|
|
 |
Author: Transmission
7,045 Views
3 Comments
|
This is a continuation of the guide Fine tuning your PC for better gameplay. The reason for this guide is to clarify security risks and to educate less experienced users on how to tighten their computers security without having to spend hundreds of dollars on software that should be free in the first place.
This guide is focused on the average home user running windows Xp using a broadband (cable/DSL) connection.
Section 1: Terminology.
This section will help you to understand the different terms in relation to internet security.
Terms - The dark side
| QUOTE |
Hacker: a person able to exploit a system or gain unauthorized access through skill and tactics.
Cracker: in regards to computer networking, not software, similar to the hacker with the exception they try compromising the security of an entire system to gain access to computers on the network.
Script kiddie: an inexperienced hacker who use scripts and programs created by other people, lacking the knowledge to create their own, to scan thousands of computers looking for vulnerable targets before initiating an attack.
Virus: a self-replicating program that spreads by inserting copies of itself into other executable code.
Worm: a self-contained,and again, self-replicating computer program that does not need to be part of another program to propagate itself. They are often designed to exploit the file transmission protocols found on many computers.
Trojan: a malicious program that is disguised as legitimate software.Trojans cannot replicate themselves and are spread by tricking users into believing that it is (or is attached to) a useful program.
Malware: any software program developed for the purpose of causing harm to a computer system, commonly the host for a Trojan.
Spyware: a piece of software that collects and sends information (such as browsing patterns or credit card numbers) about users and their computer activity. ( spyware affects only computers running Microsoft Windows operating systems.)
Keylogger: software that copies a computer user's keystrokes to a file, which it may send to a hacker at a later time.
Dialer: a program that either replaces the phone number in a modem's dial-up connection with a long-distance number, often out of the country, in order to run up phone charges on pay-per-dial numbers, or dials out at night to send keylogger or other information to a hacker.
|
Terms - Hardware/Software
| QUOTE |
Operating system: the system software responsible for the direct control and management of hardware and basic operations. (examples: Windows, OSx, Linux)
ISP: Your Internet service provider.
Router: a computer networking device that forwards data packets toward their destinations through a process known as routing.
It acts as a junction between two networks to transfer data between them.
LAN: (Local area network) multiple computers all connected to the same hub or router.
Port: a connection through which data is sent and received. common ports include: 80=HTTP/web, 25=SMTP /mail, 110=POP3, 23=Telnet.
Firewall: Either harware or software based it controlls traffic between different zones of trust (ie. the internet and your home network)
Anti-virus: software that consists of computer programs that attempt to identify, and eliminate computer viruses and other malicious software (malware).
Anti-spyware: software that consists of computer programs that attempt to identify, and eliminate known spyware software.
|
Section 2: Fears and misconceptions.
The only way to make your computer 100% secure is to turn it off. This does not inlcude house fires, earthquakes, theft or other physical damage. Here we will discuss common misconceptions about home networking security.
| QUOTE | | I need to close off all the open ports to avoid being hacked |
An open port is not necessarily dangerous.
You are only at risk if the program using the port contains harmful code. So there is no reason to close all ports in your system. In fact without your ports being open, the internet simply wouldn't work!
| QUOTE | | Using a firewall is a must, and is always better than not using it |
A firewall by itself will rarely reduce security, but using it has also some disadvantages, and it may not always be critical for the safety of the computer. Although rare, It is still possible that in some systems, a personal firewall will reduce security due to security holes in the firewall program itself.
| QUOTE | | If you use a broadband Internet connection (always on connection), your computer is not safe without a firewall |
How much a computer is secured has nothing to do with being on a broadband connection. Just that if it is not secured, the chances for exploiting the security vulnerabilities without your notice is higher, if you are connected via a broadband connection. Also, the more time you are connected to the Internet, the more time your computer will be exposed to occasional (non-targeted) intrusion efforts.
A computer can be very safe even without a firewall, and it can be unsafe while using a firewall. A firewall can add to the defense of the computer, but it must not be the main line of defense.
| QUOTE | | I just saw the logs of the firewall and within a single day it blocked so many attempts to penetrate into my computer. Just to think what would have happened hadn't I use a firewall |
Many times people are misled by reports of firewalls. I also believe that some firewalls make their alerts sound life threatening deliberately in order to give the user the false impression that they are more important than they really are. Some of those alerts have nothing to do with efforts to penetrate to your computer, and for those which are attempts to invade your computer which your firewall blocked, for many of the home computers, all of them were futile even without a firewall.
Section 3: Know the enemy.
Hackers and Crackers and Phreaks, Oh my!
There are two types of hackers out there. Malicious hackers (known as black hat hackers), and White hat hackers (those who are hired to attempt to break into systems or networks in order to help the owners of the system by making them aware of security flaws). Both are experienced in programming and very capable of getting any type of data.
Believe it or not the real hackers are working for large companies and arent intrested in gaining a quick buck by stealing your credit card. They are employed to improve network security, and improve software while making a comfortable living.
One of the best things you can do to protect yourself from attacks is to become one yourself. Learn how the hacking process works. Im not advising you to try and hack into your schools computers here, infact there are several places that encourage hackers to attempt to try out their hacking skills.Hackthissite.org for example. The better your understanding of how hacking works the better your chances are of preventing it.
also see:
http://www.phaster.com/hacking_faq.shtml
http://www.catb.org/~esr/faqs/hacker-howto.html
Section 4: Your options.
Lets get to it already!
