What Security for you PC/Lan do you implement?

[vlada]

Just thought I'd open up a discussion about some of the strategies people use to secure their networks/PCS.

I read a VERY heated debate (on another forum) which I hope would not happen here, about whats best, whats irrelevant. too many "I've got the biggest ... " on the internet these days.

Recently I had an older family member that had issues. Now putting that into context, this family member, uses the web and e-mail has a life and has no interest or desire to be a security guru. (of which I believe the masses also fall into this category) so perhaps collectively we could get a bit of a "what to do" going.

This is not aimed at corporate networks, but more home network, perhaps erring on the side of what "elderly people" should be looking at.

Personally I think at minimum

A firewall
A A/V program
A Malware detection program

(which I am sure 99.9%) have/use/implement.

Some of the things that are interesting (and very common knowledge)
include

egress filtering (stopping things going out of the lan from clients)
Having dummy administrator accounts
Using VM's
Having incoming and outgoing firewalls (two - man in the middle detection)
Preventing certain services for running
Port blocking

So what tips/tricks do you think are worth further investigation/or you implement and believe in?

edit: I'll be putting up a few ebooks, if anyone shows interest.... (i just have to find them.. been months)

I am absolutely sure that NOD32 is the best antivirus program on the market. It is cheaper than Kaspersky Antivirus Software but it has the same efficiency. And it never slows down the computer.

[z1gg33]

yeah you might be right. going by these stats, they seem to all be within a few % of each other (never trust a stat!) I think the source is independent but I am not 100% sure. then it becomes a personal preference thing

[admin]

I am absolutely sure that NOD32 is the best antivirus program on the market. It is cheaper than Kaspersky Antivirus Software but it has the same efficiency. And it never slows down the computer.

Vlada, I have noticed you have posted Kaspersky slows down your computer in numerous posts today. Ever thought it might just be your computer or set up ?

I am running Kaspersky Internet Security on a pissy little netbook with a 1.6 gig Atom processor running Windows 7 and its not slowing down my computer. I am typing on it now.

[z1gg33]

their has been a massive increase in "how to secure you wifi" over the last few weeks. And pretty much all of them are like this (in one way or another)... just cut and pasting the top 8.

"Here are some tips to keep yourself protected.
#

1 Use a router for any internet connection (other than dialup). Be sure to keep updated the firmware on your router to the latest from the manufacturer. A router uses something called NAT (Network Address Translation) that works fairly similar to a firewall - however this is more like a firewall. NAT in most cases will not allow ports to be scanned & forwarded behind it. Also, the router will be your external IP address leaving your computer on an internal IP address. If ports on your router are not forwarded to your internal IP addresses (usually 192.168.*.* type of address) then a hacker on the internet will have a lot of difficulty scanning your computer. They will merely scan a router which in most cases is rather "stupid" and very hard to attack.
#
2 Keep your operating system updated. For Windows, Mac, Linux, and Unix users, always install the latest updates.
#
3 A soft firewall is always recommended. This would be considered a firewall on the system you use. This is where you computer is basically asking you permission to install certain pieces of software along with asking if you want to allow certain connections on your computer. Again, a router will help you avoid a ton of mischief from hackers. This is more or less fail safe.
#
4 Make all of your passwords HARD, with letters, numbers and symbols. Make them at least 20 characters long. Do not include the names of your kids, dogs. Never make them just common words. A good example would be: MrTsayshackersarefools33@3
#
5 If you run a wireless network, always use WPA or WPA2 security. Again, make your password at least 20 characters including letters, numbers, and symbols. DO NOT SKIMP on wifi passwords.
#
6 Install a good virus scanner and spyware scanner if running any type of Windows. It is also wise to install virus and spyware scanners on Macs. Linux and Unix systems typically do not get spyware or viruses. Remember, a virus/spyware scanner will do you NO good if you do not update it frequently. Viruses and spyware are literally released daily.
#
7 Using web access email is always the safest. Free email accounts such as Yahoo, Gmail, or Hotmail always keep high levels of security on their sites. Also, always be very weary of any email you get that tells you to click links (Paypal for example). Hackers can make very good copies of websites like Paypal (including logos & design) and spam you. You click thinking you are at Paypal, put in your user name and password, and the hacker then has your user name & password. If you get an email from sources like your bank account, Paypal, Ebay etc., open a clean browser go directly to the site, and log in.
#
8 Do not keep entire hard drives open to sharing especially on networks that have several people. If its a simple home network where everybody is trusted, it's great to just have a folder available to share just in case you are compromised from the outside. "


not that I need to, or am saying it should be done. But encryption is another thing that depending on your circumstances might be worth a think about. For home users its probably overkill and only really prevents data theft not pwning a connection

I have also just for the fun of it been thinking about maybe something like

[wog]

their has been a massive increase in "how to secure you wifi" over the last few weeks. And pretty much all of them are like this (in one way or another)... just cut and pasting the top 8.

"Here are some tips to keep yourself protected.
#

1 Use a router for any internet connection (other than dialup). Be sure to keep updated the firmware on your router to the latest from the manufacturer. A router uses something called NAT (Network Address Translation) that works fairly similar to a firewall - however this is more like a firewall. NAT in most cases will not allow ports to be scanned & forwarded behind it. Also, the router will be your external IP address leaving your computer on an internal IP address. If ports on your router are not forwarded to your internal IP addresses (usually 192.168.*.* type of address) then a hacker on the internet will have a lot of difficulty scanning your computer. They will merely scan a router which in most cases is rather "stupid" and very hard to attack.
#
2 Keep your operating system updated. For Windows, Mac, Linux, and Unix users, always install the latest updates.
#
3 A soft firewall is always recommended. This would be considered a firewall on the system you use. This is where you computer is basically asking you permission to install certain pieces of software along with asking if you want to allow certain connections on your computer. Again, a router will help you avoid a ton of mischief from hackers. This is more or less fail safe.
#
4 Make all of your passwords HARD, with letters, numbers and symbols. Make them at least 20 characters long. Do not include the names of your kids, dogs. Never make them just common words. A good example would be: MrTsayshackersarefools33@3
#
5 If you run a wireless network, always use WPA or WPA2 security. Again, make your password at least 20 characters including letters, numbers, and symbols. DO NOT SKIMP on wifi passwords.
#
6 Install a good virus scanner and spyware scanner if running any type of Windows. It is also wise to install virus and spyware scanners on Macs. Linux and Unix systems typically do not get spyware or viruses. Remember, a virus/spyware scanner will do you NO good if you do not update it frequently. Viruses and spyware are literally released daily.
#
7 Using web access email is always the safest. Free email accounts such as Yahoo, Gmail, or Hotmail always keep high levels of security on their sites. Also, always be very weary of any email you get that tells you to click links (Paypal for example). Hackers can make very good copies of websites like Paypal (including logos & design) and spam you. You click thinking you are at Paypal, put in your user name and password, and the hacker then has your user name & password. If you get an email from sources like your bank account, Paypal, Ebay etc., open a clean browser go directly to the site, and log in.
#
8 Do not keep entire hard drives open to sharing especially on networks that have several people. If its a simple home network where everybody is trusted, it's great to just have a folder available to share just in case you are compromised from the outside. "


not that I need to, or am saying it should be done. But encryption is another thing that depending on your circumstances might be worth a think about. For home users its probably overkill and only really prevents data theft not pwning a connection

I have also just for the fun of it been thinking about maybe something like

wifi is simple... get a router... only allow a certain number of MAC addresses to connect turn off DHCP
passwords are always good to have very strong ones.