Omerta.com

By Paul Neumann

How do you protect your business from the dangers of the digital era? An expert in information security in plain language explains the basic concepts of the threats lurking from modern computer technologies, as well as means of protecting valuable information, and shares useful recommendations based on long-standing experience.

• Language: English
• Publisher: Paul Neumann
• Release date: Dec 14, 2023
• ISBN: 9788381553025

Book preview

Paul Neumann

Omerta.com

Computer Security and Data Protection Manual for BIG BOSSES

© Paul Neumann, 2022

How do you protect your business from the dangers of the digital era? An expert in information security in plain language explains the basic concepts of the threats lurking from modern computer technologies, as well as means of protecting valuable information, and shares useful recommendations based on long-standing experience.

ISBN 978-83-8155-302-5

Created with Ridero smart publishing system

Contents

Omerta.com

Introduction

About the Author

About the Book

Those Magnificent Men in their Magnificent Offices

On IT specialists

Information security and its classification

Unauthorized access

Unauthorized data alteration

Loss of data

Access rights management

Data integrity

Data protection

Access rights

Passwords

How to create a strong password

Password storage

How many passwords are just right?

Password security levels

Your very own office octopus

Short analysis

The brain of the octopus

Every beast shalt have its own door

Say Password

Witness protection

Extra Terrestrials

Save ‘em all!

Uninterruptible Power Supply

Reliability

Back-up

Intrusion prevention

Computer viruses

Trojan horses

Burglary

Firewall

Firewall in a local network

Antibiotics

Epidemiology

Fake letters

Letters of happiness

Self-fertilization

Spam, spam, spam, spam…

Don’t flash, don’t reflect

Spam filtering

Scam

Guarding the mail

Encryption

Steganography

Cryptography

A simple classification of cryptographic methods

Pretty Good Privacy

Size matters

Electronic signature

How to use it

Corporate electronic mail

Dispose of the body

D-Day

File containers

Hidden file containers

Everything under control

Paperless office for the mindless secretaries

Burn after reading

Burn before reading

Biometrics

Spy mania

Digital wallet

Digital banking

Plastic cards

Digital currencies

Few words about traditional banking

What happens in the Internet stays in the Internet

Conclusions

Landmarks

Cover

Introduction

Oh yes, I know – you are the Big Boss. You don’t do the things when you pay others to do them for you. That’s why you don’t wash your car, you don’t shop (unless you need a new car or a new smartphone), you don’t dust your desk, and you don’t empty your garbage bin. But even you know there are things nobody will do for you.

Would you pay others to make love to your wife? Of course, you wouldn’t! Oh yes, I know that this is an intimate affair and you wouldn’t entrust it to the strangers. But why do you think that the security of your own information – any information, whether personal or business – is a less intimate affair?

Alas, my friend, the security of your information – or at least a clear understanding of what it is, and how do you achieve it – that’s YOUR PERSONAL BUSINESS. Of course, it’s no Cosa Nostra, although no Big Boss has any guarantee that their problems one day won’t become his problems, yet it’s certainly Cosa Tua.

Of course, you don’t want to fathom all the technicalities. You think that a Big Boss like you makes money for one and only purpose – to do only Big Business. It has, of course, some logic, but the security of your information is the Big Business. Take my word on that.

As you know, Don Vito Corleone never talked on the phone. He was afraid that his voice might be recorded, and then used to fabricate a number of fakes implicating him in bad things. It was a quite sensible an approach for those times, don’t take me wrong, but in our hi-tech world the old man wouldn’t survive a day. You know better than I that you can’t give up cell-phones, e-mail, computers-shmonputers, iPads-shmaypads, and the whole shebang of other electronic gadgets. We live in the world completely different from that of Don Vito, and his commandments don’t work here.

Another old man – Friedrich Nietzsche – said once what does not destroy me, makes me stronger. The problem with all that damn modern technology is exactly opposite: first it makes us stronger, and then it destroys us. Or at least causes so many problems that it would better destroy us at once…

The situation of a modern Big Boss may be illustrated like this: He takes the seat in a super-fast non-armoured car (let’s say a Formula One bolid for one), and then he starts speeding at a crazy pace along a public highway. Speeding so much that it’s just a matter of time and pure luck, how soon he will encounter a sharp turn, where he will eject himself from the highway, and ram into a lonely pole, or a cow standing on the shoulder. That is why Formula One bolids are not allowed to ride on the public highways.

So, you have two options: either change to some economy class car that won’t fly on the curve whatever you do, or take care of your security while driving a vanity vehicle.

This book is about security measures.

About the Author

My name is Paul Neumann. I am an IT professional, and an expert in IT security. It should not concern you where was I born and where do I live, because I don’t live where I was born anymore; I live in many corners of our planet because my services are in demand in many places.

Why did I write this book, and to whom is it addressed? For the guys like you – the middle and top-level managers, as well as Big Bosses (and you are one of them, aren’t you?) Because there is a multitude of all kinds of books, manuals, and articles written for so-called security experts – there is no need for you to read them, since you will understand at best one term in ten, if not one in a hundred. But that’s not a problem. They were not written for you, and you do not need to understand them.

The problem is elsewhere. The problem is that most of those experts, while reading those materials, understand at best three words in twenty. But they come to you and you entrust to them the most precious thing you have – information security. And that shit is taking care of your information. Not for long, though. Exactly until the first dramatic turn in your life, when someone out there will get an interest in your computer, your e-mail, your iPhone, and your SMS. And that interest won’t come out of sheer curiosity.

