Computer Hygiene
Protect Yourself You don't want to be part of the problem If there is a serious attack, you want your systems to be clean You rely on your systems on the air these days Packet NBEMS Logging Etc.
How are infections transmitted Attachments Links Hidden Links Javascript
Attachments EMail attachments are the most obvious way to get infected. What most people don't realize is than an Office document (.doc,.xls..ppt, or the OpenOffice equivalent) is as good as an executable. Similarly, containers like.avi or.wmv may also contain executables. Always turn off "Hide extensions" you may be fooled into clicking on picture.jpg.exe. Similarly, watch what you click on when surfing the web. It gets harder because there are so many server-side pages these days; php, asp, aspx, pl, and on and on. But look out for.exe (obviously),.js and other risky extensions. Always check the status bar for the target URL. Not 100% but better than nothing
Links Links in an email or even on the web are another hazard. If you read "enhanced" or html email, the link you see may not be the one that the link actually points to. Many mailers show you the real target in the status bar when you roll over a link. Although this, too, can be faked by hackers, most people don't check so most most hackers don't bother. But a better strategy is to always read email as plain text.
Hidden Links Just because you didn't click on it doesn't mean you didn't click on it. Many html emails contain images that are loaded at the time the email is read. Frequently there is an encoded image, often a single pixel image. When you open the email this image tells the web server you are online and your IP address. Spammers like this because it validates your email making it more profitable to sell. But bad guys can take advantage of having a path open back to your computer. Again, be very wary of html email.
Javascript This the the greatest hazard of HTML email. Javascript is an executable that runs when you do nothing more than open an html email. Although not as flexible as an actual.exe, it still gives the hacker plenty of opportunity to own your box.
Layers Security is all about layers One layer isn't enough, have many If your system is hardened, it may be enough to cause an attacker to not bother Email harvesters and others can't afford a lot of time This is why emails on mi-arpsc.org are encoded strangely it isn't worth it to a harvester
Obvious Protections Software updates Anti-malware Firewalls Bastion Firewalls
Software Updates You've heard it a thousand times; keep your software up to date. Between releases, most updates fix some security hole. If the vendor has fixed the hole, then the hackers already know about it, and probably have exploited it. This is not only true of Windows Update, but all of your applications as well.
Mac Users Don't be so smug While there are far fewer Mac exploits than Windows, they don't get fixed Microsoft typically fixes issues immediately Apple typically waits six months before even admitting a problem, let alone fix it The Mac's main advantage is the same as Linux; users don't use admin accounts
Anti-Malware Another thing you have heard is that you should have an anti virus program and run it. This goes for anti this, that, and the other thing, too. What you probably haven't heard is that most anti virus programs only find about 60% of the attacks out there. Different programs tend to miss different viruses/trojans/worms. Running 2 anti-malware applications will greatly reduce your risk. The other thing you probably haven't heard is that they are pretty much equivalent. Studies have shown that the pay programs are no better than the free ones.
Firewalls Running a firewall on the local box isn't a lot of protection, but it is some and security is all about layers. Every Windows machine comes with Windows Firewall, and other than Echolink the default settings don't get in the way, so this should be a minimum. However, since Windows Firewall comes with all Windows computers, it is the first one to be hacked. Better to run someone else's firewall. Keep in mind the more popiular, the more likely to be hacked
Bastion Firewalls A bastion firewall is a separate box between your computer(s) and the Internet. It is capable of much more than the local firewall and so is much better protection. However, there are things a local firewall can do that a bastion firewall cannot, so it is best to run both. Most bastion firewalls are purpose-built and so are for the experts. There are firewall appliances which are far better than no firewall at all, but since there are only a few of them, exploits quickly become widely available. Most routers have some firewall capability, and although this is very weak compared to a dedicated firewall, it is better than nothing.
Hand Washing General Security Web Email
General Security Windows gets a bad rap for security, but since Windows XP, Windows security is pretty decent. Unfortunately, the default settings aren't the best, and users do stupid things. Strong passwords of course. You have heard the rules, no words, combination of numbers, special characters and upper and lower case letters, etc. Use different passwords for different services. Probably the biggest mistake people make is using an administrative account for everything. You should NEVER connect to the Internet, for web, email, anything from an administrative account. Use that account only for installing software. If the software is downloaded, download from a user account, virus scan, and then install from the administrative account. By default, Windows hides common file extensions. Disable this feature - it is a hacker's favorite.
Web Internet Explorer gets a bad rap for security, but it may be among the best. Of course, since it is on all Windows machines, it is the first one the hackers attack But it gives you more granular control over security than any other browser. You should tightly lock down the Internet zone, then place commonly visited sites into other zones so they may be more conveniently browsed. Even if you don't use IE regularly, be sure to lock down the Internet zone since many mailers use this zone for their security settings.
Electronic Mail This is where most people get into trouble. First, you should set your mailer to read plain text only. Enhanced or HTML email is a huge risk. Be kind to others and set your mailer to only send plain text. If you MUST read an HTML email, save the email, scan it, then open it with your browser set to the "Restricted" zone. Ideally, disconnect the network when you do this. Linux users use an SELinux jail Some mailers allow sending of HTML-only emails that cannot be read in plain text. If any of your friends do this, ask them to tick the box in their address book so you only get plain text.
Email - continued And once again, do not read email as an administrative user. Be extremely cautious of links in emails, and never click on a link in an HTML email. Sometimes you get attachments that you actually need. Save them, scan them, and then open them. Again, be very suspicious of Office documents. Also, be suspicious of the "From" address. Any eight year old can hack an email address. If you aren't expecting the attachment don't believe that just because it is from Bob it is safe. If you know how, you can check the email headers to see whether the path makes sense for "Bob", but better to give him a call and make sure it came from him
Linux Stingy use of root is the main security advantage of Linux over Windows Recent distros don't allow you to use the GUI as administrator And, of course, SELinux Do not EVER turn off SELinux These days it almost never gets in the way It is a huge improvement over user based security AFAIK, Fedora (and its descendants RHEL and CentOS) is the only distro to turn on SELinux by default
Strong Passwords Don't use words, English or other Don't use keyboard patterns Don't use anything that can be connected to you Use longer passwords or pass phrases Use caps, lower case, numbers strangely Don't say TwasBrilligAndTheSlithyToves Say twasbrilligand3slithytoves Multiple passwords
Questions