Malice
BMFH
- Joined
- Mar 26, 2001
- Messages
- 12,734
- Reaction score
- 0
- Points
- 31
I am going to be teaching a class for the computer illiterate.
I am looking for you guys to just offer opinions....
Please note its not complete....so what you see...if you have concerns, or something you think I should cover that I just havent, please comment, because when I am done, it will go up here on Hype as well.
Comprehensive PC Security Instruction Thread
Here is the most complete SHH! PC security thread to date. I have taken data from numerous previous threads and combined them into one. This document will be separated into fundamental sections. Each section then, will have subsections.
Security on a PC is a combination of the below:
1) External Firewall
2) Wireless Configuration (if you have wireless)
3) Patching
4) Software - Firewalls
5) Software - Antivirus
6) Software - Spyware
7) Local Behaviors
These are my security classifications, so don’t look them up, they are my own description of issues, from the point on the most external connection all the way inward, to your pc. I will describe EACH issue as we go.
I want to describe at this time, this whole thread uses the assumption you have a DSL or Cable connection to the internet, it can be used for Dial-Up connections as well, just the first number, External Firewall is not really possible since you cant have a firewall attached to the phoneline.
1 - External Firewall
The outer most part of a home network, is the Digital Modem that attaches to the ISP, thru DSL or a Cable connection. This digital modem basically builds the connection to your ISP.
Before Routers and Firewalls were built, this digital modem was connected to your computer directly. Now, we need to put a Router in between the Modem and your computer. This router, has a built-in firewall that is by far your number one protection from the internet, if I had to say what is the most important at this point, the router/firewall is it.
Hardware Firewalls now today, have NUMEROUS functions that will benefit you, and things you MUST do once you install it.
a) Change the Admin Password
The Administrator account to the router, make sure to change this password IMMEDIATELY, because they all come with the same username and password when you unbox them. Hackers know this and try to exploit that users don't change the password.
b) Turn off UPnP
This is Universal Plug and Play. This is currently not a security flaw, but I see this as being a potential attack in the future.
c) Wireless settings
(this will be described in the next section)
d) Disable WAN administration
To configure your router, you have to goto the IP address of the router, and it shows the web interface. Now, in the configuration of the router there is an option to DISABLE accessing the Configuration Screen from the WAN. This means people outside your router (the Internet) are forbidden to access your routers configuration screens, only those on the internet network.
e) Use Network Address Translation
Use NAT (Network Address Translation) on your internal network. I believe most router/firewalls already have this setup.
If you want to hear a podcast describing the use of a hardware firewall, and the purpose of NAT, please listen to this Security Now episode that was one of the first, its about a half hour.
Speaking strictly for myself, I use a Linksys Router with a 4 port switch and Wireless. The link to the router in particular is:
http://www.linksys.com – The Wireless Router I use is - WRT54G
Just a few of the most common companies that produce routers are NetGear and DLink as well.
Why should you have a router?
I will clarify this for those users that have DSL or Cable Modems, and not really get into Dialup. When a user has DSL or Cable, they connect their computer via a Crossover RJ-45 cable to the DSL or Cable Modem. This modem communicates with the provider of your Internet Service. The IP you get, is what I call a "LIVE" IP. This means you are directly located on the Internet with no hardware borders separating you from the "LIVE" Internet. This in an ideal world would not be a problem.
But we don’t live in this idea world. When you are on the LIVE internet your PC is able to be "touched" by other computers on the net. This is generally a very bad thing. For example, if a virus was active in the "Wild" then your IP address is accessible. This means, the virus can try to access your computer with your IP address and try to infect it. Hackers can do the same.
These are easilly installed and getting running can take about 20 minutes to get running.
This router/firewall is configured by default to block all incoming connections. This is basically where the vulnerability is for a PC, block all unknown connections.
Great Links:
Security Now Podcast - Episode 003 - http://aolradio.podcast.aol.com/sn/SN-003.mp3
2 - Wireless Configuration
Assuming you have Wireless, read this, if you don’t, go onto the next section named Antivirus.
Now, Wireless Configuration is a wonderful thing. I will give you some guidance on this. Assuming your PC and your new wireless router have the same type of wireless, then you are ready to go.