Below is a list of ways to protect yourself from compromising security, and tips to thwart attacks from happening.
| QUOTE |
1. To avoid conflicts, do not use two software firewalls or two anti-virus products at the same time. Completely uninstall one before installing another. (Including microsofts built in firewall)
2. Dump Internet explorer.It has been and always will be full of security risks. Replace it with either Opera or Firefox.
3. Replace Outlook Express with a more secure email client like Thunderbird.
4. Do not run unknown programs. As the Trojan Horses are very widespread over the world there's a high risk of downloading unknown program that is really a Trojan. So be very careful and try not to download the programs or other files from unknown sources. Better yet dont click random links or visit malicious sites (warez sites for example).
5. Use the right tool for the job. Use antivirus for virus removal, anti-spyware for spyware removal.
recommended programs are:
Antivirus/firewall suites:
Sophos
Bitdefender
ZoneAlarm firewall
Spyware:
Webroot Spysweeper
Ad-Aware
Not recommended (my personal opinion here):
Norton/symantec
Avast
AVG
Mcafee
6. Look into replacing Windows. The operating system everyone loves to hate. Its full of flaws, bugs, and is the most expensive OS ever. Infact most other OS's are free or cost next to nothing.
There are alternatives to windows and even ones you can run off a CD without removing Windows . The most popular and easiest to migrate to is know as Linspire (formaly known as Lindows). It was ported to have the look and feel of Windows while boasting all the security features of Linux.
Personaly I prefer Ubuntu it has the same user friendly interface that Linspire offers but doesnt cost a penny. Linspire,while cheaper than Windows, does cost money. Its been said that users switching from Windows to Linspire arent gaining the freedom they would get if they chose another free Linux version, infact they are just changing masters (Bill Gates to Michael Robertson).
However if your are familiar with Linux and like more advanced features and better hardware recognition I highly recommend Kanotix
Below are links that may be of intrest to anyone wanting to try an alternative to Windows.
Ubuntu Hopepage
Ubuntu Review
Kanotix Homepage
City of heroes and Cedega
Running CoH in Linux
Linspire Homepage
Linux FAQ
Most popular distributions of Linux
Wine
7. Servers. If you run a home server do yourself a favor and either learn the .htaccess file commands or put an index.html file in every directory you are serving. Here is an example of a backdoor into someone elses computer using this exploit and the google search engine.
Example (the results are folders on computers that lack either an .htaccess or index.html file.)
Also if you run a home web server take the time to look into
Honeypots.
Last but not least:
8. Ports. The main purpose of a software firewall is to open, close, block, or stealth ports on your computer. You can download a port scanner (similar to the ones hackers use) to see the status of your ports. Again, An open port is not necessarily dangerous.
Your ISP may block incoming access to certain ports, especially to decrease the traffic caused by virus-infected web servers.
- Open indicates that your computer is actively listening and ready to accept incoming connection to that specific port. The presence of an open port is like having an open door to your house, and if that port is password protected then there is a guard at that "door". Guards can be tricked in to letting attackers inside.
- Closed indicates that there is nothing listening at a specific port, so even if an attacker connects to your computer there will not be any server waiting there to allow the connection. This is analogous to shutting the door to your house, and locking it to the outside. No one can get in, but anyone can open the door (port) from the inside. This means that a program on your computer could simply open a "closed" port with no restrictions from the operating system.
- Blocked ports are not only closed, but they are completely hidden (stealthed) to the world. This would be like shutting and locking your door, and then painting over it so no one can tell there is a door there. In general, not even programs on your computer can open the door if it is properly blocked.
Ports can be closed manualy or with a firewall. Firewalls aren't bulletproof. If you have one installed you may have attributed to making your computer vulnrable without even realizing it.
example:
Browsing the internet and the firewall opens an allert
[program.exe is trying to access the internet on port 2525. Do wish to allow this?]
[yes, this time only]
[yes, remember my answer]
[no, do not ask again]
Looks harmless, right? Wrong. Unless you know exactly what initiated that data packet to be sent then you may have allowed a keylogger to always have access to port 2525.
There is a ton of information already available on this lengthy subject so ill just conclude this with some links of refrence on learning more about security, firewalls, the port numbers and what they are used for (good or bad).
links:
Ports
http://www.faqs.org/contrib/articles2/Computer-Ports.html
http://www.governmentsecurity.org/articles/CommonPorts.php
Tests
http://www.pcflank.com/about.htm
Firewalls
http://www.pcworld.com/howto/article/0,aid,118525,00.asp
Antivirus
http://www.pcworld.idg.com.au/index.php/id;316975074
|
In closing
This guide is by no means definitive or complete. Its also not for everyone. Corporate networks utilize higher standards of data protection than what the average home user would need. Its up to you to decide how militant you need to be on network security. How much vital information do you store on your computer? How ofter do you enter credit card numbers and passwords over an insecure (non SSL) connection?
How much money are you willing to shell out and how much of your computers performance are you willing to sacrafice for these security measures?
Personally I have two machines on my network. One is running an apache webserver, and is used for gaming and everything else you can imagine. The other is the same minus the server. I have no software-firewall and no anti-virus software, yet my computer has not been compromised once in over a year.
I install/unistall programs as I feel they are needed.
For example I run a spyware check every couple of weeks. I uninstall the program immeadiatly after use. This not only saves performance but ensures the program itself doesnt become corrupt from scripting flaws. However please note that I dont visit scandalous sites (warez, pron, click here youre a winner, etc) and notice when there may be a problem when say, someone else uses the computer. I also am behind a router that uses DMZ, packet filtering, and port fowarding (aka a hardware firewal).
Again it is up to you (or your parents) to decide the level of protection you need. Dont let greedy software companies trick you with scare tactics to get you to buy their 'eye candy'.
|
|
|
|
|
