News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About
The Broadband Guide
SG
search advanced
 Username:
 Password:
Register
 forgot your password?

General Security Guide

2003-02-12 10:58 by

Introduction

Let's start with the basic presumption that no system is completely secure. The only way to secure your system completely is by turning it off, locking it in a safe and throwing away the key... The only way you can completely prevent remote exploits is to disconnect from the network. All Operating Systems have some security flaws, with the more complex OSes having more potential vulnerabilities.

Keeping that in mind, we can come very close to a completely secure level and still maintain a working system by following a few basic principles, described bellow.

 

General Guidelines

1. Don't turn on services you don't need.
Turning off services you don't use is simply common sense and can greatly reduce the risks while online. File and Print Sharing is probably the single most common Windows security vulnerability. 
Don't use it unless you really need it. You can check if it's turned on (In Win 9x) under "Control Panel > Network > File and Print Sharing". If, on the other hand you have a LAN and need to share files, follow the guidelines below:

  • Unbind File and Print Sharing and Client for MS Networks from TCP/IP - you will need to check all TCP/IP Entries in "Control Panel > Network".
  • Install NetBEUI and bind File and Print Sharing to it.
  • Turn access on just for the necessary directories/drives and make it read-only.
  • Use strong passwords for all your shares.
  • Install a software/hardware firewall.

2. Use strong passwords - whenever you use paswords, being an online banking interface, network share or even a forum, common sense dictates you should make them hard to guess/crack. Although some of the suggestions below might seem trivial, they are not followed by many users and it might be a huge security risk. Use the following guidelines with passwords:

  • use both lower and upper case letters
  • use some non-alphanumeric characters as well
  • don't base your passwords on a dictionary word, name, place or date.
  • use long passwords
  • use different passwords for different places.

3. Stay current with updates - download and install all available security patches for your OS, as well as new anti-virus definitions, etc. For example, all Windows-based computers should have the latest service pack installed. Also check the Windows Update site on a regular basis (or use automatic updates) for the latest security updates.

4. Use the encryption available to you - FTP/SMTP/HTTP and many other protocols widely used on the Internet transmit information in ASCII (clear text). What that means is, all information transfered to/from servers, including your passwords is transmitted in clear text, and is readily available to any network device it passes through to get to its destination. When possible, use the secure variations of those protocols to avoid personal information being transmitted unencryted.

 

Multi-Layered Security Approach

1. Hardware Firewall ( and/or optional software firewall)
Firewalls basically filters all network traffic, block ports and inspect packets in order to protect your PC or LAN from unauthorized entries. Some firewall solutions include additional functionality that allows you to detect and gather information about any intrusions. There are different types of firewalls of different complexities, however most of them allow for you to close unused ports from being accessed externally. Computers with always-on Cable Modem, DSL or similar broadband connections to the Internet have mostly static IP addresses and are online much longer than those with dialup connections, which by itself increases the security risks and justifies installing a firewall for protection. For reference, some established brandnames are SonicWall, ZyXEL ZyWALL, ZoneAlarm, BlackICE, etc.

2. Anti-Virus Software - with the increasing popularity of the Internet, viruses and trojan horses have become more common simply because of people's ignorance and PCs being interconnected in a network, communicating with each other much more easily. Some viruses have caused havoc on the Internet, spreading with alarming rates through email or other similar means. Installing a good Anti-virus software (and maintaining virus-definitions current) is a must, or you are bound to become a victim of some virus/trojan horse at some point in time. I'd recommend installing one of the leading products, such as Norton Anti-virus for compatability, ease of use, eficiency and fast response to new threats.

3. Anti-Spyware Software - your every action online could be recorded withour your explicit permission ! The least we can do is bring this to your attention, so you have the choice and are well aware before giving away personal information.

The issue begins with marketing, companies trying to collect consumer information, demographics, or in some cases personaly identifiable informaton about users. It's accomplished through their software installing Spyware, or Trojans on your computer, usually without your knowledge or consent, and then forwarding the collected personal  information to their data collection facilities... The gathered information is then potentially being sold and combined with other databases to build up profiles of individual web users, usually for direct marketing purposes.

It might sound like sci-fi to the uninitiated, but it is real, and it is happening every day online. Your privacy is being invaded.

For anti-spyware software solutions, you might want to look up: Lavasoft Ad_Aware, Gibson Research OptOut, SpyCop, WinTasks Pro, etc.

Many such anti-spyware programs block advertisements on websites as side-effect of protecting your privacy.... I'd also like to bring up the fact that not all advertising is evil. Many websites, including ours rely on banner advertising as a source of revenue, the bandwidth used in serving you with free information costs money and it is paid for by advertising. Blocking ALL ads just hurts independent websites sponsored by banner advertising.

 

Conclusion

One should be aware of all the major security threats, especially when connected to a large network, such as the Internet. With all the above precautions in mind, the Internet can be a fun, (almost) safe place to explore ;)

 

  User Reviews/Comments:
    rate:
   avg:
by Mister4x4 - 2007-03-20 14:25
Good information to be had here. These are the fundamentals... from 2003 - which most still ring true for the most part.

But! Ya might want to update this FAQ a little - NetBEUI is not a common protocol to be used on today's faster gear and/or OSs.
by Ravinder - 2007-06-27 09:30
This information is excellent for new bibes who are entering in the IT field..
by ebud - 2011-01-13 19:54
hi thanx for this article.
I'd like to know if I'm ok just by using Windows' Firewall, Windows Defender and avast! AV?
I heard Windows' Firewall wasn't great, though It's been 2 years that I'm using it (under Vista Home Premium) with my labtop and nothing bad happenned yet...
I forgot to say that since I started doing P2P, I'm using Peerblock ( an IP blocker ) as well, everytime I'm on the Internet
comment print discuss top