Here are the things that you need to do, once you install your Wireless Network Router:
a) DO NOT USE WEP
WEP (Wireless Encryption Protocol) is what was a good encryption scheme implemented badly. It’s easy to crack. Do not use this unless its life or death, or you simply have no other options (some older routers may not have anything but WEP).
b) DO NOT USE MAC Filtering
Let me explain MAC filtering. Every network card in the world, wired and wireless, has a completely unique address hard coded into it. This is called the MAC address. In a wireless environment, theoretically you could use your router to not allow ANY MAC addresses but those you type in, but unfortunately, this is easy to bypass. If someone wanted to access your network, all they have to do, is know a MAC address that can access your network (which they can get by sniffing your network) and then run a MAC spoofing tool, and then they are on your network.
c) Use WPA
Use WPA with at least a 20 character
d) Turn off Wireless Administrator Privledges
Set your router to NOT allow Wireless connections to manage your wireless router. This is very important. if someone was driving by and did gain access to your network, they couldn't access your router, only someone WIRED to the switch where your router is can connect to the router admin panel.
You need to setup some sort of Wireless Encryption on your wireless network to protect yourself.
Remember, if you have a NON-Encrypted wireless network, someone can logon to your network and perform illegal activities, and since they are on your network, the authorities will come to you. This ALONE is incentive to do this.
Great Links:
Security Now Podcast - Episode 010 - http://aolradio.podcast.aol.com/sn/SN-010.mp3
Security Now Podcast - Episode 011 - http://aolradio.podcast.aol.com/sn/SN-011.mp3
3 - Patching
Every complex software application has bugs in it. This goes for Operating Systems also. Millions of copies of Microsoft's Windows operating system have been sold and are in use by home users and by corporations. Eventually bugs are found that lead to security breaches. To solve this, Microsoft releases patches to the operating system to “patch” security holes in the operating system. They do this on the Second Tuesday of each month.
That being said, I would suggest that you setup Microsoft's automated system to download the patches or you manually goto their windowsupdate website to download the patches manually.
I cannot stress how important this is. These holes are what virus writers and spyware makers use to compromise your system. This is so important, most corporations have groups of individuals that investigate these patches each month and are in charge or pushing them out to the users desktops and servers thruout the month.
Great Links:
Microsoft's Windows Update – http://windowsupdate.microsoft.com
4 – Software - Firewalls
Software Firewalls are software applications that you load directly on your PC that act like a hardware firewall. They allow you the ability to allow and stop certain applications from transmitting and receiving data over your network card (or wireless).
This is something that you should have to give you another layer of protection in addition to your Hardware Firewall that is listed as option 1 above.
If you have Windows XP, and are running Service Pack 2, then you already have a software firewall loaded on your PC and that will suffice. If you have Vista, then you are protected as well as there is a firewall built in. The earlier versions of Windows (previous to XP) do not have firewalls built in.
The software firewall is listed as a requirement because the hardware firewall will most likely block anything from coming inside your network, but what about those that have already made it into your network? For instance a friend who brings there virus and spyware infected laptop and hooks it up to your network. Your hardware firewall will not protect you since it’s on the network already. Typical virus worms start accessing the network and trying to infect other machines on the network. A software firewall in this instance, should block the worm from getting into your machine.
This also could alert you to other applications as they try to talk to the outside world, which is nice to know when it happens.
Great Firewalls to Use:
Zone Alarm - http://www.zonealarm.com
COMODO - http://www.personalfirewall.comodo.com
5 – Software - Antivirus
Antivirus software is a requirement if you have a PC. Granted, if you have a Hardware Firewall and a Software Firewall, you are protected pretty well, the Antivirus is one of the last steps to keep you protected.
Viruses exist on websites and in email. So you can be exposed directly to them even though you have a firewall, hardware or software.
Here are a two different virus types:
1) Trojans
A Trojan Horse is a program that does something else that the user thought it would do. It is mostly done to someone on purpose. The Trojan Horses are usually masked so that they look interesting, for example a saxophone.wav file that interests a person collecting sound samples of instruments. A Trojan Horse differs from a destructive virus in that it doesn't reproduce.
2) Worms
A worm is a program which spreads usually over network connections. Unlike a virus which attach itself to a host program, worms always need a host program to spread.
