Caedis

Well if you think you are, you probably aren't. There is no such thing as “secure” there is only levels of protection. Short of literally unplugging your computer from the Internet and sticking it in a nuclear fallout shelter forever you can not assume your safe at home on your computer. And before you write me off as an alarmist or paranoid, I invite you to check my credentials, the one thing I do best is security. So what's the first step?


Denial

Most people think that because they don't have anything of value on their computer that they are safe. Or more frighteningly, they believe that Norton or Mcafee will save them. The fact of the matter is, you have been lulled into a sense of false confidence by your lack of understanding of how hackers work. A hacker doesn't want to destroy your computer, it's to valuable a asset to him.

Hackers look for computers not necessarily so they can steal your information or “blow up” your hard drive. (Yes I've heard that) Rather, they want to use your computer as a staging point for whatever they decide to do.

Why is hacking profitable?

Hacking wouldn't be as prevalent as it is today if there wasn't money involved. Little kids in their basements messing around eventually have to grow up. What do they do with their talents? Monetize them. Some choose to use this information to make money by stealing your identity, but the real cash comes in when they are able to extort money from businesses. They do this using your little computer.

They first infect your computer in order to make it an unwilling participant in a network of interconnected computers all with the same virus. Your computer then “phones home” to the master server that the virus was programed to use. At which point the master server can tell this massive network of infected computers to do something. “Okay” your thinking, “so what.” This is where it get's interesting. The hacker will come to a gambling site, or a online store of some kind. He will say something like, “If you don't pay me X number of dollars I will take your website down during Black Friday, or during the Superbowl” or whatever date is critical for that businesses' revenue stream. The business either pays the hacker money, or the hacker brings down the business.

When the hacker does this, he uses his master server to talk to all his computer zombies (your computer being part of that army now since you relied on Norton alone to save you) The zombie computers then begin flooding the businesses' website with trash data to clog their Internet connection so much that it literally kills their Internet connection. Taking them offline.

All that mess, because you thought your dusty old computer was of no value, or was protected by simply buying an antivirus program.

Acceptance

Acceptance of this simple fact either comes one of two ways, you listened to me or someone with a similar warning, or you yourself have been a victim of identity theft or had your computer dumped on by a virus. I pray you don't learn the hard way.

What can we do?

You can buy all the software in the world that should make you safe, but if you don't change your habits your only as safe as your software. And last time I checked, software doesn't read your mind. It doesn't know what should and should not be happening in your computer, only you can know that. It can only guess at what is generally a bad thing, not what truly is.

There are a few things you can do to make yourself that much safer online.

1. Never save your passwords

• Saving your password's to websites may seem like a way to make your life easier online, but all it really does is give a hacker an easy way to steal your valuable information. Do you really think that your browser is smarter than a trained hacker? Your passwords are stored in such a way that they have to be accessible in pain text. It's like writing your password down on the side of your mailbox. Eventually someone will see it.
• An alternative is by using Firefox with a “master password” set. This allows you to at least have your passwords hidden beneath a password that someone must know in order to get at your others. The catch is that you must type this password in every time you restart your browser. Also, if you set a trivial password like the name of your dog, or your birth date you'll only be as safe as that trivial master password. So make sure the password you choose is at least 8 characters long, has numbers and letters, has some upper and lower case and possibly a symbol thrown in there for good measure. This way the hacker will get bored before he hits pay dirt.

2. Read emails with “rich text” or “html” off.

• I know, I know, it's dumb, your not downloading anything, and your not going anywhere. Right? WRONG AGAIN! How do you think those flashy images are getting into the email you just opened? Your computer must go to an outside site and actually ask that site for the data. Think that's safe? Sorry, it's not. In fact there was a recent exploit on myspace.com where a hacker bought an advertisement on their website. The advertisement was a carefully crafted image that actually ran a code on the unsuspecting Myspace user's computer, thus, infecting them with a undetectable virus. And by opening every email you see with images enabled, you are easily a prime target for hackers. If you must get images, only view images from companies you trust at the very least.

