Digital Hygiene: A Network Grows Up

Berglund Authority Level 3

by Charles Boulet <chuknorth@hotmail.com>
about

Thanks to Phill Galloway for his thoughts on IIAM. Links verified May 15, 2007.

Note: If you have followed this series, you might be disappointed with this article. Contrary to what was promised, I will not be writing a full article covering the remaining two topics — Document Management, and (Internet) Identification Authentication and Management. This last installment of Digital Hygiene serves to highlight key points from these 'missing' articles and provide a general summary of key points made in the series.

To close the series, I'll review some real solutions to protect ourselves and our contacts. Then, I'll raise the hackles of some readers by advocating for new freedoms and new controls on the Internet.

To ignore threats and become slothful in management of hardware, software, and personal data is to invite the infernal duo of headaches and tech charges. Time that you don't lose to errors and catastrophes is as good as time gained. In practicing good digital hygiene, you save time and money for yourself and for those who depend on or use your data.

When you neglect good practices, the worst case scenario is not that you lose all of your data and have to buy a new computer. Rather, poor behavior on your part can cause or lead to data loss and network accessibility problems for potentially millions of individuals and businesses. You can easily visualize the reverse scenario where someone else's carelessness contributes to a network slowdown that means you can't sell your stock right when you need to best optimize the transaction. Or, worse, you lose money on the deal. Simply opening dirty email from a trusted source can cause you trouble you might only detect years down the road.

Other stories arise, more infrequently, of honest mistakes where people are hurt and lives are forever changed. Such is the case where, for simple lack of software or sober second thought, you divulge enough personal information to a spoof site that you lose control of your identity and financial resources.

Note: Remember, if you are at risk, those with whom you exchange data share that risk.

These are stories of doom and gloom. They're true and they happen all the time. Most problems I've dealt with have been simple, costly mistakes on the part of the operator. Many of these are due to a lack of knowledge or proper training, while others are avoidable, tragically stupid errors or those resulting from operator laziness.

Protect yourself and you protect everyone. Most people have no stake in your data and would not be affected one way or the other if you lost data or your computer crashed. In the end, how you secure your data is less important than how you control access to it.

Simple and inexpensive solutions to security were presented in this series. In summary, here are some key points:

  1. Security Tools — If you use Windows, ensure your security settings are sound and that the firewall feature and all automatic updates are enabled. If you like, you can (and likely should) buy a third party solution like TrendMicro or McAfee or one of the many other products available commercially. Do a search for 'internet security software download' or go to www.tucows.com to find dozens of solutions. Stick with products that I've mentioned, or others you've heard about. Download the TrendMicro Internet Security 2007 trial here, if you like. Install it, configure it, and if you like it, buy a 3-year subscription.
  2. Keep your eyes open. Don't let your guard down. Avoid opening files of unknown origin or purpose. Set your security software to automatically scan everything going in and out of your computer as well as everything stored on your hard drives. Don't give information away to those who ask for it, unless you were expecting the request, such as in an online purchase. Except for very rare situations, even in the worst case, you will only have yourself to blame.
  3. Hardware Management — Hardware will fail, it's simply a matter of time. Direct your thinking to prevention of problems and protection of data. Separate your data from your program files using different drives. Backup your data and keep a copy off site if you can, but NEVER leave drives or data in your car. Spend the money on a good quality power-conditioning power strip and consider going the next step and installing an uninterruptible power supply (UPS). Keep your computer clean and your work area dust-free.

I now use a Mac as a portable platform along with a Palm T|X. They both talk to my Blackberry phone via Bluetooth and they all use SD cards. None of these three have any sort of real threat against them respectively, just because they are hard targets and in limited overall use compared to the more than one billion Windows users on the planet. Furthermore, the three disparate devices and operating platforms make it even harder to transfer problems from one to the others. Bluetooth is enabled only when I need it, then it is turned off. Likewise for wi-fi — if I don't find a wi-fi port at some public location, I will disable my own wireless just to shut the door on prowlers and sneaks. My home network consists of three hard-wired Windows XP Pro workstations with a wi-fi port and a Roku Labs SoundBridge to send music over to my home entertainment unit. Trend Micro Internet Security 2007 is installed on all three workstations and the firewall is configured and active. My Mac doesn't require any virus protection and has a firewall built-in. It never gets sick.

