Malice
BMFH
- Joined
- Mar 26, 2001
- Messages
- 12,734
- Reaction score
- 0
- Points
- 31
As of late, I have decided to writeup a small tidbit on different ways to secure you, your data and your surfing habits.
1) Do not use your ISP's DNS servers
ISPs see having to have DNS servers as a burden. They only put them up as its required. They typically maintain them on old and unreliable hardware, so they can go down frequently and for long times. Secondly, this also can help protect your surfacing habits, keeping your surfacing habits a tad bit more hidden from your ISP and its evildoers. (not really that bad)
I suggest using a DNS system called OpenDNS. You can setup DNS using a free very powerful DNS system. To subscribew to OpenDNS, goto the website https://www.opendns.com
You will need to register and account and then change either your computer or your router to point to this new DNS server.
You also have the availability to perform numerous other activities
2) Hardcoding Known Bad Sites
This is a good way to keep advertising sites from sending you to sites that might have malware. Its fairly secure, but not very efficient since you have to edit this file to update it. For instance, you can set doubleclick.com to point to your own computer. This means you wont get ads, it will just point to yourself.
I would suggest editing the HOSTS file on your PC and add in those sites that you dont want to goto.
Windows XP HOSTS file is located at C:\Windows\System32\drivers\etc
Edit it with a Text Editor like notepad and put in lines like this
127.0.0.1 www.doubleclick.com
Always have 127.0.0.1, this points the site back to your PC, thus keeping you more secure.
3) Hardcoding Known Good Sites
You can do the same thing with good sites. For instance, I could hard-code my bank to a specific address. You have to be carefull of this as you might be pointing to an address that might NOT be correct.
230.1.65.12 www.wellsfargo.com
This is only an example.
4) Disable Universal Plug and Play
On routers at home, you need to disable this. This is a great protocol to use, but its unproven and could have very bad effect. A virus could be written to utilize Universal Plug and Play to a negative effect. Note, a virus has not been written for this, but could. This may also cause problems with applications that rely on it. For instance XBox Live may not function properly, to get it working you need to open ports on your router for it to function appropriately.
5) Encrypt Email
Always encrypt email. I personally use Thunderbird to get my email. Thunderbird is located -HERE-
To encrypt email using Thunderbird and IMAP, I simply picked Use Secure Connection > SSL when setting up the connection. This encrypts all data I send to and from my email provider.
6) Have a Good AntiVirus Product
There is no substitute for a good reliable AntiVirus product.
7) Have a Spyware Product
A good spyware product is needed to keep malware and spyware off your computer. These have become the most reliable way to have viruses and programs that you dont want to be installed on your PC. This is required because those apps may not be picked up from an AntiVirus program.
8) Wireless Security
Wireless is a great tool, but it can be a problem if not secured properly. When setting up a wireless connection, you need to not use the WEP protocol, as it old and easilly cracked. You need to use the WPA or WPA2 protocol via your router.
9) Passwords
Password security is something that most people dont take seriously and that is a shame. Passwords should NEVER have a friends or family members name. It should be at least 10-12 characters. Keepass is a program where you can save your passwords. It also has a great random password generator.
10) Cookies
Clean your web browsers cookies on a frequent basis, as they can be used to track your web browsing habits.
11) Email Validation
Getting spam email is a constant now. You need to verify any email you open if from a trusted source. If its not, simply delete it. These spam emails typically either are carrying a virus or have a link to a website which is usually a phishing scheme.
12) Key Logger
If you have a child, this is a must as far as I am concerned. This is a program that actually copies every character the person types into a text file that you can view later on. If you want to be very protective, some take screenshots also.
13) Erase Unused Space
If you are anything like me, I use a text editor as a temp storage spot for passwords, phone numbers, addresses, and account numbers. This is generally something you dont want someone to get a hold of. When you delete something in windows, it moves it to the recycle bin. When you empty the recycle bin, the data is still there on your hard drive, the only thing actually gone is the "FAT" address of the beginning of the data. If you do anything like this, or simply EVER have data on your computer you wouldnt want anyone else to have, download a program like Eraser.
This application can be simply setup to overwrite ALL "empty" unused space on a drive. It uses Department of Defense standards of wiping space. it basically makes it almost impossible to recover anything ever deleted.
14) Encrypt Vital Data
Encypting data is not a hard thing to do, and makes your data much more secure. Granted, using encryption on a desktop might not be trully needed, but encrypting data on a laptop I would suggest, if you take your laptop with you. I suggest using an application called TrueCrypt. I have posted a link to a thread specifically for Truecrypt in the following LINK.
In an issue of this nature, I suggest you create an encrypted file for mounting. This file can house all your data that needs to be encrypted, email/tax info/whatever. This allows you to have most of your data on your laptop NOT encrypted, but only a small portion encrypted.
