Updated Home Security PC Thread

[Malice]

Here is a new document I have written:

Comprehensive PC Security Instruction for Home Users

This document is meant to help individuals at home or even in a small office, understand the different levels of security for computing online. This covers the most common items, as there are always new and ever evolving issues to deal with while online. This document will be separated into fundamental categories. Each category then, will have several subsections:

Security on a PC is a combination of the below:
1) External Firewall
2) Wireless Configuration (if you have wireless)
3) Patching your PC
4) Software - Firewalls
5) Software - Antivirus
6) Software - Spyware
7) Local Behaviors

The above categories describe security as it typically occurs in an individual’s house. Starting with number 1, the External Firewall, working its way from there into your local PC, and even describing your PC habits, as they typically can be the biggest problem.

Hopefully, after reading this, you will better understanding of security and what is generally good behavior and what may not be.

1 - External Firewall
The outer most part of a home network, is the Digital Modem that attaches to the ISP, thru DSL or a Cable connection. This digital modem basically builds the connection to your ISP.

Before Routers and Firewalls were built, this digital modem was connected to your computer directly. Now, we need to put a Router in between the Modem and your computer. This router, has a built-in firewall that is by far your number one protection from the internet, if I had to say what is the most important at this point, the router/firewall is it.

Hardware Firewalls now today, have NUMEROUS functions that will benefit you, and things you MUST do once you install it.
a) Change the Admin Password
The Administrator account to the router, make sure to change this password IMMEDIATELY, because they all come with the same username and password when you unbox them. Hackers know this and try to exploit that users don't change the password.

b) Turn off UPnP
This is Universal Plug and Play. This is currently not a security flaw, but I see this as being a potential attack vector in the future.

c) Wireless settings
(this will be described in the next section)

d) Disable WAN administration
To configure your router, you have to goto the IP address of the router, and it shows the web interface. Now, in the configuration of the router there is an option to DISABLE accessing the Configuration Screen from the WAN. This means people outside your router (the Internet) are forbidden to access your routers configuration screens, only those on the internet network.

e) Use Network Address Translation
Use NAT (Network Address Translation) on your internal network. I believe most router/firewalls already have this setup. Doing this adds a layer of protection for your computer.

If you want to hear a podcast describing the use of a hardware firewall, and the purpose of NAT, please listen to this Security Now episode that was one of the first, its about a half hour.
Speaking strictly for myself, I use a Linksys Router with a 4 port switch and Wireless. The link to the router in particular is:
http://www.linksys.com – The Wireless Router I use is - WRT54G
Just a few of the most common companies that produce routers are NetGear and DLink as well.

Why should you have a router?

I will clarify this for those users that have DSL or Cable Modems, and not really get into Dialup. When a user has DSL or Cable, they connect their computer via a Crossover RJ-45 cable to the DSL or Cable Modem. This modem communicates with the provider of your Internet Service. The IP you get, is what I call a "LIVE" IP. This means you are directly located on the Internet with no hardware borders separating you from the "LIVE" Internet. This in an ideal world would not be a problem.

But we don’t live in this idea world. When you are on the LIVE internet your PC is able to be "touched" by other computers on the net. This is generally a very bad thing. For example, if a virus was active in the "Wild" then your IP address is accessible. This means, the virus can try to access your computer with your IP address and try to infect it. Hackers can do the same.

These are easilly installed and getting running can take about 20 minutes to get setup properly.

This router/firewall is configured by default to block all incoming connections. This is basically where the vulnerability is for a PC, block all unknown connections.

Great Links:
Security Now Podcast - Episode 003 - http://aolradio.podcast.aol.com/sn/SN-003.mp3


2 - Wireless Configuration
Assuming you have Wireless, read this, if you don’t, go onto the next section named Patching.

Now, Wireless Configuration is a wonderful thing. I will give you some guidance on this. Assuming your PC and your new wireless router have the same type of wireless, then you are ready to go.

Here are the things that you need to do, once you install your Wireless Network Router:
a) DO NOT USE WEP
WEP (Wireless Encryption Protocol) is what was a good encryption scheme implemented badly. It’s easy to crack. Do not use this unless you honestly, have no other choice.

b) Do NOT ONLY use MAC Filtering
Before I start, I want to clarify that MAC filtering is not to be used as your ONLY level of security on your wireless network. MAC Filtering should be used in addition to WPA (listed in the next option) as your encryption. If you use wireless encryption, MAC Filtering is not needed, but just adding another level of security.

