Dallas/Ft. Worth Unix Users Group

And Now For Something Completely Different…

Gary Smith

INTRODUCTION

Maybe you’ve caught one of those new AOL commercials on TV. There are several different ones populating the airwaves right now. Each commercial is made of vignettes of ordinary Joes and Janes talking about very evil things that they want to have happen to their personal computers. The evil things range from “giving virus’s to all my friends” to “somebody stealing all my personal data” to “frying my disk drive like a mozzarella cheese stick.” My personal favorite is this chap saying he “wants his hard drive to make the sound of a Yeti.” For some reason they don’t have somebody wishing their personal computer gets turned into a zombie to do mass mailings of spam or warez site for games or pornography.

AOL's well taken point is that personal computer owners are not as well protected as they think they are. Isn’t that ever the truth? In a recent test, a freshly installed Windows XP system was hacked in 20 minutes, far less than the time to download and install the patches to keep such things from happening. AOL is being the public-spirited mega-corporation and giving away free virus protection to all its users. They’re also hoping to get people to ditch their current ISP in favor of AOL because AOL “is building a better Internet.” What AOL is inadvertently doing is lulling people into a false sense of security by providing them with free anti-virus software in much that same way that once-upon-a-time CEOs were lulled into an equally false sense of security if they had a firewall.

What can the personal computer user to make their system safe, or at the very least, safer? Here are some things that the personal computer user can do to practice safe HEX.

THE GOLDEN PRINCIPLES OF SECURITY

As a quick review, here are The Golden Principles of Security:

Know your system
Principle of Least Privilege
Defense In Depth
Protection is key but detection is a must.
Know Your Enemy

CONSIDER THE ALTERNATIVES

As mentioned above, a fresh install of Windows XP lasted 20 minutes before it was compromised. That’s not enough time to download the patches from the Internet to secure it and install them. On the other hand, installs of recent Linux distributions have lasted weeks to even months before being compromised. While this does speak highly of how resilient recent Linux distributions have become, it should not be taken as a demonstrable proof that Linux is more secure that Windows. There is still the “Willie Sutton Effect” [1] to consider.

So, consider some of the alternative possibilities for operating systems instead of Windows such running Linux or buying an Apple Macintosh running Mac OS X. Desktop versions of Linux incorporating KDE and OpenOffice.org have made tremendous strides in a very short time. For all but the some of more exotic documents, these productivity suites are more than enough for the casual user. OpenOffice.org will soon be releasing version 2.0 of its popular suite of tools. This may serve to convince some holdouts that alternatives are worth considering.

Regardless of which OS you pick, check for updates on a regular basis and evaluate what updates are available for installation before installing anything.

If you are stuck using a Windows operating system, consider renaming “command.com” and “cmd.exe” to something that is not obvious. This will lessen the likelihood an attacker can get a command shell.

BACKUP / RESTORE

One of the most neglected items in security is backups. As it has been said about voting in old Chicago and Louisiana, “Vote early and vote often,” the same can be said about backups, i.e., “Backup early and backup often.” In theory, you should do a backup before applying any software updates or installing or updating a program. Even people who do backups are not often that diligent. However, having a backup of the system can get you past many problems, not just those associated with hackers, i.e., updates that don’t work. Disks, tapes, and CD/DVD devices and media have gotten incredibly cheap. Select a backup media that fits your situation. Keep an off-site backup of your system. One way to do this is partner with a friend or co-worker on maintaining off-site backups. It is not a good idea to partner with a next door neighbor. A frequent mistake people make when doing backups is becoming overly concerned with a backup of the system-level files and neglecting the user data, i.e., mail folders, documents, spread sheets, charts, graphs, etc. Keep separate backups of the system-level files and the user data. Don’t keep old backups around, especially CD/DVD media. You can microwave CD/DVD or cut them up.

