
Another technology that has become incredibly popular is Wi-Fi, or 802.11 wireless networking. With increasing frequency, both home and business networks are connected by wireless technologies instead of Ethernet cables, and Wi-Fi hotspots are proliferating in public places, such as coffee shops, airports, hotels and city parks.
Wi-Fi is convenient because you can move around and stay connected, but it also makes it more convenient for a criminal to get onto your network and into your system without your even knowing, since anyone with a wireless-enabled laptop within range can intercept the signals.
Unlike their older counterparts, new wireless access devices use encryption by default, but you need to check and ensure that yours uses the more secure encryption, such as WPA/WPA2/802.11i, rather than WEP, which is easy to crack.
You should also use strong encryption for the applications you run over a wireless network (for example, SSH and TLS/HTTPS). You can use a VPN (virtual private network) or IPsec to encrypt traffic travelling over a wireless LAN, and you should create a separate network segment for your wireless communications if you also have a wired LAN.
More information about Wi-Fi security is available on the Wardrive.net site.
3. Removable media
Floppy drives have been almost entirely replaced by CD/DVD readers/writers, flash card readers and USB drives but, whatever the form, cybercriminals love removable media. If they can get physical access to a computer, they can quickly and easily copy files and remove them, often leaving no-one the wiser. Removable media also pose a security risk because it's easy to lose discs, thumb drives, flash cards and the like.
You can use Group Policy in Vista or edit the registry in XP to disable use of USB devices. You can also get third-party software that will block the use of any I/O devices through USB and IEEE 1394 ports or using BlueTooth wireless connections. An example is Lumension Security's Sanctuary Device Control.
If you're concerned about removable drives or cards being lost or stolen and the data on them accessed, you can encrypt the data on flash cards, CDs and DVDs so that you can still work with them on different computers but a thief cannot. Dekart, for example, offers products enabling this.
4. The web
The web is hardly a new technology now, but it's still a favourite of cybercriminals because almost everyone who connects to the internet uses a web browser.
Back when the web was text-based, browsing was a pretty safe activity, but today's web pages are expected to do much more, and many of them run programs — such as JavaScripts and ActiveX controls — aimed at giving users a much richer multimedia experience. The problem is that attackers can use these browser capabilities to run their own malicious programs on your computer.
Don't be fooled into thinking that because you use a particular browser, you're safe. All popular browsers have vulnerabilities that can be exploited. The browser's settings are more important. If you disable JavaScript and ActiveX for most sites…
Talkback
I really don't see the point of this article. All your bullet points are valid according to the title, but this topic has been talked about time and time again. Everything you state should be intuitive even for the non-techie. It would be much more interesting to read something about the platforms and/or programs cybercriminals actually use and how they cover their tracks. I would also like to read more about the mindset of how cybercriminals think about what they are doing even if it is only hypothetical. All in all it was a good article, just too generic for my taste