Let me explain MAC filtering. Every network card in the world, wired and wireless, has a completely unique address hard coded into it. This is called the MAC address. In a wireless environment, theoretically you could use your router to not allow ANY MAC addresses but those you configure in the router, but unfortunately, this is easy to bypass. If someone wanted to access your network, all they have to do, is know a MAC address that DOES have access your network. They simply need to be physically located near your wireless router (outside in a car at the curb for instance) and start sniffing the air for any data being sent. The hacker can then look in this data and actually pull a MAC address from this data. Using another program to spoof his MAC address, he could then access your network. This is why MAC Filtering as your only level of Wireless Security is not advisable.

c) Use WPA
WPA is an acronym for Wi-Fi Protected Access. This is very powerful encryption protocol for your wireless connection. This means, if you set this up, someone seeing the wireless data in the air, would see data that is completely encrypted and unreadable.
When setting up WPA, make sure to use a password (or also named KEY) of at least 20 characters.

d)Turn off Wireless Administrator Privledges
Set your router to NOT allow Wireless connections to manage (making configuration changes) your wireless router. This is very important. If someone was driving by and did gain access to your network, they couldn't access your router, only someone WIRED to the switch where your router is can connect to the router admin panel and make changes.

You need to setup some sort of Wireless Encryption on your wireless network to protect yourself.
Remember, if you have a NON-Encrypted wireless network, someone can logon to your network and perform illegal activities, and since they are on your network, the authorities will come to you. This ALONE is incentive to do this.

Great Links:
Security Now Podcast - Episode 010 - http://aolradio.podcast.aol.com/sn/SN-010.mp3
Security Now Podcast - Episode 011 - http://aolradio.podcast.aol.com/sn/SN-011.mp3


3 - Patching
Every complex software application has bugs in it. This goes for Operating Systems also. Millions of copies of Microsoft's Windows operating system have been sold and are in use by home users and by corporations. Eventually bugs are found that lead to security breaches. To solve this, Microsoft releases patches to the operating system to “patch” security holes in the operating system. They do this on the Second Tuesday of each month. This is called “Patch Tuesday.”

That being said, I would suggest that you setup Microsoft's automated system to download the patches or you manually goto their windowsupdate website to download the patches manually.

I cannot stress how important this is. These holes are what virus writers and spyware makers use to compromise your system. This is so important, most corporations have groups of individuals that investigate these patches each month and are in charge or pushing them out to the users desktops and servers throughout the month.

Great Links:
Microsoft's Windows Update – http://windowsupdate.microsoft.com

 

[Malice]

4 – Software - Firewalls
Software Firewalls are software applications that you load directly on your PC that act like a hardware firewall. They allow you the ability to allow and stop certain applications from transmitting and receiving data over your network card (or wireless).

This is something that you should have to give you another layer of protection in addition to your Hardware Firewall that is listed as option 1 above.

If you have Windows XP, and are running Service Pack 2, then you already have a software firewall loaded on your PC and that will suffice. If you have Vista, then you are protected as well as there is a firewall built in. The earlier versions of Windows (previous to XP) do not have firewalls built in.

The software firewall is listed as a requirement because the hardware firewall will most likely block anything from coming inside your network, but what about those that have already made it into your network? For instance a friend who brings there virus and spyware infected laptop and hooks it up to your network. Your hardware firewall will not protect you since it’s on the network already. Typical virus worms start accessing the network and trying to infect other machines on the network. A software firewall in this instance, should block the worm from getting into your machine.

This also could alert you to other applications as they try to talk to the outside world, which is nice to know when it happens.

Great Firewalls to Use:
Zone Alarm - http://www.zonealarm.com
COMODO - http://www.personalfirewall.comodo.com


5 – Software - Antivirus
Antivirus software is a requirement if you have a PC. Granted, if you have a Hardware Firewall and a Software Firewall, you are protected pretty well, the Antivirus is one of the last steps to keep you protected.