Once you’ve decided how often to do backups and what media to use, the mechanism to do backups is next most important selection to make. While there are many options on Unix/Linux systems (dd, tar, cpio, dump, dar, Kdar), easily obtainable backup solutions for Windows are more problematical, especially where “The Registry” is concerned. One way to get around this without resorting to costly backup solutions or uncertain “shareware” programs is using a Linux on-a-CD distribution such as Knoppix (http://www.knoppix.org/) One of the strengths of Knoppix is its ability to read NTFS volumes. Thus, all the hive files that make up “The Registry” can be read and backed up. Also, since the NTFS volumes are quiescent, there are no worries about being unable to backup open files.

The ultimate test of a backup strategy is restoring a file or files. There are many apocryphal tales of sysadmins who have faithfully backed-up file systems for years only to discover that restoration was impossible when it finally came to restore files. Test your backup strategy by doing a restore before it the crunch time comes.

BROWSERS

To paraphrase former First Lady Nancy Reagan, “Just say ‘NO’ to Internet Explorer.” There are free alternatives to IE such as Firefox (http://www.mozilla.org/products/firefox/) and Opera (http://www.opera.com) that provide a higher degree of security and a much more pleasurable browsing experience than IE.

Configure your browser to purge cookies and the cache on exit. If you are really paranoid, also configure it to purge the history on exit as well. Limit the amount of applets you use within the browser to the absolute minimum. A handy feature to use as a security is the “mouse over” feature of a browser. Put the mouse over a URL and make sure the URL is going to take you where you want to go and not someplace else.

APPLICATIONS

Oh we love our applications, don’t we? There’s all kinds of wonderful programs out there for free to make out computing experience much more enjoyable. The problem is they can also make someone else’s computing experience more enjoyable too. If you don’t need it don’t install it.

One of rules of fashion is “If you haven’t worn it in two years, discard it.” We need some similar heuristic for programs on personal computers. Slowly but surely all the disk space gets eaten up by programs we thought were cute (along with any associated .dll files they come with) just as out closets get overrun with pieces of apparel we thought were cute. If you’re not using the program(s), get rid of them. If you are using the programs, be on the lookout for updates.

PASSWORDS

Once upon a time, it was easy to remember passwords because you had one or at most two to remember. That’s not true anymore. Some people resort to using trivial passwords or the same trivial password for all their electronic transactions. Others resort to writing them down on a piece of paper and keeping it in their wallet/purse/briefcase.

A better technique is to use a program like Password Safe (http://passwordsafe.sourceforge.net/) to keep passwords in a secure vault. Password Safe is a tool that allows you to have a different password for all the different programs and websites that you deal with, without actually having to remember all those usernames and passwords. Password Safe runs on PCs ? under Windows (95/98/NT/2000/XP). Versions for Unix/Linux are also available.

Don’t reuse passwords for anything that is important or your care about. Using the same trivial password for reading newspapers or other low risk sites is OK. In general, guard passwords like you would your money. Don’t stick them under your mattress.

If you can get away from Outlook and Outlook express, follow Nike’s advice and “Just do it.” Alternatives like Thunderbird (http://www.mozilla.org/products/thunderbird/) and Eudora (http://www.eudora.com/) are better alternatives to the Outlook twins. If you are stuck using Outlook, enable macro virus protection. For Office 2000, turn the security level to "high" and don't trust any received files unless you have to. Turn off the "hide file extensions for known file types" option. This option allows Trojan horses to masquerade as other types of files. Uninstall the Windows Scripting Host if you can live without it. If you must have the Windows Scripting Host, change your file associations, If you must have the Windows Scripting Host, change your file associations, so that script files aren't automatically sent to the Scripting Host if you double-click them.

Install an anti-spam plug-in like SpamBayes (http://spambayes.sourceforge.net/windows.html) for Outlook and train it to can your spam. And speaking of spam and training, train yourself to delete possible spam without reading it. Don’t automatically assume that “From” addresses are correct.

ANTI-VIRUS AND ANTI-SPYWARE

AOL is giving anti-virus to all its subscribers. If they think it’s a good idea, it must be a good idea. If you don’t already have anti-virus software, get it and use it. Make it a regular habit to download the updates to the anti-virus signatures.

