|
|
|
|
Security for Home and SOHO Computer Users
|
| Defending the Fortress Your fort is well hidden, until you access the internet. Not hidden at all with a permanent connection (cable/dsl). OK, so people know where your fort is (IP address); now you really should defend your fort. Why? For the same reasons of old. We have a fortress, people want in. They may want to steal, plunder, or just create havoc.  When you are connected to the
Internet, you are a target. Get a shield, become invisible, and make sure your fortress
(computer) is well defended.The weapons have changed, but we are re-living the frontier all over again. Change the words, and we have a situation not unlike it was 200 years ago. Today Unlike the old days where other people did your fighting for you, today you have to fight/fend for yourself. If you don't, you become the victim. We have to build a wall around our fort (firewall), and we have to have a way of checking for illegal entry (anti-virus), or illegal use of our resources (spy and trojan detectors). There is a lot of talk about Virus-checkers and Trojans and Firewalls, to help us defend our fort. Virus checking programs check for viruses by looking at downloaded files, and, usually when a program is executed. Virus-checking programs of today also check for trojans. Some trojans can get past. (Recent test: downloaded 10 trojan programs, well-known virus/trojan-checker missed one [NetbusPro2.1 using an installshield setup]). I could send you an email with a trojan attached and disguised as a screensaver, for instance. Just run it once, and that's it. The trojan is installed on your system. Once the trojan program gets past the anti-virus program, it could be running on your computer forever. So, you also need a program written specifically for trojan detection, such as BOClean or equivalent. Firewalls are not necessarily trojans detectors. Some firewalls are more like trojan port use detectors. A firewall will monitor ports, and based on the rules defined, will let traffic go through or not go through. A firewall may have a built-in port list of known trojan ports, and could alert you to a scan of a known port. Some trojans use known legitimate ports, which may not raise an alarm. If the firewall is configured to block all incoming attempts, no matter what port, it might be better for you. Communications from your computer are usually started by you. That is, out-going. If you have rules which just allow your known applications to access the net (out-going), good. What about a trojan, like sub-seven? It is monitoring a port waiting for an incoming to talk to. Is it a defined application? Does your firewall have default "trusted applications" already set up? One well-known firewall does (huge number of known "trusted applications"). NO! You should only trust the ones YOU have given the OK to, which would be your browser, ftp program, email program, time program, weather program, net tools programs, etc. I think you would find that your daily use application list would be about 20 programs, on average. Also check that your firewall knows if a "trusted application" has been changed or replaced, and, that another program with the same name as a "trusted application" cannot have automatic access. What about double-clicking an URL from Windows Explorer (if you have IE too)? Oops, Windows Explorer is now a server. Integration is great, until it severely compromises security. What about NetBIOS? File sharing on your computer is allowed by default. Turn it off in Network, or use a program which will do it for you, such as ShareClean. Also block the NetBIOS ports at the firewall (ports 135, 137, 138, 139, 445). If you use Internet Explorer, you are so wide open to attack, it is unbelieveable. Nothing is sacred, including your registry. If you must use IE, follow good security practices, setting on High security, warn before cookies and javascript, no java, no flash (a flash creator can create a flash file which could delete everything on your hard drive, for instance), no Activex, no VBS, etc. In other words, err on the side of safety and security. If you really don't care how many times you may have to reformat your hard drive, or who has access to your private files, then why bother about security. Given that a trojan is running on your computer, and you don't know about it. You install a trojan detector/remover. It checks memory and any program which is started when windows boots up. Then it monitors processes for trojan activity or does a scan every 10 seconds. Then it finds a trojan, tells you about it, and cleans it out of the system. This would be good, and there are such programs. One is BOClean, which has about 3 updates a week, on average. Well maintained. Some Spyware also act as trojans, and actually change your winsock, for instance. Of course some viruses change the winsock as well. What to do? Lock the Sock with SockLock! So, now you need a trojan detector, a spyware detector, an anti-virus program, a firewall (not all are created equal), a proxy/filter, a reg run/startup monitor, a VBS interceptor (or just disable MS Scripting Host), a Winsock protector, a Share de-activator, a Browser Helper Object (for IE) manager- - - - - - - - - - - I am amazed at the number of people who have no protection at all. And then, they are bewildered by the fact that their system is unstable, or they have to reformat or re-install Windows, or other people know about their private lives. Know what is going on in the startup areas of the registry and the StartUp folder. Use programs like RegProtect and Startup Monitor. At least you'll get a warning. Make sure you know when a "trusted" internet-capable program is replaced by a trojan. Try using Niscrc, which does MD5 checksums on each program you identify to it. It can be run anytime to check, or set it up to run automatically each time you boot. There are one or two firewalls that do this too. What about visiting a web site - just visiting - and you end up with a HTA script on your computer. For IE users, of course. Use HTAStop - IE people. Come on folks, leave your bubble for a short while and get educated. Addendum - 2002/08/15 Had a look at my firewall log for today and am listing the top (40 or more port scans) ports. I can't believe how many are still Back Orfice scans. 1214 |
10235
|
All rights reserved. IBO
Business.com This page was last updated on 11/12/04. |