Viruses exist on websites and in email. So you can be exposed directly to them even though you have a firewall, hardware or software. I am not going to describe the difference between the difference classifications of viruses, but they are known by the following names: worms, viruses, and Trojans.

Now, the different types of viruses exploit your system in different ways. Here are some ways:
a)Network aware Worms are small programs that actually try to push themselves out thru the infected computers network card (or wireless card) to try to hit and infect other computers that it can access.
b)Website Trojans are small programs that are embedded in websites that typically exploit vulnerabilities in your web browser. When you goto a website that has a certain Trojan on it, the code is downloaded to your PC, (just like all the code from every website is)
c)Email Trojans are small programs that are attached to emails sent out to people. These emails, when you receive them, do not mean you are infected, because the file has not yet been run. Once you RUN the attached file (the virus) then you are most likely infected.
AntiVirus programs basically watch was it coming thru the network card and what is being accessed by the Operating System. They frequently get updates from the software maker with updates to the virus definitions. These definitions are basically “templates” of viruses that are known, and how to cure them. So a good AV program one part, and the most important part, is making sure it UPDATES EVERY DAY, or at least every time you go online.

Great Antivirus Programs to Use (for a cost):
Computer Associates Etrust - http://www.ca.com
Symantec Antivirus - http://www.symantec.com
Mcafee Antivirus - http://mcafee.com

Great Antivirus Programs to Use (free for download):
AVG Antivirus Free Edition - http://free.grisoft.com
Avast! Free Antivirus - http://www.avast.com


6 – Software – AntiSpyware
Spyware is an application of some sort that is installed on your PC (without your knowledge most of the time) simply by visiting a website. These applications are embedded to install quietly thru vulnerabilities in the web browser so that some sort of “spy” software is pushed down to your PC and installed quietly.

The dishonestly of some spyware manufacturers and advertisers is astonishing. Spyware in some instances is worse than a virus. One of the biggest symptoms that make spyware such a pain is that they can cause serious system instability aside from the possible intrusion violation of privacy.

Many times you get a popup, that looks like its an Operating System error, asking you to install this app to fix it. These are sometimes malicious. A good Spyware Removal tool will assist with this. Please note, Malware is typically substituted for Spyware.

Great Links:
Security Now Podcast – Episode 007 - http://aolradio.podcast.aol.com/sn/SN-007.mp3

Great Antispyware Software:
Spybot - Search & Destroy - http://www.safer-networking.org/en/download/index.html
Ad Aware - http://www.lavasoftusa.com


7 - Local Behaviors
This is probably the hardest to get established, because this is a combination of training, and changing of Human Behavior. As humans, we get used to doing things in certain ways. This can cause problems, because some of the actions we do, are not security conscience.

The first item, we need to make sure we get right are, Passwords
a)Password Length – Passwords need to be at least 10 characters long, but for passwords that pertain to financial information, such as banks and things of that nature, I would use a password at least about 16 characters long, minimum.
b)Password Complexity – A good complex password contains all of the following categories of characters in it. Both uppercase and lowercase characters, numbers and special characters. Special characters are some of the following (%^&*()$#@!-_=+; There are a few more special characters, but you understand the term “special character” now.
c)Don’t Use Words – Don’t use words means the following. In the password don’t ever use a word that is literally listed in a dictionary, such as the word “hello” or “password” or “document”. To explain why, hackers when trying to crack a password, use something called, “dictionaries.” This means, they typically try to use a program that uses words from this dictionary to use as your password.
d)Don’t Use Personal Information – This is a simple concept. Don’t ever use information that pertains to you or your relations. For example, don’t use birthdays, social security numbers, ID cards numbers, addresses, anniversary dates, etc. Basically if the item you want to use for your password is EVER contained in any personal documentation, EVER, don’t use it.
e)Don’t Substitute numbers for letters – This is something newer that developed from the internet community. The best way to explain is show examples. Typically the letter “I” or “L” has the number 1 substituted for it, so using a word like “hello” sometimes can have “he11o” used. Hackers know this track and use it frequently to try to crack passwords.

Visiting Websites and the activities with them:
This is probably the hardest. You need to be careful to the site you visit. The shadier the website, the more a chance for something negative being located on it. These shady websites typically have code embedded in them to take advantage of vulnerabilities in your browser to infect you with either a virus or some sort of spyware (malware).

A good rule of thumb is, the larger and more common a website is, the safer you are. This is a rule of thumb and NOT the rule. So MOST LIKELY places like yahoo.com and amazon.com are safe.

Sites hosting shareware and downloads that are not the large sites made for that purpose can be suspect at times. Pornography sites are typically the worst of all. They draw people in and once you get there, you get infected with something without you even knowing.

I suggest you try to use an alternative browser instead of Internet Explorer (native to the Windows Operating System). These browsers don’t typically have the same vulnerabilities in them and sometimes you are simply immune to an attack simply since you are not using the browser the attack was meant for.

Many of the browsers now have something called Plug-Ins or Extensions that are software applications that “plug-in” to your browser to give you added functionality such as weather or other security enhancements. (I use Firefox with numerous add-ons to really give me a safer web surfing environment)

Great Alternative Browser to Internet Explorer:
Mozilla Firefox – http://www.mozilla.com
Opera – http://www.opera.com

Great Browser Extentions for Firefox:
WOT (Web of Trust) - https://addons.mozilla.org/en-US/firefox/addon/3456
Adblock Plus - https://addons.mozilla.org/en-US/firefox/addon/1865
Plus hundred more not ever security related.

Reading Email
Email is one of the main ways you can get in trouble.

When you use an email program on your computer, you are going to eventually get emails from everyone under the sun that contain viruses and phishing emails.

First I will discuss emails containing viruses and spyware. Typically, there is an attachment embedded in an email. Once this attachment is run, the virus is executed and hits your machine.
The real way to avoid this, is simply DELETE any email, that is from someone you don’t know.
If the email has an attachment, you REALLY need to make sure that this email is from someone you know and are familiar with, before opening it.

Phishing, is the act of a bad party, sending you an email that is acting like a financial institution or something like that. Imagine you getting an email form CitiBank, it looks and feels like CitiBank, but there are some problems that you have to be aware of. Have you EVER setup anything with CitiBank to email you? Typically this is no. So if you see something like this, immediately delete it. What the bad guys want you to do is for you to click on a link that takes you to a website that looks like CitiBanks website. Typically, they want to you VERIFY your information by typing in your name, username, password, account number and numerous other things. If you type it in, and hit return, they have just saved ALL your personal data. Then they can get your money. So basically I am telling you, NEVER, NEVER, NEVER goto a website to fill out your personal information based on a prompting from an “automated” email sent to you.

I suggest getting an email client that has built in spam filtering. I personally use a program named Thunderbird which filters email based on my addressbook and activities. It learns my habits as I use it over time. Thunderbird is completely free.

Great Alternative Email Client (free):
Mozilla Thunderbird – http://www.mozilla.com

 

[Talldog]

Some other items you should consider mentioning:

Recommend hardware firewall options that contain the configuration settings you list in your aticle. Some of the cheaper Netgear or Linksys models may not have them.

For wireless security, another option is maximum number of concurrent connections. On some WAPs you can set a maximum number of connections to hand out. Set that number at the number of computers in your household that will be connecting.

The patching section is good, but for users with multiple computers in a household they should consider WSUS to manage updates and patches.

The section on software firewalls is good.

Consider recommending to users that they schedule automatic virus and malware scans at regular intervals, as well as configuring browsers, torrent clients, P2P sharing software, etc to scan each file that is downloaded to the computer. Do not set your system to perform a full scan at startup. This leads to longer startup times that will annoy users and lead to them turning off automated scanning. Instead schedule them for a time when you are not using the system.

As far as browser go you should consider listing ways to secure IE for users that do not have other browsers available (for instance they are using a machine lent to them by their employer and the employer does not allow other browsers) as well as ways to secure all browser by editing security settings in regards to things like ActiveX controls. There are also higher security versions of IE available, and you can run IE with no addons to make it run smoking fast.

For e-mail you should mention Spamhaus, dirty word lists, black/white lists, etc. E-mail virus attacks and phishing attacks are becoming more complicated every day.