AOL isn’t giving anti-spyware to all its subscribers. That doesn’t mean it’s not a good idea. Two good, free anti-spyware programs are Ad-aware SE (http://www.lavasoftusa.com/software/adaware/) and Spybot Search and Destroy (http://www.safer-networking.org/en/index.html). As with anti-virus software, make it a regular habit to check for and download the updates. When I go hunting for spyware, I run Ad-ware first and follow that with Spybot. On the first pass, you might consider running Ad-aware, Spybot, and Ad-aware again.

FIREWALLS

Firewalls for home use have gotten to the appliance stage just as the ones for the big boys. You can pick up a Linksys broadband router/firewall for about $50. The reason for buying one of these little jewels is the builtin firewall that includes Network Address Translation. Using one these types of devices between you and the Internet gives you a barrier to hide behind. The nice thing about most of these devices is their default mode is block incoming connections. Also use a personal firewall line the personal version of ZoneAlarm (http://www.zonelabs.com). In a manner similar to SpamBayes, you train ZoneAlarm to what is good and bad on your system. When a new program tries to access the Internet from your system, ZoneAlarm asks you if you want to allow or deny this operation. You also have the option of allowing/denying it always or just this one time. If you don’t know what the program is, deny it.

If you are using Linux as your OS base and want a personal firewall, there’s Firestarter (http://www.fs-security.com/). Firestarter is an Open Source visual firewall program. The software aims to combine ease of use with powerful features, therefore serving both Linux desktop users and system administrators. Firestarter has an impressive list of features including user friendly, easy to use, graphical interface, setup wizard, real-time firewall event monitor, whitelist and blacklist capability, and support for 2.4 and 2.6 Linux kernels.

WIRELESS

Going wireless at home has gotten extremely cheap and extremely easy. The average Joe Six-pack can go down to Best Buy or Circuit City, buy a complete Linksys home wireless kit for about $75. In about 10 minutes, he is accessing the Internet.. So is the geek kid down the street who has nothing better to do than war walk/drive the neighborhood. The default configuration of most of wireless gear sold today is configured for rapid, easy setup. It’s also horribly insecure.

WEP (Wired Equivalent Privacy) is not secure but it’s still better than being wide open to the world. All wireless gear has a default SSID (Service Set Identifier). Change the SSID on the access point and the wireless cards you use at home. Select an SSID that has nothing to do with your name, street location, spouse/SO/companion, dog/cat/pet, children, sports team, college, favorite color, etc. Change the configuration on the WAP to NOT broadcast the SSID. Next, select a WEP encryption key along the same guidelines as selecting an SSID. Furthermore, don’t pick a WEP key that has any relationship to the SSID. Wireless access points all have an administrator account that is usually accessed via a web browser. Just as the there is a default SSID, there’s also a default password for the WAP’s administrator account. Select a suitable password for the account and record it in a secure place (see Password Safe above). If your WAP supports MAC address filtering, implement it. Don’t put the WAP near an outside wall. This only makes it easier for war walkers/drivers to home in on your signal. Place the unit as close as possible to the center of house. If your WAP allows you adjust the radiated power, turn the power down. There’s no need act as an access portal for the whole neighborhood. Finally, do some war walking yourself. The purpose of this is neither nefarious nor altruistic but rather to map the wireless landscape in case you start having trouble.

LAPTOPS

At one point in time, you couldn’t pick up a newspaper without hearing about some important official’s laptop being stolen. A case in point was Irwin Jacobs, CEO of Qualcomm. The laptop contained highly sensitive data that could be of great value to foreign governments. At the time, Qualcomm was in negotiations with several of China's telecomm providers.