I assure you that in my professional life I deal with all kinds of firms, companies, offices, and corporations. And to be exact – with the ways all is organized there. Now I seldom organize information security directly – I have grown up since then. But I’m often invited as an expert to estimate the situation and outline it to the bosses.

And you know what’s the most interesting in all that? In nine cases out of ten those fellows were paying me top bucks just to hear something along the lines: C’mon, mate! Your company is all-right! Everything is OK, have a nice sleep! And when I start to list, point by point, all the horrors I saw in their offices, they make sour faces and say: Paul, buddy, you’re of course an expert and all that, but we think you’re totally wrong. I am wrong? So what the heck do I cash all that dough for? To tell them fairy tales about the perfect order in their offices?

Would you go to a plastic surgeon and pay him for the expensive examination just to hear something like C’mon, mate, you look great? And you would leave his office perfectly happy, taking back to the real world all that’s yours – beer belly, eye bags, cellulite, and the ass as big as two airbags?

Of course, information security, just like the way you look, is your private business. But then what the heck for do you pay money to the experts? What the heck for do you pay that money to me? Sleuths don’t earn their sugar bones for giving their master an excited bark: Woof, woof, all is right, Master! Woof, woof, there’s nothing to look for! There are no villains around, thanks to the canine god! Oh, no. Sleuths follow the trail with their noses down to the earth, without paying attention what lays around, until they find the bastard, catch his ass with their sharp fangs, and bring back to the master.

I am that sleuth. I make no compliments, and I don’t pay attention to what shit should I rake with my hands, but I don’t get my remuneration for nothing. But my conclusions and advices are addressed to you, manager, boss, director, or whatever else you are, Big Man. Because if I have found all that shit, it means you waste your money to pay your security specialists. Because it means that they and IT security are totally incompatible.

Paul.Neumann@protonmail.ch

About the Book

After all, I got bored to repeat the same again and again. Each time I come to some company and spot there all the same breaches in the IT security, I have to do again the same procedure: put the management in front of myself and recite a little lecture. In a discrete, but tough manner. Something along the lines: Guys, if you don’t do something about this, they will grab your balls very, very soon.

When a surgeon sees the symptoms of an unpleasant and dangerous disease, he doesn’t munch the words. Why should I? My goal is to make you understand the problem. You see the breach in the IT security? No?

And that breach does exist!

Of course, in this most ideal of the worlds I’m not alone – an expert in IT security. What is more, I won’t have the guts to pretend that I’m one of the top hundred ones (although privately I hope so, but only hope). Quite a contrary, I will say that there is an army of top-quality IT security professionals for hire.

So, why the heck none of them works for you?!

Do you know?

I do.

Because you think it’s not a big deal. Because even a three-days long, pardon mon Canadien, clap, to you seems a bigger problem than the security of your information. That is why you don’t spend money on professionals, and that’s why you don’t bother to learn a tiny little bit about the crouching dangers, and how you can try to dodge them.

Please note that I don’t write completely avoid, because it’s not real. What is real, that is the increase of the level of security by several magnitudes. But for that you need to know what’s and how’s.

And this book is written exactly to help you to understand whats and hows of the problems of the protection of your own security. So you won’t entrust the most private and infinitely precious you have to a college drop-out, whom you have hired part-time for 400–500 bucks to change cartridges in printers, explain accountants where to locate any key on their keyboards, pinch your secretary’s ass (that’s not a part of his job contract, but he will do it anyway), demand money for system upgrade (his own home system that is), as well as take care of the system security. Among others.

Because this is how you have defined his job duties, right? Take care of all those computer thingies. Oh, yes – and security too, by the way… So why have you not assigned all that burden just on the cleaning lady? The result would be pretty much the same. If not better.

So have in mind, my Big and Very Important Friend, that once you read this book, your life won’t be the same as before. You will become paranoid. Everywhere you go, you will sniff for hackers, and phishers, and carders, oh my! You will suddenly realise, how shaky are the foundations of your fate.

But I don’t want to make you paranoid. Quite a contrary, I want to put you in control of your own happiness. So you will be able to solidify and reinforce those foundations. And so you will always understand what the heck is going on.

Those Magnificent Men in their Magnificent Offices

Before I will start the difficult process of making the revolution in your mind, let us talk a little bit about all those magnificent, and simultaneously horror-striking scenes that open before me, each time I show up in an office, whose security I’m supposed to audit as an IT expert. Or the sleuth, if you wish.

And so, a Big Guy calls me and invites to his office for an audit and expert opinion. He has heard about me from his friends, and the friends of the friends, who have recommended me. What is interesting, he is not concerned (yet!) with the problems of security, but he knows that many of his Big Bossy Friends outsourced an IT expert – some Paul, who, like Nero Wolfe, solves the problems – and he too wants to outsource an expert. Outsourcing – that’s cool!

Maybe, thinks the Big Guy, this sexpert will find some little hole in my business, enough to summon my little bosses and give ‘em little hell in front of him.

Or maybe, the Big Boss continues to think, "this sleuth Paul will put his long sleuthy nose in all the dusted corners of my computers in vain, and eventually he’ll have to admit that he had sniffed nothing – no smell of fake receipts, no fine aroma of counterfeit seals, not even the awful stench of horrible gaps in the folders, through which one can see the guts of extraordinarily secret documents.

Yes, as I have already mentioned it, this Big Guy hired me exactly for that – to spend big money on an expert’s admission that in his office the state of the information security