Bienvenido! - Willkommen! - Welcome!

Bitácora Técnica de Tux&Cía., Santa Cruz de la Sierra, BO
Bitácora Central: Tux&Cía.
Bitácora de Información Avanzada: Tux&Cía.-Información
May the source be with you!

Tuesday, November 4, 2008

Secure networking

Not from me, Source lost!
Any SW (Antivirus, Firewall, AntiMalware/Spywar, etc) is only good if kept up to date and correctly configured and Ports tested.
Try running your normal 'YourName' account with minimal permissions - if you can't install SW without increasing your permissions then neither can most malware Use safe passwords, long passwords are never easy to remember but at least use a mixture of upper and lower case and if possible symbols with numbers.
To secure your PC the best method is to do this from your 'YourName' account.
Rename your Admin account in windows to something like "FirmaAdmin" (only use this account when needed)
  1. Create a new user (limited) account and name it 'NormalUser' (it is not an Administrator with rights!)
  2. In the run box type secpol.msc
  3. Go into password policies and then into Account lockout policy and set the duration to at least 30 mins and the account lockout threshold to 1 invalid attempt.
  4. Go into local policies and then audit policy, choose audit account login events and set it to either sucess or failure
  5. Restart the pc and to check the logs go into computer management event viewer and security, If you see an 'evil hacker person' entry then your system has been compromised.
Use SSL logins always.Use ssl logins in all case's possible like email login or website logins.
DO NOT use Internet Explorer 6!
Most importantly be very careful what you say to people on the internet. Social engineering is often how people guess your password. They do this by finding out your hobbies and interests in what seem to be innocent convos - what might seem like telling a new friend about your stamp collection could be dangerous when your password is 'password' .
Also store all personal items on external drives, that way you can turn them on only when you need them, or alternatively save them to re-writable media.

Wireless networks are NOT secure - even hiding SSID, enabling MAC address filtering and using WPA is not sufficient for a determined hacker. If security is an issue either use copper cable or VPN / encryption.
If you have no reason to use a WiFi connection, disable that option in the router or the laptop.

Do not broadcast your SSID. If the casual hacker does not see your signal, they will not (typically) try to hack your wifi network.

Use at least two different forms of authentication with your WiFi router.
  • MAC Filtering (WiFi and ethernet connections)
  • WEP Keys -- 128-bit or better!
  • WPA/WPA-PSK
Be Paranoid (as first response to anything new) - when an app / java script proves OK then trust it, but not before.
Keep your software and firmware up to date.

Other references:
RFC 1281 Guidelines for the Secure Operation of the Internet
RFC 2196 Site Security Handbook
RFC 2828 Internet Security Glossary

No comments: