Network Security Library
Javascript Feeds    RSS Feed    Security Dashboard    SearchSecurity.com
About | Contact | Advertise | Site Map
Print Printer Friendly      PDF PDF Version
intrusion detection E-mail      Save Save This

Secure Your Home Computer


{LANG_NAVORIGIN} Enterprise Security Home Office
By: TomCat Internet Solutions, 03/06/2005



E-Mail Security



HTML E-Mail


Disable HTML for e-mail or choose to view all messages as plain text if your e-mail client has such options - the better ones do; or use an e-mail content filter for web bugs and embedded content originating from a server other than the one belonging to the sender of the e-mail. Today's cleverly-coded e-mail worms can execute just by viewing HTML-formatted e-mail. In Mozilla Mail and Thunderbird click on View from the main menu, select Message Body As, then select Plain Text. Also uncheck Display Attachments Inline so this setting is used by default. In Outlook click on the Security tab, select Change Automatic Download Settings, and place a check next to Don't download pictures or other content automatically in HTML e-mail.

Attachments


Never allow your e-mail client to "View Attachment Inline" ...unless you are sure it arrived from a trusted sender.

Never open e-mail attachments from strangers. Period

Use encryption software for sending your most private e-mail messages. If you don't, keep in mind that what you are sending is the equivalent of a postcard. Also remember that encryption is for the message body only - it does not hide the subject line nor does it hide the message headers.

Never, ever use e-mail to send confidential information such as credit card numbers, bank account numbers, or your Social Security number. Even if you use encryption and the correspondence is for legitimate business, you cannot be certain that the recipient will protect this information once it is delivered and decrypted. It will only be as secure as the recipient's system permits.

Never respond to e-mail asking for confidential information. Any e-mail you receive requesting your credit card numbers, bank account numbers, or Social Security number either via e-mail or a web site link is surely an identity theft or phishing scam.


Other Online Security Tips


Keep your OS and browser up-to-date, in addition to any service or application that has access to the Internet. Apply updates and patches as they are released.

Learn to identify which system services and applications are known to compromise security and do not allow them to have open access to the Internet. When in doubt, have your firewall prompt you for permission.

Be sure your browser is SSL-capable (Secure Socket Layer) and the encryption strength, or cypher strength, is not less than 128-bit.

Never submit a secure form on an insecure server. Period.

Avoid using easily recognizable passwords such as the names of family members or pets, birthdays, or anniversaries. Make them as cryptic as possible; and if you must write them down, do not store them on your computer or any other place where someone may have access to them. If you must use your browser's password manager, never use it to store important passwords such as those used for banking.

Never visit untrusted sites. If you do, be extremely cautious.

Spyware


Run spyware detection/removal software frequently to search your hard drives for spyware, adware, keyloggers, spy-related modules, browser hijackers, to check for security leaks and registry inconsistencies, and clean up tracks from web sites, opened files, started programs, and cookies.

"Spyware is the name which was given to software that - without the user of the program knowing that the software performs this kind of action - traces the user's usage of the internet and sends this information - again without the user knowing this is happening - to a computer ("Server") designated by the developer of the Spyware software."

"By performing these actions, detailed userprofiles may be collected - without the user's knowledge and approval - which then can be used for commercial or other purposes. By gathering and sending this information both resources on the user's computer as well as bandwidth on the Internet is abusively used, not to mention the breach of privacy such a userprofile would be."

-- Dick Hazeleger, Creator "Packet Sniffing - A Crash Course" and founder of the original "Spyware List"



Additional guidelines for LAN Security



Use a Router with NAT


Use a router between your LAN and the Internet if you have an 'always-on' connection using DSL, cable, or any connection where you are assigned a static IP address. If your ISP advises against this, FIND ANOTHER ISP. A router uses Network Address Translation (NAT) to mask the IPs of your internal network from the outside world. A router that also combines a hardware firewall is even better.