I could describe viruses in massive detail, but instead, I wanted to describe the typical ways they infect and what a user does to avoid the typical way they spread.
1 - If the virus is a worm, this means the virus is network aware. This means the virus actually replicates itself by accessing the network card and sending out requests looking for a computer to infect. If there are computers that are accessible, then it tries to replicate itself onto those machines. Generally with worms, your bet defence is having an active and up to date antivirus and spyware product. Also, patching your computer EVERY MONTH after new patches come out will lead to being immune to newly released worms.
2 – Pay attention when reading email. When you get email if a virus has been attached, you are not infected. You have to RUN the file that has the virus. Don't EVER execute a file included in an email from someone you don't know. If an email if from someone you do know, then you need use good judgement.
Great Antivirus Programs to Use (for a cost):
Computer Associates Etrust - http://www.ca.com
Symantec Antivirus - http://www.symantec.com
Mcafee Antivirus - http://mcafee.com
Great Antivirus Programs to Use (free for download):
AVG Antivirus Free Edition - http://free.grisoft.com
Avast! Free Antivirus - http://www.avast.com
6 – Software – AntiSpyware
Spyware is an application of some sort that is installed on your PC (without your knowledge most of the time) simply by visiting a website. These applications are embedded to install quietly thru vulnerabilities in the web browser so that some sort of “spy” software is pushed down to your PC and installed quietly.
The dishonestly of some spyware manufacturers and advertisers is astonishing. Spyware in some instances is worse than a virus. Once of the biggest symptoms that make spyware such a pain is that they can cause serious system instability aside from the possible intrusion violation of privacy.
Many times you get a popup, that looks like its an Operating System error, asking you to install this app to fix it. These are sometimes malicious. A good Spyware Removal tool will assist with this.
Great Links:
Security Now Podcast – Episode 007 - http://aolradio.podcast.aol.com/sn/SN-007.mp3
Great Antispyware Software:
Spybot - Search & Destroy - http://www.safer-networking.org/en/download/index.html
Ad Aware - http://www.lavasoftusa.com
7 - Local Behaviors
This is probably the hardest to get established, because this is a combination of training, and changing of Human Behavior.
I am looking for you guys to just offer opinions....
Please note its not complete....so what you see...if you have concerns, or something you think I should cover that I just havent, please comment, because when I am done, it will go up here on Hype as well.
Comprehensive PC Security Instruction Thread
Here is the most complete SHH! PC security thread to date. I have taken data from numerous previous threads and combined them into one. This document will be separated into fundamental sections. Each section then, will have subsections.
Security on a PC is a combination of the below:
1) External Firewall
2) Wireless Configuration (if you have wireless)
3) Patching
4) Software - Firewalls
5) Software - Antivirus
6) Software - Spyware
7) Local Behaviors
These are my security classifications, so don’t look them up, they are my own description of issues, from the point on the most external connection all the way inward, to your pc. I will describe EACH issue as we go.
I want to describe at this time, this whole thread uses the assumption you have a DSL or Cable connection to the internet, it can be used for Dial-Up connections as well, just the first number, External Firewall is not really possible since you cant have a firewall attached to the phoneline.
1 - External Firewall
The outer most part of a home network, is the Digital Modem that attaches to the ISP, thru DSL or a Cable connection. This digital modem basically builds the connection to your ISP.
Before Routers and Firewalls were built, this digital modem was connected to your computer directly. Now, we need to put a Router in between the Modem and your computer. This router, has a built-in firewall that is by far your number one protection from the internet, if I had to say what is the most important at this point, the router/firewall is it.
Hardware Firewalls now today, have NUMEROUS functions that will benefit you, and things you MUST do once you install it.
a) Change the Admin Password
The Administrator account to the router, make sure to change this password IMMEDIATELY, because they all come with the same username and password when you unbox them. Hackers know this and try to exploit that users don't change the password.
b) Turn off UPnP
This is Universal Plug and Play. This is currently not a security flaw, but I see this as being a potential attack in the future.
c) Wireless settings
(this will be described in the next section)
d) Disable WAN administration
To configure your router, you have to goto the IP address of the router, and it shows the web interface. Now, in the configuration of the router there is an option to DISABLE accessing the Configuration Screen from the WAN. This means people outside your router (the Internet) are forbidden to access your routers configuration screens, only those on the internet network.
e) Use Network Address Translation
Use NAT (Network Address Translation) on your internal network. I believe most router/firewalls already have this setup.