Most of the things that you can do to secure a laptop don’t involve super-duper high tech gizmos. Rather they are simple common sense things. Keep the laptop out of sight. If criminals don’t see the laptop, they won’t know it’s a prospect for theft. Use an inconspicuous carrying case. A real tipoff to ripoff artist is a nice Targus laptop carrying case. An appropriately padded school bag or backpack will do just as good a job of physically protecting the laptop while being less conspicuous. Treat the laptop like your wallet and keep it close at hand. Label and tag just anything that can be labeled and tagged. Hide a few labels in inconspicuous places. This can speed the return of the laptop if it’s recovered. Set a BIOS password. If the very first thing a thief sees when they turn on a machine is "Please enter boot password: " they'll know that they are in for a load of trouble. Removing a password-protected BIOS and boot-sequence is a risky and time-consuming procedure that is a recipe for disaster. Only the most dedicated of criminals are willing to go down this road.

GENERAL RECOMMENDATION

What’s the best way to secure a personal computer? When it’s not in use, turn it off. This is especially true with any “always on” connection. Not only will you be securing the computer from breakins, you’ll cut down your monthly electric bill and cut down on the increase in green house gasses that are certain to turn out planet into the same hellish dust bowl that Venus is. Get a power strip and hook the PC, monitor, DSL/cable modem, and Wireless Access Point into it. By hooking everything into a power strip you not only cut off access to the PC but also cut off access to the Internet via with WAP when you turn everything off via the power strip.

CONCLUSION

That’s basically it. None of this stuff is particularly hard or difficult. Some of it takes a bit of work. Other parts take training and discipline, like not opening emails with subjects like “Really Cook Pics, Dude” or click on suspect URLs.