Network Address Translation (NAT):
NAT acts as an interpreter between two networks. In the case of a home network, it sits between the WAN (wide area network, or Internet) and your LAN (local area network, or your home computers). The Internet is considered the public side and your home network is considered the private side. When a computer in the private side requests data from the public side, the NAT device will open a conduit between your computer and the destination public computer. When the public computer returns results from the request, it is passed back through the NAT device to the requesting private computer.

Routers:
Basic NAT devices are not 'true' firewalls, but they are usually considered good enough for most home networks. By not forwarding requests or probes that originate from the Internet to your LAN, a NAT device blocks most mischief. A simple NAT device cannot keep hackers from running DoS (Denial of Service) attacks on you - something that is extremely rare with private networks, but it will keep out people looking for file shares, rogue mail servers and web servers, and most port-based exploits. Most also protect against SMURF and WinNuke attacks. When combining a NAT device with a software firewall and a good anti-virus program, you should be safe from the most common kinds of Internet attacks.

Hardware firewalls:
Some NAT routers have an advanced form of built-in firewall that performs Stateful Packet Inspection (SPI). This allows the NAT device to filter out specific kinds of data on your router like SYN flood attacks, IP Spoofing, Teardrop attacks and others. SPI is a general term that can describe a router that filters more kinds of attacks than basic NAT by closely examining packet data structures and not just the source and destination addresses and ports. Each manufacturer will implement different kinds of SPI so not all SPI routers are equal, yet most routers with SPI can log attacks.

Block NetBIOS ports over TCP/IP


Block NetBIOS ports over TCP/IP to all Internet traffic if you need to enable file sharing for your LAN so no one from the outside can access the contents of your hard drives through these ports. This can be accomplished with either one of these two methods:
  1. Preferred method: Block incoming and outgoing access to ports 135, 137-139, and 445 with your firewall. ZoneAlarm does this by default when you set the Internet Zone Security to "high". (The "medium" Internet Zone Security default settings only block incoming access to NetBIOS ports and you can manually change that to include outgoing, but remember - any Internet Zone Security setting lower than "high" is not recommended for use in the Internet Zone.)
  2. Alternate method: Manually disable NetBIOS over TCP/IP. This method is for advanced users only and is something we now consider unnecessary in these modern days of routers and bi-directional firewalls like ZoneAlarm. Be aware that with Windows XP, the results can be unpredictable and highly dependent on how your network is configured.

Other Home Network Security Tips


Periodically check for heavy traffic on your router's LEDs and check each PC's log files for new entries that are unfamiliar. These factors could indicate malicious activity.

Turn on WEP (Wired Equivalent Privacy) on your wireless router or access point if you are connected to a "wireless" network.

Require a login user name and password for every computer connected to your LAN. For any hard drives that are configured as shared: Windows 98 users - require a user name and password there, too. Windows XP users - do not configure share permissions to allow 'anonymous logon' or any access by groups or users outside your LAN.

Secure your sensitive files on any computer you use to connect to the Internet. Never place sensitive files on drives or inside folders that are configured as shared. Even better, the best place to store these files is on a CD or some other removable media. Another option is to install a third-party file guardian program but be very careful when using such tools as misconfiguration can result in complete inability to access to your OS.

And remember that even though only one computer is actually making the internet connection, any other computer sharing that connection, or is sharing files on a network with that computer, needs the same protection!
















E-Mail Link

Your IP address will be sent with this e-mail
From e-mail to e-mail



Stats
14548 Views
4.18/5 Rating
17 Votes
Papers
Newest
Highest Rated
Most Viewed
Reference

Services
Javascript Feeds
RSS (New Papers)
Security Dashboard

Our Stuff
About SecurityDocs
Advertise
Contact

Valid HTML 4.01!
Valid CSS!


Unless otherwise noted, all paper copyrights are owned by the author. The rest copyright 2003-2005 TechTarget

Privacy : Contact