If you want to hear a podcast describing the use of a hardware firewall, and the purpose of NAT, please listen to this Security Now episode that was one of the first, its about a half hour.
Speaking strictly for myself, I use a Linksys Router with a 4 port switch and Wireless. The link to the router in particular is:
http://www.linksys.com – The Wireless Router I use is - WRT54G
Just a few of the most common companies that produce routers are NetGear and DLink as well.
Why should you have a router?
I will clarify this for those users that have DSL or Cable Modems, and not really get into Dialup. When a user has DSL or Cable, they connect their computer via a Crossover RJ-45 cable to the DSL or Cable Modem. This modem communicates with the provider of your Internet Service. The IP you get, is what I call a "LIVE" IP. This means you are directly located on the Internet with no hardware borders separating you from the "LIVE" Internet. This in an ideal world would not be a problem.
But we don’t live in this idea world. When you are on the LIVE internet your PC is able to be "touched" by other computers on the net. This is generally a very bad thing. For example, if a virus was active in the "Wild" then your IP address is accessible. This means, the virus can try to access your computer with your IP address and try to infect it. Hackers can do the same.
These are easilly installed and getting running can take about 20 minutes to get running.
This router/firewall is configured by default to block all incoming connections. This is basically where the vulnerability is for a PC, block all unknown connections.
Great Links:
Security Now Podcast - Episode 003 - http://aolradio.podcast.aol.com/sn/SN-003.mp3
2 - Wireless Configuration
Assuming you have Wireless, read this, if you don’t, go onto the next section named Antivirus.
Now, Wireless Configuration is a wonderful thing. I will give you some guidance on this. Assuming your PC and your new wireless router have the same type of wireless, then you are ready to go.
Here are the things that you need to do, once you install your Wireless Network Router:
a) DO NOT USE WEP
WEP (Wireless Encryption Protocol) is what was a good encryption scheme implemented badly. It’s easy to crack. Do not use this unless its life or death, or you simply have no other options (some older routers may not have anything but WEP).
b) DO NOT USE MAC Filtering
Let me explain MAC filtering. Every network card in the world, wired and wireless, has a completely unique address hard coded into it. This is called the MAC address. In a wireless environment, theoretically you could use your router to not allow ANY MAC addresses but those you type in, but unfortunately, this is easy to bypass. If someone wanted to access your network, all they have to do, is know a MAC address that can access your network (which they can get by sniffing your network) and then run a MAC spoofing tool, and then they are on your network.
c) Use WPA
Use WPA with at least a 20 character
d) Turn off Wireless Administrator Privledges
Set your router to NOT allow Wireless connections to manage your wireless router. This is very important. if someone was driving by and did gain access to your network, they couldn't access your router, only someone WIRED to the switch where your router is can connect to the router admin panel.
You need to setup some sort of Wireless Encryption on your wireless network to protect yourself.
Remember, if you have a NON-Encrypted wireless network, someone can logon to your network and perform illegal activities, and since they are on your network, the authorities will come to you. This ALONE is incentive to do this.
Great Links:
Security Now Podcast - Episode 010 - http://aolradio.podcast.aol.com/sn/SN-010.mp3
Security Now Podcast - Episode 011 - http://aolradio.podcast.aol.com/sn/SN-011.mp3
3 - Patching
Every complex software application has bugs in it. This goes for Operating Systems also. Millions of copies of Microsoft's Windows operating system have been sold and are in use by home users and by corporations. Eventually bugs are found that lead to security breaches. To solve this, Microsoft releases patches to the operating system to “patch” security holes in the operating system. They do this on the Second Tuesday of each month.
That being said, I would suggest that you setup Microsoft's automated system to download the patches or you manually goto their windowsupdate website to download the patches manually.
I cannot stress how important this is. These holes are what virus writers and spyware makers use to compromise your system. This is so important, most corporations have groups of individuals that investigate these patches each month and are in charge or pushing them out to the users desktops and servers thruout the month.