REFERENCES

1. When Willie Sutton was asked why he robbed banks, he replied, “Because that's where the money is."

LINKS OF INTEREST

http://www.knoppix.org/

http://www.mozilla.org/products/firefox/

http://www.opera.com

http://passwordsafe.sourceforge.net/

http://www.mozilla.org/products/thunderbird/

http://www.eudora.com/

http://www.lavasoftusa.com/software/adaware/

http://www.safer-networking.org/en/index.html

http://www.zonelabs.com

http://www.fs-security.com/

Return to Home Map and Directions Member Services Schedule of Talks Mailing Lists SIGs Roadmap to Wiki Free Books Membership/Individual Benefits Membership/Corporate Roster Benefits Organization Bylaws Policies Officers Other Talk Suggestions Volunteer! Member Blogs Member Profiles Historical Archives Newsletter Audio of Meetings Webmaster
	Top . Main . Jan06Presentation	Recent Changes Printable View Page History Edit Page
	Content Last Modified on January 16, 2009, at 04:11 PM CST And Now For Something Completely Different… by Gary Smith INTRODUCTION Maybe you’ve caught one of those new AOL commercials on TV. There are several different ones populating the airwaves right now. Each commercial is made of vignettes of ordinary Joes and Janes talking about very evil things that they want to have happen to their personal computers. The evil things range from “giving virus’s to all my friends” to “somebody stealing all my personal data” to “frying my disk drive like a mozzarella cheese stick.” My personal favorite is this chap saying he “wants his hard drive to make the sound of a Yeti.” For some reason they don’t have somebody wishing their personal computer gets turned into a zombie to do mass mailings of spam or warez site for games or pornography. AOL's well taken point is that personal computer owners are not as well protected as they think they are. Isn’t that ever the truth? In a recent test, a freshly installed Windows XP system was hacked in 20 minutes, far less than the time to download and install the patches to keep such things from happening. AOL is being the public-spirited mega-corporation and giving away free virus protection to all its users. They’re also hoping to get people to ditch their current ISP in favor of AOL because AOL “is building a better Internet.” What AOL is inadvertently doing is lulling people into a false sense of security by providing them with free anti-virus software in much that same way that once-upon-a-time CEOs were lulled into an equally false sense of security if they had a firewall. What can the personal computer user to make their system safe, or at the very least, safer? Here are some things that the personal computer user can do to practice safe HEX. THE GOLDEN PRINCIPLES OF SECURITY As a quick review, here are The Golden Principles of Security: Know your system Principle of Least Privilege Defense In Depth Protection is key but detection is a must. Know Your Enemy CONSIDER THE ALTERNATIVES As mentioned above, a fresh install of Windows XP lasted 20 minutes before it was compromised. That’s not enough time to download the patches from the Internet to secure it and install them. On the other hand, installs of recent Linux distributions have lasted weeks to even months before being compromised. While this does speak highly of how resilient recent Linux distributions have become, it should not be taken as a demonstrable proof that Linux is more secure that Windows. There is still the “Willie Sutton Effect” [1] to consider. So, consider some of the alternative possibilities for operating systems instead of Windows such running Linux or buying an Apple Macintosh running Mac OS X. Desktop versions of Linux incorporating KDE and OpenOffice.org have made tremendous strides in a very short time. For all but the some of more exotic documents, these productivity suites are more than enough for the casual user. OpenOffice.org will soon be releasing version 2.0 of its popular suite of tools. This may serve to convince some holdouts that alternatives are worth considering. Regardless of which OS you pick, check for updates on a regular basis and evaluate what updates are available for installation before installing anything. If you are stuck using a Windows operating system, consider renaming “command.com” and “cmd.exe” to something that is not obvious. This will lessen the likelihood an attacker can get a command shell. BACKUP / RESTORE One of the most neglected items in security is backups. As it has been said about voting in old Chicago and Louisiana, “Vote early and vote often,” the same can be said about backups, i.e., “Backup early and backup often.” In theory, you should do a backup before applying any software updates or installing or updating a program. Even people who do backups are not often that diligent. However, having a backup of the system can get you past many problems, not just those associated with hackers, i.e., updates that don’t work. Disks, tapes, and CD/DVD devices and media have gotten incredibly cheap. Select a backup media that fits your situation. Keep an off-site backup of your system. One way to do this is partner with a friend or co-worker on maintaining off-site backups. It is not a good idea to partner with a next door neighbor. A frequent mistake people make when doing backups is becoming overly concerned with a backup of the system-level files and neglecting the user data, i.e., mail folders, documents, spread sheets, charts, graphs, etc. Keep separate backups of the system-level files and the user data. Don’t keep old backups around, especially CD/DVD media. You can microwave CD/DVD or cut them up. Once you’ve decided how often to do backups and what media to use, the mechanism to do backups is next most important selection to make. While there are many options on Unix/Linux systems (dd, tar, cpio, dump, dar, Kdar), easily