Dallas/Ft. Worth Unix Users Group

And Now For Something Completely Different…

Personal Computer Security

Introduction

AOL is being the public-spirited mega-corporation and giving away free virus protection to all its users.
What AOL is inadvertently doing is lulling people into a false sense of security by providing them with free anti-virus software in much that same way that once-upon-a-time CEOs were lulled into an equally false sense of security if they had a firewall.
What can the personal computer user to make their system safe, or at the very least, safer?

The Five Golden Principles of Security

As a quick review, here are The Five Golden Principles of Security:
- Know your system
- Principle of Least Privilege
- Defense In Depth
- Protection is key but detection is a must.
- Know Your Enemy

Consider the Alternatives

A fresh install of Windows XP lasted 20 minutes before it was compromised.
Consider some of the alternative possibilities for operating systems instead of Windows such running Linux or buying an Apple Macintosh running Mac OS X.
Regardless of which OS you pick, check for updates on a regular basis and evaluate what updates are available for installation before installing anything.
If you are stuck using a Windows operating system, consider renaming “command.com” and “cmd.exe” to something that is not obvious

Backup and Restore

One of the most neglected items in security is backups.
In theory, you should do a backup before applying any software updates or installing or updating a program.
Select a backup media that fits your situation.
Keep an off-site backup of your system.
Keep separate backups of the system-level files and the user data.
There are many options on Unix/Linux systems (dd, tar, cpio, dump, dar, Kdar), easily obtainable backup solutions for Windows are more problematical, especially where “The Registry” is concerned.
One way to get around this without resorting to costly backup solutions or uncertain “shareware” programs is using a Linux on-a-CD distribution such as Knoppix (http://www.knoppix.org/)
The ultimate test of a backup strategy is restoring a file or files.

Browsers

To paraphrase former First Lady Nancy Reagan, “Just say ‘NO’ to Internet Explorer.
There are free alternatives to IE such as Firefox (http://www.mozilla.org/products/firefox/) and Opera (http://www.opera.com).
Configure your browser to purge cookies and the cache on exit.
Use the “mouse over” feature of a browser to see where a URL really points before going to it.

Applications

Keep the installed applications to the absolute minimum. If you don’t need it don’t install it.
Get rid of applications you haven’t used in some time.
Check for updates to the applications you do use.

Passwords

Once upon a time, it was easy to remember passwords because you had one or at most two to remember. That’s not the case anymore.
Use a program like Password Safe (http://passwordsafe.sourceforge.net/) to keep passwords in a secure vault.
Password Safe runs on PCs under Windows (95/98/NT/2000/XP). Versions for Unix/Linux are also available.

If you can get away from Outlook and Outlook express, follow Nike’s advice and “Just do it.”
Alternatives like Thunderbird (http://www.mozilla.org/products/thunderbird/) and Eudora (http://www.eudora.com/) are better alternatives to the Outlook twins.
If you’re stuck with Outlook here are some things you can do:
Enable macro virus protection.
For Office 2000, turn the security level to "high" and don't trust any received files unless you have to.
Turn off the "hide file extensions for known file types" option.
Uninstall the Windows Scripting Host if you can live without it.
If you must have the Windows Scripting Host, change your file associations.

Anti-virus and Anti-spyware

If you don’t already have anti-virus software, get it and use it. Make it a regular habit to download the updates to the anti-virus signatures.
Two good, free anti-spyware program are Ad-aware SE (http://www.lavasoftusa.com/software/adaware/) and Spybot Search and Destroy (http://www.safer-networking.org/en/index.html).
As with anti-virus software, make it a regular habit to check for and download the updates.

Firewalls

Get a inexpensive firewall/router with NAT (Network Address Translation).
Use a personal firewall such as the personal edition of ZoneAlarm on Windows systems.
Use Firestarter on Linux Systems.

Wireless

Enable WEP (Wired Equivalent Privacy)
Change the default SSID
Don’t broadcast the SSID
Select a WEP Key
Change the default admin password.
Implement MAC address filtering
Don’t put the WAP close to an exterior wall.
Reduce the radiated power
Do some war walking on you own

Laptops

Keep the laptop out of site.
Use a something other than a Targus laptop case to carry it in.
Treat the laptop like your wallet or purse and keep it close at hand.
Label and tag just about anything associated with the laptop.
Hide a few labels and tags in inconspicuous places.
Set a BIOS password.

General Recommendations

When it’s not in use, turn it off.
Plug the PC, monitor, printer, DSL/cable modem, WAP into a power strip.

Conclusion

None of this stuff is rocket science.
Some of it takes a bit of work.
Other parts require training and discipline.