Notes on Document Management: In less than an hour, you can learn all you need to know to be a master file manager. Unless you understand the reasons why you should manage your files efficiently, knowing how to do so if of little value. You should adopt a proactive stance in creating and collecting data. Avoid the temptation to simply dump it all in an endless collection of 'NewFolders' scattered across multiple drives, disks and removable cards.

Be active and thoughtful in how you approach file management and creation:

  1. When creating new documents, the FIRST thing you should do is decide in which folder the document is to be saved. Then, you should go to that folder and create the file, name it, then open it to edit. In other words, any document you create should be saved BEFORE you even write any content to it. This is especially easy in Windows since you can right-click on a folder and select New>Document from the pop up menu. Sadly, Apple hasn't figured out the beautiful simplicity of this yet.
  2. Be deliberate about where you store your data. Establish a hierarchy and stick to it. Avoid being overly specific with your classification.
  3. Use a 'project' paradigm when collecting documents. You might, for example, have a business proposal to produce. Create one folder called 'ProposalName', and then put all supporting documents within ProposalName. Feel free to include subfolders in ProposalName, and ensure to include a 'Final' folder to contain your final drafts.
  4. Don't expose a whole folder as a share because you need to share just one file. Create a public share instead, and ensure that there are no other shares available that you haven't specified. COPY your shared docs to this folder. As a general rule, keep your open shares to the bare minimum.
  5. Keep your active data (files you change such as word processing, databases, spreadsheets, photographs that you edit, etc.) in one directory and create all your subfolders under this one directory. Most recent operating systems use a 'My Documents' or 'Documents' folder for each user account that serves this purpose. Having all files in one directory makes backing up your data simple.
  6. Keep your static data (files that don't change, like music files, movies, photos) in a separate folder, even on a separate drive if you can. Generally, this data can be replaced and does not usually require the same attention to security as the data you create.
  7. Create a folder in your main documents folder called Desktop. Make a shortcut/alias to this folder and put the shortcut on your desktop. Rather than storing multiple files right on your desktop, store them in the Desktop folder. Again, this simplifies data backups and also serves to keep your desktop clutter-free.

IIAM - Internet Identity Authentication and Management.

Inasmuch as we can take actions individually and bring about a safer networking environment for all, we can and should also strive to adopt a new global standard for conduct on the Internet to protect the rights of individuals. IIAM is a set of simple rules of conduct that will ensure a permanent guarantee of freedom and safety on the Internet. The point of presenting IIAM here in short form is that readers should discuss the concept as a global issue, then consider the specifics in order to lobby for IIAM-like legislation in their states, provinces, and nations.

The overall health of the online environment is poor. Otherwise stated, while the Internet has large paws, floppy ears and it licks your face, it also micturates on the carpet, chews your shoes, and doesn't always do what you tell it. The Internet gestalt, taken as the pervasive global sea of life that it is, is evolving and will continue to evolve very much in an organic fashion, following a path parallel to human phylogeny and ontogeny. The impetus for the evolution is in the desire for interpersonal and social connectivity, entertainment, education, and commerce. The possible outcomes of the evolution seem hard to define, but my sense is that we've only seen the tip of the tip of the iceberg of what will be possible. Even ten years will bring massive changes worldwide in accessibility and tools.

Implementing standard rules to govern basic conduct online is equivalent to taming the Wild West. Or, following in the big paws analogy, the puppy has to grow up and learn to heel. Part of what is needed to ensure a well-behaved, useful, safe Internet is control. Paradoxically, basic controls will yield the greatest possible freedom for individuals by ensuring safety, security, and privacy. You are strongly encouraged to become active in seeking laws similar to what is presented in the IIAM section below.

In its current state, the Internet is as an unruly child whose parents are unwilling to intervene. For the most part, you can trust that your interactions on the 'Net are safe and your e-purchases are safe. However, given rampant identity theft, predation including among others child pornography and human trafficking, fraud and vandalism, it is not unreasonable to establish some ground rules for behavior. If the environment is unsafe or too unpredictable, freedoms become restricted.