obtainable backup solutions for Windows are more problematical, especially where “The Registry” is concerned. One way to get around this without resorting to costly backup solutions or uncertain “shareware” programs is using a Linux on-a-CD distribution such as Knoppix (http://www.knoppix.org/) One of the strengths of Knoppix is its ability to read NTFS volumes. Thus, all the hive files that make up “The Registry” can be read and backed up. Also, since the NTFS volumes are quiescent, there are no worries about being unable to backup open files. The ultimate test of a backup strategy is restoring a file or files. There are many apocryphal tales of sysadmins who have faithfully backed-up file systems for years only to discover that restoration was impossible when it finally came to restore files. Test your backup strategy by doing a restore before it the crunch time comes. BROWSERS To paraphrase former First Lady Nancy Reagan, “Just say ‘NO’ to Internet Explorer.” There are free alternatives to IE such as Firefox (http://www.mozilla.org/products/firefox/) and Opera (http://www.opera.com) that provide a higher degree of security and a much more pleasurable browsing experience than IE. Configure your browser to purge cookies and the cache on exit. If you are really paranoid, also configure it to purge the history on exit as well. Limit the amount of applets you use within the browser to the absolute minimum. A handy feature to use as a security is the “mouse over” feature of a browser. Put the mouse over a URL and make sure the URL is going to take you where you want to go and not someplace else. APPLICATIONS Oh we love our applications, don’t we? There’s all kinds of wonderful programs out there for free to make out computing experience much more enjoyable. The problem is they can also make someone else’s computing experience more enjoyable too. If you don’t need it don’t install it. One of rules of fashion is “If you haven’t worn it in two years, discard it.” We need some similar heuristic for programs on personal computers. Slowly but surely all the disk space gets eaten up by programs we thought were cute (along with any associated .dll files they come with) just as out closets get overrun with pieces of apparel we thought were cute. If you’re not using the program(s), get rid of them. If you are using the programs, be on the lookout for updates. PASSWORDS Once upon a time, it was easy to remember passwords because you had one or at most two to remember. That’s not true anymore. Some people resort to using trivial passwords or the same trivial password for all their electronic transactions. Others resort to writing them down on a piece of paper and keeping it in their wallet/purse/briefcase. A better technique is to use a program like Password Safe (http://passwordsafe.sourceforge.net/) to keep passwords in a secure vault. Password Safe is a tool that allows you to have a different password for all the different programs and websites that you deal with, without actually having to remember all those usernames and passwords. Password Safe runs on PCs ? under Windows (95/98/NT/2000/XP). Versions for Unix/Linux are also available. Don’t reuse passwords for anything that is important or your care about. Using the same trivial password for reading newspapers or other low risk sites is OK. In general, guard passwords like you would your money. Don’t stick them under your mattress. EMAIL If you can get away from Outlook and Outlook express, follow Nike’s advice and “Just do it.” Alternatives like Thunderbird (http://www.mozilla.org/products/thunderbird/) and Eudora (http://www.eudora.com/) are better alternatives to the Outlook twins. If you are stuck using Outlook, enable macro virus protection. For Office 2000, turn the security level to "high" and don't trust any received files unless you have to. Turn off the "hide file extensions for known file types" option. This option allows Trojan horses to masquerade as other types of files. Uninstall the Windows Scripting Host if you can live without it. If you must have the Windows Scripting Host, change your file associations, If you must have the Windows Scripting Host, change your file associations, so that script files aren't automatically sent to the Scripting Host if you double-click them. Install an anti-spam plug-in like SpamBayes (http://spambayes.sourceforge.net/windows.html) for Outlook and train it to can your spam. And speaking of spam and training, train yourself to delete possible spam without reading it. Don’t automatically assume that “From” addresses are correct. ANTI-VIRUS AND ANTI-SPYWARE AOL is giving anti-virus to all its subscribers. If they think it’s a good idea, it must be a good idea. If you don’t already have anti-virus software, get it and use it. Make it a regular habit to download the updates to the anti-virus signatures. AOL isn’t giving anti-spyware to all its subscribers. That doesn’t mean it’s not a good idea. Two good, free anti-spyware programs are Ad-aware SE (http://www.lavasoftusa.com/software/adaware/) and Spybot Search and Destroy (http://www.safer-networking.org/en/index.html). As with anti-virus software, make it a regular habit to check for and download the updates. When I go hunting for spyware, I run Ad-ware first and follow that with Spybot. On the first pass, you might consider running Ad-aware, Spybot, and Ad-aware again. FIREWALLS Firewalls for home use have gotten to the appliance stage just as the ones for the big boys. You can pick up a Linksys broadband router/firewall for about $50. The reason for buying one of these little jewels is the builtin firewall that includes Network Address Translation. Using one these types of devices between you and the Internet gives you a barrier to hide behind. The nice thing about most of these devices is their default mode is block