Great Links:
Microsoft's Windows Update – http://windowsupdate.microsoft.com
4 – Software - Firewalls
Software Firewalls are software applications that you load directly on your PC that act like a hardware firewall. They allow you the ability to allow and stop certain applications from transmitting and receiving data over your network card (or wireless).
This is something that you should have to give you another layer of protection in addition to your Hardware Firewall that is listed as option 1 above.
If you have Windows XP, and are running Service Pack 2, then you already have a software firewall loaded on your PC and that will suffice. If you have Vista, then you are protected as well as there is a firewall built in. The earlier versions of Windows (previous to XP) do not have firewalls built in.
The software firewall is listed as a requirement because the hardware firewall will most likely block anything from coming inside your network, but what about those that have already made it into your network? For instance a friend who brings there virus and spyware infected laptop and hooks it up to your network. Your hardware firewall will not protect you since it’s on the network already. Typical virus worms start accessing the network and trying to infect other machines on the network. A software firewall in this instance, should block the worm from getting into your machine.
This also could alert you to other applications as they try to talk to the outside world, which is nice to know when it happens.
Great Firewalls to Use:
Zone Alarm - http://www.zonealarm.com
COMODO - http://www.personalfirewall.comodo.com
5 – Software - Antivirus
Antivirus software is a requirement if you have a PC. Granted, if you have a Hardware Firewall and a Software Firewall, you are protected pretty well, the Antivirus is one of the last steps to keep you protected.
Viruses exist on websites and in email. So you can be exposed directly to them even though you have a firewall, hardware or software.
Here are a two different virus types:
1) Trojans
A Trojan Horse is a program that does something else that the user thought it would do. It is mostly done to someone on purpose. The Trojan Horses are usually masked so that they look interesting, for example a saxophone.wav file that interests a person collecting sound samples of instruments. A Trojan Horse differs from a destructive virus in that it doesn't reproduce.
2) Worms
A worm is a program which spreads usually over network connections. Unlike a virus which attach itself to a host program, worms always need a host program to spread.
I could describe viruses in massive detail, but instead, I wanted to describe the typical ways they infect and what a user does to avoid the typical way they spread.
1 - If the virus is a worm, this means the virus is network aware. This means the virus actually replicates itself by accessing the network card and sending out requests looking for a computer to infect. If there are computers that are accessible, then it tries to replicate itself onto those machines. Generally with worms, your bet defence is having an active and up to date antivirus and spyware product. Also, patching your computer EVERY MONTH after new patches come out will lead to being immune to newly released worms.
2 – Pay attention when reading email. When you get email if a virus has been attached, you are not infected. You have to RUN the file that has the virus. Don't EVER execute a file included in an email from someone you don't know. If an email if from someone you do know, then you need use good judgement.
Great Antivirus Programs to Use (for a cost):
Computer Associates Etrust - http://www.ca.com
Symantec Antivirus - http://www.symantec.com
Mcafee Antivirus - http://mcafee.com
Great Antivirus Programs to Use (free for download):
AVG Antivirus Free Edition - http://free.grisoft.com
Avast! Free Antivirus - http://www.avast.com
6 – Software – AntiSpyware
Spyware is an application of some sort that is installed on your PC (without your knowledge most of the time) simply by visiting a website. These applications are embedded to install quietly thru vulnerabilities in the web browser so that some sort of “spy” software is pushed down to your PC and installed quietly.
The dishonestly of some spyware manufacturers and advertisers is astonishing. Spyware in some instances is worse than a virus. Once of the biggest symptoms that make spyware such a pain is that they can cause serious system instability aside from the possible intrusion violation of privacy.
Many times you get a popup, that looks like its an Operating System error, asking you to install this app to fix it. These are sometimes malicious. A good Spyware Removal tool will assist with this.
Great Links:
Security Now Podcast – Episode 007 - http://aolradio.podcast.aol.com/sn/SN-007.mp3
Great Antispyware Software:
Spybot - Search & Destroy - http://www.safer-networking.org/en/download/index.html
Ad Aware - http://www.lavasoftusa.com
7 - Local Behaviors
This is probably the hardest to get established, because this is a combination of training, and changing of Human Behavior.