Given the wide abuses and lack of accountability of an anonymous Internet, governments must enact federal laws requiring compliance with essential operating standards for all users. If you use the Internet, especially with your own computer, you are already personally and financially motivated to use it responsibly according to principles of good digital hygiene. This includes managing and maintaining at a minimum your data's security and your identity. IIAM is simply the framework from which springs our basic sense of security and guarantees our freedoms. Note that there is nothing in IIAM that prescribes nor proscribes behavior; nations and their populations remain in control of laws, social mores and personal rectitude. The goal of IIAM is to provide clear definitions and reliable paths to users so that fraud and other predatory behavior become easy to track and control.

IIAM — Internet Identity Authentication and Management

  1. Of greatest importance are freedom of access, freedom of expression, and the safety of users.
  2. The role of government:
    1. Each nation is compelled to provide a safe public network, accessible to all people.
    2. Each nation is compelled to ensure that its online population has at least a core understanding in operating and maintaining a healthy computing environment.
    4. Individuals may provide private networks for personal, private, and commercial purposes. Governments shall control licensing, access, and set standards for security.
    5. All individuals must be ensured free (unobstructed) and public access to the Public Internet in the same way as they have free access to roadways in their communities. It is expected that individuals will contribute either time, talent, or money (possibly through taxation) for use of the Public Internet.
    6. Governments shall establish minimum standards for firewall and antivirus protection for individuals including making available free or reduced rate software for all licensed users.
  3. Networking and security protocols shall follow open standards and use biometric technology to identify users.
  4. No biometric data shall be stored in any shared database.
  5. All individuals must authenticate in order to maintain a session online. Duplicate and simultaneous identities (where the same identity is in multiple use) are not allowed, though multiple identities may well be represented on the same computer at one time.
  6. Authentication shall only be used to identify the user for a particular session. In the event of police investigation or technical trouble-shooting, the identity of the user can be determined. Investigations into the online behavior of any individual or corporate entity require legal justification.
  7. Nations shall establish the age of majority for access to adult content and services. Underage identities shall not be permitted in adult content and service areas.
  8. Identity shall never be used to control or influence conduct of the individual and no permanent databases of personal use shall be kept.
  9. The owner retains full rights over who uses the identity, how it is used and for how long. Terms for use of identity information on any site must be clearly stated in plain brief language.
  10. The Internet remains anonymous except for basic information relating to age, and in some cases restrictions to access due to criminal convictions.
    1. Otherwise stated, the individual will use a biometric device to first gain access to the Internet, at which point an access token is generated. The token is referenced to block access to adult areas for underage users in addition to identifying users who use the Internet to commit crimes. Under the terms of IIAM, user activity cannot be tracked in real time and can only be investigated in order to determine culpability or to prevent a crime, such as with groups planning terror attacks or distributing and producing child pornography.
  11. Fully anonymous public networking will not be permitted. Anonymous services will be available in the case of commercial or research applications. In these cases, the service provider must track all users entering and leaving service areas and remains responsible to report any online conduct that is legally questionable or risk having their license revoked.
    1. Adult guardians must approve access for their children to anonymous services by joining their identity to that of the child's. In these cases, the adult not only approves of the child's access, but also accepts responsibility for the child's behavior.

To conclude, in the first article of this series, Digital Health was defined as

  • Technical and behavioral soundness in computing habits and platform;
  • Freedom from disease or abnormal functioning;
  • A condition of optimal technical and behavioral functioning and synergy.

The first point refers to the general state of your computing environment — is your computer and network doing what you need it to. The second point refers to the need to keep our computers free of viruses and malware, to use only compatible software, and to ensure that hardware failures do not adversely affect data or system performance. The Digital Hygiene series has provided some means of ensuring and maintaining good computing health, in addition to preferred practices in securing data. The synergy in the third point refers to both the manner in which the user uses the tools at hand, and the way the user leverages the tools to interact with others. The ultimate state of computing health is when all technical elements are sound and the user is able to work optimally with their computing environment.

To further extend the principles of Digital Health, we can add that the individual's state of good health is inexorably and inextricably linked to that of the general community. There are some areas of relative independent protection over and above the group, such as life behind a firewall and good data management, but everyone starts out by default at a level of high risk and threat levels. For all intents and purposes, the health of the community equates to the relative health of the individuals within the group. We are, therefore, jointly and individually responsible for the health of the community. The IIAM paradigm allows us to greatly enhance group protection by taking a minimum actions as individuals.

I hope you have enjoyed this series and welcome your comments. Write to me at chuknorth@hotmail.com.