1. Install Anti-virus Software
Viruses, not hackers, are the most common cause
of data-loss. Anti-virus software will detect and remove viruses as well as
other malicious programs which may attempt to send personal data across the
internet.
The most popular anti-virus programs are:
Popularity does not equal quality, however. NOD-32, F-Protect, Kaspersky, and
Norton Antivirus are all good choices for anti-virus use. Norton Antivirus is
the most expensive choice, and significantly slows down older computers.
F-Protect is a good choice for institutions, where a
yearly
license is only $40 USD per year, for up to 20 PCs (or 26 PCs for
educational institutions).
Trend Micro provides a free internet-based
virus scanner, House
Call. This is good for manual scanning of PCs, but this on-line scanner does
not provide real-time detection and removal of viruses.
2. Get a Personal Firewall
A Personal firewall protects people on the
internet from accessing your computer. It thwarts external hacking attempts, and
also controls which of your software can access the internet.
ZoneAlarm
Pro is the most highly recommended firewall software. It is fast, effective,
and reliable. Symantec sells a similar program called
Norton
Internet Security, however it tends to cause a noticeable internet access
speed reduction.
Note that the built-in firewall in Windows XP
does not provide adequate protection against internal programs trying to
transmit private data over the internet.
3. Do not give out confidential information
The most common way to lose confidential
information is by being tricked into giving it away. Infamous hacker Kevin
Mitnick gained access to secret data by calling company employees and
impersonating as a network administrator.
Never give information over the phone, to
anyone. A common scam is for telemarketers to ask to "verify" the credit card
number, and read the first two digits of the credit card, and ask the victim to
recite the rest. However, if the scammer finds out what credit card the person
has, then they already know the first two digits of the credit card number.
Likewise do not give out billing information
over the phone to callers. The best policy is to refuse calls from people saying
they represent your credit card company (etc). Simply end the call, and call the
official number printed on your credit-card, invoice, etc....
4. Get a Hardware firewall
A hardware firewall works similarly to
personal firewall software, but it provides a layer of physical
protection for your computers. The hardware firewall sits between the
internet and your computers.
The simplest type of hardware firewalls
are built into DSL/Cable Internet Routers. These typically cost less
than $200 and make your computers invisible from the internet.
5. Use passwords of at least 16
characters
Short passwords represent an easy
target for hackers, who can use brute force calculations to discover the
correct password. A short password can be hacked in as little as a few
seconds.
Additionally one should not use a
single word or a commonly used combination of words, since hackers
routinely use automated dictionaries to discover a password.
Ideally a password should be at least
16 characters long, include numbers, uppercase letters, lowercase
letters. It should be either a randomly calculated password, or obscure
enough to not be discovered through dictionary techniques.
6. Use a login password
Windows XP defaults to automatically
logging in the main user of the computer. It is recommended to disable
automatic login so that whenever the computer is turned on a password
will be required to login to windows.
Note that the login "password" of
Windows 95, 98 and Me are useless against hackers. Only Windows NT,
2000, and XP provide enough security to thwart an in-person hack
attempt.
7. Keep passwords off the PC
Do not keep passwords stored on a PC.
Ideally the passwords should be written down and stored in a location
that can not be easily discovered.
Counterpane Labs provides a program
called
Password Safe, which allows the user to keep a list of passwords on
the computer. Password Safe encrypts the list of passwords so that they
can not be easily stolen.
8. Encrypt ZIP files and other
documents when storing and transmitting data.
One should encrypt any confidential
files that might accidentally fall into the wrong hands. For example, a
ZIP file emailed to another person should be encrypted with a password.
Use the password guidelines in #5 to
create a well-protected encrypted file. The password should not
be emailed to the intended recipient. Instead the password should be
communicated by postal mail or over the telephone. Then when the e-mail
with the encrypted ZIP file arrives, the recipient will be able to
decrypt it safely.
See number 15 below for a more modern method of encrypted email
communication.
9. Use Encrypting File System
Windows 2000 and Windows XP
Professional support the Encrypting File System (EFS). EFS provides an
additional level of security.
EFS primarily protects against theft of the physical Hard Drive and
protects against unauthorized users from reading sensitive data. Only
the person who wrote the file, and the Administrator, can decrypt the
file.
Note however that walking away from the
computer while logged in will allow EFS files to be decrypted by a
passerby.
10. Make User accounts for publicly accessible PCs.
Windows 2000 and Windows XP support
user accounts. It is recommended that any publicly accessible PC be set
up to use user accounts, rather than the primary Administrator account.
This prevents users from unauthorized
use of the computer (depending on the rules set up for the user
account).
It is also advisable to set up employee
and classroom PCs with user accounts as well.
11. Log off of PC when leaving it
for a few minutes.
The user should log off the PC if the
computer will be left unsupervised. Provided that suggestion #6 has been
followed, this will prevent passersby from accessing the computer.
Forget about screensavers with passwords. These do not provide adequate
security.
12. Test the computer with
Shields Up at GRC.com
Steve Gibson's GRC website provides an easy to use way of checking
the vulnerability of a PC to internet attacks.
Shields Up
will attempt to connect to the PC. This will allow the user to test if
their firewall software or hardware is effectively isolating the
computer from the internet.
13. Use 'UnPNP' on Windows XP
Systems
Steve Gibson has made available a
program that disables a major security hole in Windows XP.
UnPlug n' Pray
is an easy to use tool for turning off Universal Plug & Play. It is
important to turn this off, as 'UPNP' makes a Windows XP system
vulnerable to hijack by hackers and used for 'Denial of Service'
attacks.
14. Disable file & printer sharing
Disable "File & Printer Sharing" on
every computer. Instead of sharing a printer though a PC, use a
dedicated Network Printer Server.
If files have to be shared over the
network, make absolutely certain that the network is protected from the
internet with a physical firewall.
Provide uniform internet access to the
network by allowing only one internet connection method (i.e. a single
shared DSL connection protected by a firewall). Remove any alternative
internet connections, such as dialup modems, which could provide a back
door for data theft.
15. Get free Personal Authentication
Certificates
The best way to secure email
transmissions is by getting authentication certificates. Thawte offers
free
Personal Email Certificates.
A personal email certificate allows the
user to transmit "signed" and "encrypted" email that only the intended
recipient can read.
A signed email verifies that the email
is from the legitimate source (and not an impersonator). A signed email
also prevents email from being altered en-route to the destination. If
an email were altered the recipient would receive a warning message.
An encrypted email goes further, and
actually encrypts the text (and any attachments) so that it can not be
read by a third party on the way to the destination. This is an easier
method to use than Suggestion #8.