Return to Home Map and Directions Member Services Schedule of Talks Mailing Lists SIGs Roadmap to Wiki Free Books Membership/Individual Benefits Membership/Corporate Roster Benefits Organization Bylaws Policies Officers Other Talk Suggestions Volunteer! Member Blogs Member Profiles Historical Archives Newsletter Audio of Meetings Webmaster
	Top . Main . Jan06Notes	Recent Changes Printable View Page History Edit Page
	Content Last Modified on January 07, 2005, at 05:31 PM CST And Now For Something Completely Different… Personal Computer Security Introduction AOL is being the public-spirited mega-corporation and giving away free virus protection to all its users. What AOL is inadvertently doing is lulling people into a false sense of security by providing them with free anti-virus software in much that same way that once-upon-a-time CEOs were lulled into an equally false sense of security if they had a firewall. What can the personal computer user to make their system safe, or at the very least, safer? The Five Golden Principles of Security As a quick review, here are The Five Golden Principles of Security: Know your system Principle of Least Privilege Defense In Depth Protection is key but detection is a must. Know Your Enemy Consider the Alternatives A fresh install of Windows XP lasted 20 minutes before it was compromised. Consider some of the alternative possibilities for operating systems instead of Windows such running Linux or buying an Apple Macintosh running Mac OS X. Regardless of which OS you pick, check for updates on a regular basis and evaluate what updates are available for installation before installing anything. If you are stuck using a Windows operating system, consider renaming “command.com” and “cmd.exe” to something that is not obvious Backup and Restore One of the most neglected items in security is backups. In theory, you should do a backup before applying any software updates or installing or updating a program. Select a backup media that fits your situation. Keep an off-site backup of your system. Keep separate backups of the system-level files and the user data. There are many options on Unix/Linux systems (dd, tar, cpio, dump, dar, Kdar), easily obtainable backup solutions for Windows are more problematical, especially where “The Registry” is concerned. One way to get around this without resorting to costly backup solutions or uncertain “shareware” programs is using a Linux on-a-CD distribution such as Knoppix (http://www.knoppix.org/) The ultimate test of a backup strategy is restoring a file or files. Browsers To paraphrase former First Lady Nancy Reagan, “Just say ‘NO’ to Internet Explorer. There are free alternatives to IE such as Firefox (http://www.mozilla.org/products/firefox/) and Opera (http://www.opera.com). Configure your browser to purge cookies and the cache on exit. Use the “mouse over” feature of a browser to see where a URL really points before going to it. Applications Keep the installed applications to the absolute minimum. If you don’t need it don’t install it. Get rid of applications you haven’t used in some time. Check for updates to the applications you do use. Passwords Once upon a time, it was easy to remember passwords because you had one or at most two to remember. That’s not the case anymore. Use a program like Password Safe (http://passwordsafe.sourceforge.net/) to keep passwords in a secure vault. Password Safe runs on PCs under Windows (95/98/NT/2000/XP). Versions for Unix/Linux are also available. Email If you can get away from Outlook and Outlook express, follow Nike’s advice and “Just do it.” Alternatives like Thunderbird (http://www.mozilla.org/products/thunderbird/) and Eudora (http://www.eudora.com/) are better alternatives to the Outlook twins. If you’re stuck with Outlook here are some things you can do: Enable macro virus protection. For Office 2000, turn the security level to "high" and don't trust any received files unless you have to. Turn off the "hide file extensions for known file types" option. Uninstall the Windows Scripting Host if you can live without it. If you must have the Windows Scripting Host, change your file associations. Anti-virus and Anti-spyware If you don’t already have anti-virus software, get it and use it. Make it a regular habit to download the updates to the anti-virus signatures. Two good, free anti-spyware program are Ad-aware SE (http://www.lavasoftusa.com/software/adaware/) and Spybot Search and Destroy (http://www.safer-networking.org/en/index.html). As with anti-virus software, make it a regular habit to check for and download the updates. Firewalls Get a inexpensive firewall/router with NAT (Network Address Translation). Use a personal firewall such as the personal edition of ZoneAlarm on Windows systems. Use Firestarter on Linux Systems. Wireless Enable WEP (Wired Equivalent Privacy) Change the default SSID Don’t broadcast the SSID Select a WEP Key Change the default admin password. Implement MAC address filtering Don’t put the WAP close to an exterior wall. Reduce the radiated power Do some war walking on you own Laptops Keep the laptop out of site. Use a something other than a Targus laptop case to carry it in. Treat the laptop like your wallet or purse and keep it close at hand. Label and tag just about anything associated with the laptop. Hide a few labels and tags in inconspicuous places. Set a BIOS password. General Recommendations When it’s not in use, turn it off. Plug the PC, monitor, printer, DSL/cable modem, WAP into a power strip. Conclusion None of this stuff is rocket science. Some of it takes a bit of work. Other parts require training and discipline.
WikiHelp	Recent Changes Printable View Page History Edit Page