Editor’s Note: This is the second in a three-part series. You can read Part 1 here. Look for the final installment on Monday, June 30.
JT Evans, as well as being a writer, is a computer security expert who started programming at the age of seven and has been a Certified Ethical Hacker since 2009. During his June Write Brain talk, he covered three main topics: how writers should take care of their computers, computer security basics for writers, and what the bad guys are doing with computers.
Computer Security Basics for Writers
JT encourages writers to think about computer security as though it were an onion: the best security has lots of layers, so that if one vulnerability is found, the bad guys can only get through one layer.
Hardware. Physical objects, such as a keyboard, a monitor, or a hard drive.
Software. Programs that run on your computer; you can’t touch software (you can only touch the DVD that it comes on, if applicable).
Malware. Malicious software. Some current types:
Virus. Software that alters other software without permission in order to replicate itself as well as other functions. You have to take some action for a virus to act (like opening a file); it can’t spread itself automatically.
Worm. Software that alters other software without permission in order to replicate itself as well as other functions. Worms spread through system vulnerabilities; they can infect your computer and spread automatically.
Trojan. Software that looks harmless but really isn’t; it can deliver a virus onto your system. You have to run the software in order for it to do harm (as in playing a game).
Rootkit. Software that installs unauthorized access onto your computer, right down to the root level.
Botnet. A network of computers that secretly have been infected (often using a rootkit) and now take actions that their owners don’t know about, like sending spam. (JT noted that some spammers get $.03 per spam email they send...using your computer.)
Spyware. Software that breaks into your cookies and steals your personally identifiable information, like passwords, SSN, address, etc.
Adware. Popups these days are usually blocked by your Internet browser. So if you’re seeing popup ads on your computer, it’s likely a virus infection made to look like a browser popup.
Ransomware. Software that, once it gets control of your computer, encrypts all your data and demands money before they (hypothetically) give you the password.
Network. Multiple computers linked together (can be linked in a number of different ways).
Intranet. An isolated network of computers (as in “My company’s intranet”).
internet (small “i”). A network of networks, usually over a wide area. For example, a college might have an intranet connecting their computers together, but they might have internets that connect them regionally or nationally, too.
Internet (big “I”). The network of networks, that spans the globe and includes the World Wide Web, email, Usenet, etc. Use Internet as a proper noun--use it as you would a country’s name (e.g., “Internet security” talks about security on the Internet, much the same way “American security” talks about security in America).
Intrusion Detection System (IDS). A burglar alarm for computers; it monitors unusual activity that gets past the firewall. You must first start an IDS in learning mode to teach the AI what is normal. If you’re attacked during the learning period, then you have to reset the IDS and start over.
Intrusion Protection System (IPS). Like an IDS, it monitors your system for unusual activity that gets past the firewall. However, it can stop the activity as well as provide an alarm; it can send email updates and ban users from your system either temporarily or permanently.
For the average user (e.g., not running a server of some kind), you don’t need either an IDS or IPS; a good personal firewall is just fine.
If you need more information, you can go to JT’s website, jtevans.net.
If you’d like a copy of his handouts, click here.
About the Writer: DeAnna Knippling is a freelance writer, editor, and formatter married to a Network Administrator, and she was still embarrassed about some of her personal security practices after hearing JT's talk. Check out her personal blog at www.DeAnnaKnippling.com or her small press at www.WonderlandPress.com.