(405) 919-9901

by Dave Moore, CISSP

11/07/2021

When I presented my class on September 29 at the Norman Public Library Central location called “Fight the Internet Bad Guys and Win!” we discussed building an Internet safety “onion.”

Why would I teach about onions when what people really want to know are things like stopping computer viruses, safe online banking and hacker-proofing your life? The onion is an analogy I use because effective Internet safety is built like an onion, layer by layer. There is no single thing that you can do to make your Internet life safe. We need layers. We build security onions.

The idea is that, if the Internet bad guys somehow come across you and your Internet presence, and succeed in peeling a layer off your Internet safety onion, they are immediately confronted with another layer to deal with. If they get past that layer, they are confronted with yet another layer, and so on. If you have enough good layers in place, the bad guys will eventually go away in search of easier, less-secure prey.

The onion I present has, at its core, the built-in protections that computing systems provide, such as a firewall (Layer 1), and the ability to update your operating system, such as Microsoft Windows, Apple OS X, or whatever operating system powers your phone (Layer 2). Many programs you use on your system, such as word processors, accounting software and Internet utilities like browsers, need important updates, too (Layer 3).

On top of the inner layers should be things like antivirus (AKA, “antimalware”) programs. In the old days (like, eight or nine years ago), I would use one program for antivirus protection, a different program to battle spyware, and yet a different program to deal with adware. These days, we use antimalware (MALicious softWARE) programs that cover all the bases. In class, we look at the best ones to use.

The next layers of your Internet safety onion deal more with behavior, rather than programs you’ll install. One critical behavior layer is the use of strong passcodes. The word “password” is a bit misleading in and of itself. I prefer “passcode” or “passphrase” because the passwords we use to access our email, bank and online shopping accounts should never, ever, never in a million years be straight-up “words.”

Most online accounts that end up being hacked become that way because people use crummy, weak passwords. The bad guys can hack “passWORDS” so fast it’s not even a little bit funny. You need to know how they do it, and how you can invent easy-to-use passphrases that will keep the bad guys at bay.

Other layers of your Internet safety onion should include things like secure email practices, safe browsers, recognizing scam messages, avoiding bogus websites, secure file deletion, safe wireless networking and avoiding phony “fix-em-up” programs.

With some safety knowledge and common sense, eventually your Internet safety onion will be so smelly the bad guys won’t be able to stand being around you.

Dave Moore, CISSP, has been fixing computers in Oklahoma since 1984. Founder of the non-profit Internet Safety Group Ltd., he also teaches Internet safety community training workshops. He can be reached at 405-919-9901 or www.internetsafetygroup.org