incoming connections. Also use a personal firewall line the personal version of ZoneAlarm (http://www.zonelabs.com). In a manner similar to SpamBayes, you train ZoneAlarm to what is good and bad on your system. When a new program tries to access the Internet from your system, ZoneAlarm asks you if you want to allow or deny this operation. You also have the option of allowing/denying it always or just this one time. If you don’t know what the program is, deny it. If you are using Linux as your OS base and want a personal firewall, there’s Firestarter (http://www.fs-security.com/). Firestarter is an Open Source visual firewall program. The software aims to combine ease of use with powerful features, therefore serving both Linux desktop users and system administrators. Firestarter has an impressive list of features including user friendly, easy to use, graphical interface, setup wizard, real-time firewall event monitor, whitelist and blacklist capability, and support for 2.4 and 2.6 Linux kernels. WIRELESS Going wireless at home has gotten extremely cheap and extremely easy. The average Joe Six-pack can go down to Best Buy or Circuit City, buy a complete Linksys home wireless kit for about $75. In about 10 minutes, he is accessing the Internet.. So is the geek kid down the street who has nothing better to do than war walk/drive the neighborhood. The default configuration of most of wireless gear sold today is configured for rapid, easy setup. It’s also horribly insecure. WEP (Wired Equivalent Privacy) is not secure but it’s still better than being wide open to the world. All wireless gear has a default SSID (Service Set Identifier). Change the SSID on the access point and the wireless cards you use at home. Select an SSID that has nothing to do with your name, street location, spouse/SO/companion, dog/cat/pet, children, sports team, college, favorite color, etc. Change the configuration on the WAP to NOT broadcast the SSID. Next, select a WEP encryption key along the same guidelines as selecting an SSID. Furthermore, don’t pick a WEP key that has any relationship to the SSID. Wireless access points all have an administrator account that is usually accessed via a web browser. Just as the there is a default SSID, there’s also a default password for the WAP’s administrator account. Select a suitable password for the account and record it in a secure place (see Password Safe above). If your WAP supports MAC address filtering, implement it. Don’t put the WAP near an outside wall. This only makes it easier for war walkers/drivers to home in on your signal. Place the unit as close as possible to the center of house. If your WAP allows you adjust the radiated power, turn the power down. There’s no need act as an access portal for the whole neighborhood. Finally, do some war walking yourself. The purpose of this is neither nefarious nor altruistic but rather to map the wireless landscape in case you start having trouble. LAPTOPS At one point in time, you couldn’t pick up a newspaper without hearing about some important official’s laptop being stolen. A case in point was Irwin Jacobs, CEO of Qualcomm. The laptop contained highly sensitive data that could be of great value to foreign governments. At the time, Qualcomm was in negotiations with several of China's telecomm providers. Most of the things that you can do to secure a laptop don’t involve super-duper high tech gizmos. Rather they are simple common sense things. Keep the laptop out of sight. If criminals don’t see the laptop, they won’t know it’s a prospect for theft. Use an inconspicuous carrying case. A real tipoff to ripoff artist is a nice Targus laptop carrying case. An appropriately padded school bag or backpack will do just as good a job of physically protecting the laptop while being less conspicuous. Treat the laptop like your wallet and keep it close at hand. Label and tag just anything that can be labeled and tagged. Hide a few labels in inconspicuous places. This can speed the return of the laptop if it’s recovered. Set a BIOS password. If the very first thing a thief sees when they turn on a machine is "Please enter boot password: " they'll know that they are in for a load of trouble. Removing a password-protected BIOS and boot-sequence is a risky and time-consuming procedure that is a recipe for disaster. Only the most dedicated of criminals are willing to go down this road. GENERAL RECOMMENDATION What’s the best way to secure a personal computer? When it’s not in use, turn it off. This is especially true with any “always on” connection. Not only will you be securing the computer from breakins, you’ll cut down your monthly electric bill and cut down on the increase in green house gasses that are certain to turn out planet into the same hellish dust bowl that Venus is. Get a power strip and hook the PC, monitor, DSL/cable modem, and Wireless Access Point into it. By hooking everything into a power strip you not only cut off access to the PC but also cut off access to the Internet via with WAP when you turn everything off via the power strip. CONCLUSION That’s basically it. None of this stuff is particularly hard or difficult. Some of it takes a bit of work. Other parts take training and discipline, like not opening emails with subjects like “Really Cook Pics, Dude” or click on suspect URLs. REFERENCES 1. When Willie Sutton was asked why he robbed banks, he replied, “Because that's where the money is." LINKS OF INTEREST http://www.knoppix.org/ http://www.mozilla.org/products/firefox/ http://www.opera.com http://passwordsafe.sourceforge.net/ http://www.mozilla.org/products/thunderbird/ http://www.eudora.com/ http://www.lavasoftusa.com/software/adaware/ http://www.safer-networking.org/en/index.html http://www.zonelabs.com http://www.fs-security.com/
WikiHelp	Recent Changes Printable View Page History Edit Page