April 2012 archive

I’m not really sure where this post will end up going but it’s something that needs to come up a lot more.  How secure is our information?  Is information safer in the digital realm or the physical realm?

With the growth of cloud storage products, large amounts of information that should be kept extremely secure is being sent all over the world through data networks.  I use online banking, store credit card numbers online, store passwords online and locally on the computer.  In reality, the information is only as secure as the weakest password that needs to be cracked to access the information.  I put a lot of faith that in the hope that I can prevent security breaches.  The harsh truth is that even if I do the best to ensure security on my end there is still the possibility that security on the server end could be compromised.

When it comes to the physical world I have that same faith that I can keep things secure.  I have locks on my doors but that doesn’t protect everything.  It’s still possible to break a window and get in.

I think what it comes down to is using common sense and hoping for good luck.  I know that I’m not the most careful person with my information, I hope I don’t regret my choice.

From time to time I still pick up a freelance computer repair job.  I took a job fixing a MacBook Pro that turned into a multi-day endeavor.  It turned out the hard drive was failing (in my opinion).  The bigger problem I found was that a Mac OS X install DVD will not necessarily work on any Mac.  The OS X DVD came from another Mac user and was even for the same model (13″ MacBook Pro) and stock OS (10.6 Snow Leopard).  In my opinion the DVD should be able to install Snow Leopard on any Mac capable of running it.  It’s impractical to assume that people will hang on to their install media at all times.

I see this as Apple’s method to make sure people are stuck bringing their computers into the Apple store for repairs.

Malicious hackers have made computer security breaches a constant concern.  Groups like Anonymous have shown that even some of the most secure networks in the world are vulnerable to attack.  When I bought the domain it occurred to me that there is always the possibility that someone could break into my website.  To keep costs low for the site I picked a host that uses shared hosting.  There is nothing I can do to improve the security of the server itself.  The only action I can take is to make sure that my password for cPanel is secure.  My hosting provider was hacked some time ago before I was a customer and I can only hope they’ve learned their lesson and keep a better eye on security.

To protect the site I set up two cloud based security measures.  The first tool is CodeGuard.com.  CodeGuard backs up my site daily using delta backups to minimize storage consumption.  This protects the content of the site if my server is hacked or taken offline.  The second tool I’m using is CloudFlare.com.  CloudFlare is a content delivery network and security service.  CloudFlare is installed by changing the name servers for the site.  This means that all visitor traffic to my site passes through CloudFlare’s security screen first.  All the reviews I read about CloudFlare before I set it up were amazingly positive.  This company has the chance to turn the tide in the internet security war.  The content distribution portion of CloudFlare is an added bonus that speeds up loading times.

The other set of security measures I set up were meant to protect the blog as well as the other modules of the site, forum and photo gallery.  WordPress has made a lot of improvement in the inherent security of the software over the years.  That being said, there is still some vulnerability.  There are two plugins I installed to protect the blog.  First, I installed BulletProof Security (BPS).  BPS modifies the .htaccess files to prevent hackers from accessing certain portions of the site.  It was a little complicated to set up but I have a lot of confidence in the security it provides.  The second plugin I installed was Better WP Security.  This plugin automates backups of the WordPress MySQL database and monitors the files in the WordPress directory for changes.  In addition, the plugin also prevents brute force login attacks on the blog and prevents attackers for scanning through the blog for vulnerabilities.  The last security measure is probably the simplest of all, make sure the software is running the most current version.  WordPress makes updating painless.  phpBB hasn’t needed to be updated yet but I think the process is also automated.  Coppermine photo gallery is the one that is difficult to update but it’s still not too bad.

I put links at the bottom of my homepage to support the companies that have provided the tools to build this site.  Check them out.