Reducing a computer's vulnerability to hackers (true computer
protection and internet safety) is much like using anti-theft devices and
common sense to guard against your car being broken into. Strangely, few people
would leave their keys in the ignition while away from their vehicle, yet
most might as well hand over their workstations and servers to the lowliest
hacker as they don't have any security in place.
Free Computer Safety and Internet
Protection Fire Wall Software
|
|
Back to
top
Just like vehicle protection measures, you can stop a lot
of potential intruders but never all. Most hackers are of the "script kiddie"
variety, non-programmers using commonly available hacker tools to penetrate
systems if only for their own amusement. Since their skills are limited, they
hunt for the easy kill rather than a challenge, so our mission here is to
make your computer as unattractive as possible. The rules outlined below are
a checklist of things you must do to properly secure your system. At the end
of this article you'll find useful links that will help you actually implement
these measures.
Rule 1:
Mind your passwords. It is simply incredible that in this day and age most
computer users persist in choosing the weakest passwords, typically because
they're easy to remember. Forget convenience: Under no circumstance should
you ever use real words or combinations of real words, nor should you use
numbers that have any significance to you such as your birth date. Script
kiddies will use password guessing tools and it might take only seconds to
guess yours. Additionally, using the same or similar password everywhere is
foolish, sort of like leaving your credit cards and house keys in your car!
The best policy is to use random sequences of characters for passwords.
|
Rule 2:
Use encrypted connections. The Internet tools most commonly used on workstations
and servers are inherently insecure. For instance, never use the popular Telnet,
POP, or FTP programs unless passwords are passed in a strongly encrypted format
over the Internet. Sadly, authentication is typically in plain text, which
makes life easy for hackers using packet sniffers to automatically grab scores
of plain text passwords from Internet noise while they sleep. Remote shell
sessions such as with telnet should be completely encrypted if you use such
sessions to switch to other userids or root id, lest you want to give script
kiddies a big break! SSH is the best substitute for Telnet and can also be
used instead of FTP. By the same token, sensitive information should NEVER
be sent via email. Note that any encryption between client and server requires
that both ends support the encryption method.
Rule 3:
Hide! Cloaking your computer's Internet presence via a firewall is the first
line of defense. All hackers use scanning tools to quickly find weaknesses
in a computer's Internet interfaces. Firewalls work at the packet level and
not only can detect scan attempts but also block them, thus making your system
look unattractive or even hide its existence altogether.
Back to
top
Rule 4: Don't
trust anybody! Be very careful about what programs you download from the Internet.
Do not install software from little known sites especially. Programs can hide
"trojans" that once launched will modify your system and/or connect to remote
servers without your knowledge, perhaps allowing hackers to slip into your
system. Nowadays, most download sites will include a checksum, typically PGP
or MD5 encoded, which can be used to verify that the program is authentic
before you install it. It's not too paranoid to make it a rule to never trust
anything from the internet, as even the biggest website could be subverted
by hackers and you wouldn't notice.
Rule 5:
If you're managing a server, limit what other users can do on the system.
From limiting them to certain areas of the file system and which applications
they can run to limiting their memory and process usage, there are many things
you can do to reduce the serious risk posed by reckless users.
Click below for AdAware
SpyWare eliminator
|
|
Back to
top
Rule 6:
Keep your system up to date. Vulnerabilities are continuously being found
in popular programs and operating system kernels, some of which might allow
an intruder to gain root access to your system. Unfortunately, word of such
"holes" travels quickly in hackerdom, so it's important to be on top of them
yourself. Software creators post "patches" and/or new versions of their programs
to fix those defects. It's hard to keep track of them all, but you can save
yourself a lot of grief by subscribing to mailing lists that warn you of such
incidents. Again, software producers often maintain such lists themselves,
as do sites specializing in computer security, and it's usually free to subscribe.
You can also reduce the risks by avoiding using new applications or those
that a long history of vulnerabilities.
Rule 7: Disconnect
from the Internet when you're not actually using it. This is the ultimate
protection to stop intrusions, but of course it doesn't stop trojans unless
you literally unplug your physical connection. In the case of servers, where
your connection is always on, disable any daemons that aren't needed or seldom
used. Note that the daemons running by default on a newly installed operating
system are quite often the most vulnerable, and most hosting services won't
bother to disable them for you.
Click below for SpyBot
SpyWare destroyer
|
|
Back to
top
Rule 8:
Don't continue using a computer that you know has been compromised by hackers.
To do so allows the hacker to potentially gain access to more systems and
exposes you to the possible theft of some of your sensitive data. The only
solution is to reformat the hard disk(s) and re-install the operating system,
or smash your computer to bits if you prefer!
Rule 9:
Use every security mechanism you can, not just one or a few. They serve
different purposes and thus complement each other. Always rolling-up the car
windows and locking the doors is a good start, but you wouldn't really call
that a security system, would you?!
Stick to the rules or let the hackers rule the day!
Some useful links you can follow to get further knowledge on the subjects
discussed today:
AUTHOR:
Tom Germain has been our ace programmer at
iEntry.com. He has expertise
in several different languages and operating systems. Basically, he's
just a geek stud. - Pete
This article was originally published at
webpronews.com on
May 3, 2001 |