3. If you have WiFi “Wireless B or G or N”, aka, “Wireless Internet” in your home set a password for it using WPA (Not WEP)

• It's a hassle for visitors, it's this, it's that. You live out in the middle of nowhere, I've heard them all. Fact of the matter is, if someone wants free Internet on your dime, all they need is a laptop and a car. So that narrows it down to, oh, say, 1/3 of the United States. Now, think of all the things you do on your home Internet. You access your bank? Your credit cards? What about your 401k? Your personal Instant messages to that special someone? These and everything else you send over your wireless Internet will be sent as clear as day to anyone with a computer and the will to get it.
• Here's how it all works, your computer literally has a radio strapped to it when you use wireless Internet. Similar to a walkie talkie. So imagine going through every bit of info you type into a website (including the address of the sites themselves) and saying all that information over a walkie talkie. Anyone with a walkie talkie will easily hear it and you are trusting anyone in earshot not to use this free information to go out and buy a car or take out a loan on a new boat. Trust me, the technology is proven, it's easy to accomplish, and it can be done on even a device as small as a Blackberry with WiFi capability.
• Also, make sure you use the WPA standard, Not the WEP standard. It's just just a matter of using a drop down box to select one or the other in most cases.
• If you don't have a clue how to do any of this, get a geeky friend or relative to help you out, if all else fails, hire a technician. If that even fails (and you enjoy feeling pain) call Best Buy's “Geek Squad” or Circuit City's “Firedog”

4. Use Firefox, not Internet Explorer!

• Firefox has a proven track record of security, in addition Firefox has several powerful addons that make browsing the web easier and safer, and don't require a ton of guesswork and geeky know-how. Internet Explorer is much more difficult to configure for security, and just plain doesn't have the security addons that Firefox does. In addition, more exploits are in the wild for Internet Explorer vs Firefox. The hackers do this because they think that people using Internet Explorer are generally less informed about security or don't care about it. And as we discussed, ignorance is no excuse these days. It's only a way to exploit you.

1. Get Firefox
2. Get NoScript after you've installed Firefox and have it running
3. Get Adblock Plus, when you restart Firefox it will ask what service you'd like to subscribe to (it's all free) click “EasyList (USA)” and click ok. This will block banner ads and other ads on websites. You'll notice the difference when you go to a site like Myspace right away. If you want to support OCN though I REALLY recommend you click the ABP Icon and click "Disable on www.overclock.net" the forums are Ad-supported.
4. (Advanced Users Only, or get a nerdy relative) Get CSRF Protector
5. (Advanced Users Only, or get a nerdy relative) Get CS Lite (And disable third party cookies)

• Once you have all the addons above installed you'll have a invisible safety net that extends MUCH further than even the mighty Norton or Mcafee products can provide. And, its all 100% free. Beat that. Also, it will all work without your input, meaning, once it's all installed, you can forget about it. If you run into a site that causes one of these addons to bring up a warning, just steer clear of that site, or that part of that site. Remember, you have to change your habits to be safe, simply dismissing the warning boxes that may come up on different sites will defeat the purpose of all this, because they addons are sending up warning trying to keep you from walking off the cliff, if you ignore that... well... you'll fall of the cliff just the same.

5. Log out of sites when your done by clicking the sites “Logout” link/button

• When you simply close your browser (even Firefox) after being logged into a website, you leave the information that was used to give you access on the computer. This allows you to be exploited by different hackers and scams. Don't become a statistic. When your done you need to actually click the logout link on the page, this deletes your login information so that it can't be used for foul play. It's easy, it's simple, just do it.

6. Never use trivial passwords, always use strong passwords, and don't make things worse by writing down your password and sticking it to your monitor or under your keyboard.

• I don't care if your in your own home, if you have guests over, you are trusting them with your sensitive information when you leave your password out.
• Always make sure your passwords are 8 or more characters long and make sure they have a few numbers, upper and lower case letters, and possibly a symbol thrown in
• Bad passwords: “jenny12”, “041083” (your birthday), ilovespike (your dog), abc123 (your dumb)
• Good passwords: “J3nny!2%243”, “234352Ksj”, “!L0v3sP!ke6334”, “AbC1123.sde234”, or you can go to GRC.com and use the perfect password generator to make passwords. I generally snip off the first 8 characters and use that for things. That way I'm not making up easily guessable passwords, but at least after some practice I can type the random junk in pretty quick.
• OR, if all that sounds like too much work, Download the KeePass Portable Password safe for free. It password protects your passwords and can even generate more secure passwords for you to use. (Did I mention it's free?)