Just some advise that should help you pass on more information to your clients. As far as my credentials go (if you care): I've worked with information systems for 18 years, including 4 years as a Cryptologist for the Navy and the NSA. I've worked with Unix, Linux, MAC OS, and Windows. I specialize in system security and exploitation and hold a number of certificates and awards in the field from Cisco, Microsoft, Citrix, and the DoD.

 

[Malice]

Your info is good.
The issue is, if I include everything I can possible include, we get a 500 page document and noone will read it.

I think what I have included gives us what we need, without sacrificing anything. As you know, there is ALWAYS more.

 

[Odin's Lapdog]

don't read this thread, there's a virus attached to it.

That bastard malice is trying to steal your monies....

 

[Malice]

don't read this thread, there's a virus attached to it.

That bastard malice is trying to steal your monies....

riiiggghhhttt

 

[Malice]

no other constructive comments?

 

[Talldog]

That's all I've got.

Hit me up if you ever need any help with IT/Security stuff. Advice is always free.

 

[Malice]

That's all I've got.

Hit me up if you ever need any help with IT/Security stuff. Advice is always free.

I love your suggestions.

 

[Manic]

I find that even if you don't use McAfee's antivirus packages, their free SiteAdvisor is always a nice add-on for IE or Firefox. It marks your Google search results, and tells you which links have excessive pop-up windows, spyware, and other early warning information. Basically, it helps to keep you away from pages that'll get your PC infected. It should help with the whole "Visiting Websites and the activities with them" part.

 

[black_dust]

Brought a new virus program? Dont know if it works or not?

Use this test file and see if your virus program detects it.


**note the file is not a virus but will trigger your software off, please read all info on the page before downloading**

http://www.eicar.org/anti_virus_test_file.htm

 

[[A]]

silly request: could you NOT use dark text? think of us, dynamite users anyway, good thread--helpful

 

[Kane52630]

Whatever Happen to Conficker Worm

 

[Paradoxium]

nod32 baby t:

 

[Mixairian]

Having experience in Technical and Sales, I make the following recommendations:

Routers
If you want the best router, look at the Apple Airport Extreme. From first hand experience over large houses with multiple floors, it provides the best signal. If you want to save some money, then I'd recommend gearing toward Netgear.

Since Linksys has switched toward internal antennas, there WRT54G2 and WRN models suck ass. Yes, that is the technical term I wish to apply.

Security Suites
I do support and endorse Norton. For the average person for an AV/AS/Firewall suite, I'd recommend Norton Internet Security.

Personally, I prefer Kaspersky Internet Security but I've been told by clients that it is too complex for the average user. The two biggest things I enjoy abot KIS2010 is the built in banner blocker which substitutes for adblock (since I use IE8) and the Safe Mode. You can run certain programs in a sand box mode so if they are laced with infections, they do not effect your machine.

As for McAfee, I'm very much against it.

Multiple Security
The day and age where one needed to have an Avira, Spybot, Adaware, and Zone Alarm are long gone. Truth be told, most companies that invest in online security suites (Symantec, Webroot, CA, Panda, Kaspersky, etc) combine all of these into a single software.

The largest flaw with freeware and multiples is that having so many different programs hogging your resrouces. I've a decent rig but I find having one security software works best. I've worked on hundreds of machines with multiple softwares and have noted a vast increase in performance for just one software as opposed to 4-5.

It also cuts down on trouble shooting when one peice of protection is blocking something important.

Tech Support
LogMeIn
https://secure.logmein.com/US/home.aspx

It's free.

I don't know how helpful this community is but we could set up a system where we can remotely access infected PC's and help manually clean/repair damage done. Just a random idea for the community before I sink away again.


Random Fun Fact
I've had my network for years and at times I've been less than thrilled with my connection.

Protip. Category 6 Ethernet Cables are a vast improvement to Category 5.

That's my random fun fact. I've others but I'll save them for another day.

EDIT

Browers
Having multiple browser options is the wise course as there can be many capatability issues with many sites and software.

I personally dislike Firefox these days. It's become rather bloated and bulky.

I could never get into Opera though I've nothing against it.

My personal backup is Chrome which tends to be the fastest of the browsers but I grow paranoid of Google owns everything you type into it possibility... Then again, I shouldn't considering I have the Droid. Other downside is no WYSIWYG support yet.

 

[jim-locksmith]

thank you for suggesting such useful recommendations