The Broadband Guide
SG
search advanced

General Security Guide

2003-02-12 (updated: 2019-06-29) by

Introduction

Let's start with the basic presumption that no system is completely secure. The only way to secure your system completely is by turning it off, locking it in a safe and throwing away the key... The only way you can completely prevent remote exploits is to disconnect from the network. All Operating Systems have some security flaws, with the more complex OSes having more potential vulnerabilities.

Keeping that in mind, we can come very close to a completely secure level and still maintain a working system by following a few basic principles, described bellow.


General Guidelines

1. Don't turn on services you don't need.
Turning off services you don't use is common sense, it can reduce resource utilization of your system and prevent many attack vectors, especially with networked services. File and Print Sharing is probably the single most common Windows security vulnerability - don't use it unless you really need it, as any compromised device on the network can potentially infect your PC, or steal browser-cached passwords, etc. You can check if it's turned on in Windows OSes under Control Panel > Network > File and Print Sharing. If, on the other hand you have a LAN and need to share files, follow the guidelines below:

Turn access on just for the necessary directories/drives and make it read-only.
Use strong passwords for all your shares.
Make sure that the Windows Firewall is running
Maintain all the clients on your network so that they are not compromised, and educate other users, including kids how to protect themselves from malicious software.

2. Use strong passwords - whenever you use passwords, being an online banking interface, network share or even a forum, common sense dictates you should make them hard to guess/crack. Although some of the suggestions below might seem trivial, they are not followed by many users and it might be a huge security risk. Use the following guidelines with passwords:

Use both lower and upper case letters use some non-alphanumeric characters in passwords.
Don't base your passwords on a dictionary word, name, place or date
Use long passwords
Use different passwords for different places.

3. Stay current with updates - download and install all available security patches for your OS, as well as new anti-virus definitions, etc. Windows-based computers should have the latest service pack installed. Also check the Windows settings to make sure Updates are turned on (or check for updates periodically).

4. Use the encryption available to you - FTP/SMTP/HTTP and many other protocols widely used on the Internet transmit information in ASCII (clear text). What that means is, all information transferred to/from servers, including your passwords is transmitted in clear text, and is readily available to any network device it passes through to get to its destination. It is always prudent to use the secure variations of those protocols to avoid personal information being transmitted unencryted. Using a VPN service can also help with that.


Multi-Layered Security Approach

1. Hardware Firewall ( and/or optional software firewall)
Firewalls basically filters all network traffic (incoming and outgoing), block ports and inspect packets in order to protect your PC or LAN from unauthorized entries. Some firewall solutions include additional functionality that allows you to detect and gather information about any intrusions. There are different types of firewalls of different complexities, however most of them allow for you to close unused ports from being accessed externally. Computers with always-on Cable Modem, DSL or similar broadband connections to the Internet have nearly static IP addresses and are online most of the time, which by itself increases the security risks and justifies using a firewall for protection. Fortunately, most current Cable/DSL modems provide NAT, and some basic firewall capabilities already. Combined with a software firewall as included with most modern OSes (Linux, Mac OS-X, Windows), this is usually enough for residential firewall protection. For business use, the additional administration of a dedicated hardware firewall may be justified. For reference, some established brand names are SonicWall, ZyXEL, ZoneAlarm, BlackICE, as well as some open source solutions like PFsense, etc.

2. Anti-Virus Software - Viruses, trojan horses and other types of malware have become more common simply because of people's ignorance and PCs being interconnected in a network, communicating with each other much more easily. Some viruses have caused havoc on the Internet, spreading with alarming rates through email or other similar means. Installing a good Anti-virus software (and maintaining virus-definitions current) is a must, or you are bound to become a victim of some virus/trojan horse at some point in time. With Windows 7,8,10, the default Windows Defender anti-virus included with the OS does a fairly good job of keeping the system secure, the software has improved tremendously over the years, and it has low resource utilization unlike some other commercially available anti-virus products that try to take over every aspect of your online experience (including web browsing, email, etc.) I'd recommend sticking with the Microsoft solution, or using one of the leading products that does not slow-down your PC, it is easy and seamless to use. Efficiency and fast response to new threats are the key issues that differentiate some of the leading products.

3. Anti-Malware Software - your every action online could be recorded without your knowledge. Browser hijacks, third-party software that steals passwords, trojans that infect BIOSes, it is all out there.

The issue is often found with third-world countries where people try to make money by stealing user data, showing you a few ads, or even companies paying for, and trying to collect consumer information, demographics, or in some cases personally identifiable information about users. It's most often accomplished through malicious software, browser extensions, or other type of malware usually installed without user knowledge or consent. Collected personal information can be potentially sold, combined with other databases, rehashed by computer algorithms to build up profiles of individual web users, often for direct marketing purposes. It might sound like Sci-Fi to the uninitiated, but it is real, and it is happening every day online. Your privacy is being invaded.

For anti-spyware software solutions, you might want to look up: Malwarebytes Antimalware, Gibson Research OptOut, SpyCop, WinTasks Pro, etc.

Many such anti-spyware programs block advertisements on websites as side-effect of protecting your privacy.... I'd also like to bring up the fact that not all advertising is evil. Many websites, including ours rely on banner advertising as a source of revenue, the bandwidth used in serving you with free information costs money and it is paid for by advertising. Blocking ALL ads just hurts independent websites sponsored by banner advertising.


Conclusion

One should be aware of all the major security threats, especially when connected to a large network, such as the Internet. With all the above precautions in mind, the Internet can be a fun, and a much safer place to explore ;)


See Also

VPN Protocols Explained and Compared
How to Secure your Wireless Network


  User Reviews/Comments:
    rate:
   avg:
by Mister4x4 - 2007-03-20 14:25
Good information to be had here. These are the fundamentals... from 2003 - which most still ring true for the most part.

But! Ya might want to update this FAQ a little - NetBEUI is not a common protocol to be used on today's faster gear and/or OSs.
by Ravinder - 2007-06-27 09:30
This information is excellent for new bibes who are entering in the IT field..
by ebud - 2011-01-13 19:54
hi thanx for this article.
I'd like to know if I'm ok just by using Windows' Firewall, Windows Defender and avast! AV?
I heard Windows' Firewall wasn't great, though It's been 2 years that I'm using it (under Vista Home Premium) with my labtop and nothing bad happenned yet...
I forgot to say that since I started doing P2P, I'm using Peerblock ( an IP blocker ) as well, everytime I'm on the Internet
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About