1) Do not use your ISP's DNS servers
ISPs see having to have DNS servers as a burden. They only put them up as its required. They typically maintain them on old and unreliable hardware, so they can go down frequently and for long times. Secondly, this also can help protect your surfacing habits, keeping your surfacing habits a tad bit more hidden from your ISP and its evildoers. (not really that bad)
I suggest using a DNS system called OpenDNS. You can setup DNS using a free very powerful DNS system. To subscribew to OpenDNS, goto the website https://www.opendns.com
You will need to register and account and then change either your computer or your router to point to this new DNS server.
You also have the availability to perform numerous other activities
- Whitelist - Setting up a series of sites that ALWAYS are available regardless of their content
- Adult Site Blocking - Setting up blocks of Adult oriented sites, great if you have kids
- Phishing Site Blocking - Setting up blocks of phishing sites that are common on the net, they go up and down at a moments notice and millions of people submit sites to this list
- Domain Blocking - Setting up blocks of specific websites regardless of their content
- Stats and Logs - Logs of all the DNS requests, websites visited and the like
- Network Shortcuts - Allows you to setup shortcuts to websites, such as setting MAIL (in a web browser) to point to mail.yahoo.com
- Typo Corrections - This system allows you to have it correct typos that you may commonly make
- Typo Exceptions - Setting up specific exceptions to the corrections
2) Hardcoding Known Bad Sites
This is a good way to keep advertising sites from sending you to sites that might have malware. Its fairly secure, but not very efficient since you have to edit this file to update it. For instance, you can set doubleclick.com to point to your own computer. This means you wont get ads, it will just point to yourself.
I would suggest editing the HOSTS file on your PC and add in those sites that you dont want to goto.
Windows XP HOSTS file is located at C:\Windows\System32\drivers\etc
Edit it with a Text Editor like notepad and put in lines like this
127.0.0.1 www.doubleclick.com
Always have 127.0.0.1, this points the site back to your PC, thus keeping you more secure.
3) Hardcoding Known Good Sites
You can do the same thing with good sites. For instance, I could hard-code my bank to a specific address. You have to be carefull of this as you might be pointing to an address that might NOT be correct.
230.1.65.12 www.wellsfargo.com
This is only an example.
4) Disable Universal Plug and Play
On routers at home, you need to disable this. This is a great protocol to use, but its unproven and could have very bad effect. A virus could be written to utilize Universal Plug and Play to a negative effect. Note, a virus has not been written for this, but could. This may also cause problems with applications that rely on it. For instance XBox Live may not function properly, to get it working you need to open ports on your router for it to function appropriately.
5) Encrypt Email
Always encrypt email. I personally use Thunderbird to get my email. Thunderbird is located -HERE-
To encrypt email using Thunderbird and IMAP, I simply picked Use Secure Connection > SSL when setting up the connection. This encrypts all data I send to and from my email provider.
6) Have a Good AntiVirus Product
There is no substitute for a good reliable AntiVirus product.
7) Have a Spyware Product
A good spyware product is needed to keep malware and spyware off your computer. These have become the most reliable way to have viruses and programs that you dont want to be installed on your PC. This is required because those apps may not be picked up from an AntiVirus program.
8) Wireless Security
Wireless is a great tool, but it can be a problem if not secured properly. When setting up a wireless connection, you need to not use the WEP protocol, as it old and easilly cracked. You need to use the WPA or WPA2 protocol via your router.
9) Passwords
Password security is something that most people dont take seriously and that is a shame. Passwords should NEVER have a friends or family members name. It should be at least 10-12 characters. Keepass is a program where you can save your passwords. It also has a great random password generator.
10) Cookies
Clean your web browsers cookies on a frequent basis, as they can be used to track your web browsing habits.
11) Email Validation
Getting spam email is a constant now. You need to verify any email you open if from a trusted source. If its not, simply delete it. These spam emails typically either are carrying a virus or have a link to a website which is usually a phishing scheme.
12) Key Logger
If you have a child, this is a must as far as I am concerned. This is a program that actually copies every character the person types into a text file that you can view later on. If you want to be very protective, some take screenshots also.
13) Erase Unused Space
If you are anything like me, I use a text editor as a temp storage spot for passwords, phone numbers, addresses, and account numbers. This is generally something you dont want someone to get a hold of. When you delete something in windows, it moves it to the recycle bin. When you empty the recycle bin, the data is still there on your hard drive, the only thing actually gone is the "FAT" address of the beginning of the data. If you do anything like this, or simply EVER have data on your computer you wouldnt want anyone else to have, download a program like Eraser.
This application can be simply setup to overwrite ALL "empty" unused space on a drive. It uses Department of Defense standards of wiping space. it basically makes it almost impossible to recover anything ever deleted.
14) Encrypt Vital Data
Encypting data is not a hard thing to do, and makes your data much more secure. Granted, using encryption on a desktop might not be trully needed, but encrypting data on a laptop I would suggest, if you take your laptop with you. I suggest using an application called TrueCrypt. I have posted a link to a thread specifically for Truecrypt in the following LINK.
In an issue of this nature, I suggest you create an encrypted file for mounting. This file can house all your data that needs to be encrypted, email/tax info/whatever. This allows you to have most of your data on your laptop NOT encrypted, but only a small portion encrypted.