__________________
How-to: Linux Gaming Explained | How-to: Nvidia Overclocking in Linux | How-to: Linux Temps and System Monitors
How-to: Demystifying the Nvidia Driver

Ecchi-BANZAII!!!

Jinx... Irony...

__________________
　　　＿_ 　
　/'´　 　ヽ 　　　　Oh and as for the Man-Erin i was tempted to post that also lol. For some reason i want to call it "Marin"
●ｌｶﾉﾉﾙ ﾋﾟﾉ●　　　　　Marc Rudov FTW　　　　　　　　　　　　　　　　　　　　　ತ_ತ
　从 ﾟ ヮﾟﾉｿ 　　 　　　　 Don't you love when someone
⊂ ［］ 二［］つ　　 　　 　　deletes your post without noticing you.　　　 　
　 /　 V \ 　　　　 　　　 You end up searching for that post in vain and anger...
　/____ \　 　 　　　　　　　I hate Autotunes
　 （/ （/　 　　　　　　　　　　　Smiley of the year:

GH0

Denail is spelled Denial.

__________________
Diligite Iustitiam Qui Iudicatis Terra | Love righteousness, ye that are judges of the earth! "We're not God. Not only are our powers limited, we sometimes are driven to become the devil himself." "Gather at the Archeron, prisoners of Charon."
"While the mother holds her child, watches them die, Hands to the sky crying, "Why, oh why?" Cause I need to watch things die...from a distance, Vicariously I live while the whole world dies, You all need it too, don't lie."
Please, help me out!

trueg50

Always great to have another security minded-IT guy on this site.

There are a few things to add, such as enabling MAC address filtering, and turning off SSID broadcasting, plus reducing signal power (assuming your using DD-WRT or another linux flavor... which you should) so that your house has good signal, but your neighbors far away don't have any signal.

__________________
Cable manage and liquid cooled Thermal take Armor

Synergy (G5 case mod)

IEATFISH

If you want to link my Wireless Security guide, it expounds on the wireless section.

Great guide.

__________________
I LOVE my Filco Majestouch Touch Click NKRO!!

Caedis

I don't recommend any of those options in my article as they generate a false sense of security and if you have good security measures in place these measures are irrelevant and only make it more annoying for people with valid credentials to use the network.

It is trivial to sniff a wireless network for valid connected MACs and spoof it. SSID broadcasting is easily circumvented by merely displaying an APs MAC rather than SSID, and reducing signal power wont stop a parabolic antenna or nearby radio.

These are all based on security by obscurity if used by themselves. And security by obscurity is playing the odds in a casino... and the house always wins.

Additionally if they are used in conjunction with good security it's the equivalent of adding a small wooden fence in front of a 50 foot steel wall. Who cares about the wooden fence, the steel wall is going stop whatever comes at it.

__________________
How-to: Linux Gaming Explained | How-to: Nvidia Overclocking in Linux | How-to: Linux Temps and System Monitors
How-to: Demystifying the Nvidia Driver

HatesFury

While i completely understand where you're coming from, i'd like to suggest something.... change you tact my friend.... far too often "we" (i used that word on purpose) IT people have a terrible tendency to look down our noses. I agree with everything you've said, and it's all valid... however you made yourself sound like a condescending a-hole in doing so, and that benefits no one.




Don't feel bad either... me and my boss had this same talk (me being in your shoes, him in mine) not in the far too distant past.

__________________

HatesFury

ACTUALLY! i just had a useful thought\addition you may want to add.

This is one of the most overlooked security improvements in use today. Most desktop users run on and account that has admin permissions. This means that any malicious software downloaded\installed on the system has access to windows components, which intensifies the effects of the problem.

A great way to minimize problems (should you be comprimised) is to always work from a USER account. This can stop\reduce the damage of many viruses\etc. Having a seperate account, with a seperate password using for system configuartion and installs is a good added layer of security.

It's a little more than most people (especially on this forum) are likely to tolerate, but it's done wonders with my personal family (all computer illiterate) to atleast contain problems such that i could recover the PC without needing a re-format (becuase they will get viruses, because they ignore my advice lol).

__________________

W4LNUT5

Nice guide. +rep for you sir.

__________________

W4LNUT5

It makes me sad to know that there is an exploit that can allow adding a new admin level user to the computer (windows). So even then, they will still get in. Better to say that if you run windows, to be sure to run windows update and get the security fixes. Can plug a lot of holes.

__________________