Complete Security tips for Personal Computer

[RedZot]

Connect to other computers within a LAN (home or business) to share a document, browse the network for the supply of cheaper mortgage or the latest version of a software to download, receive a notice in your mailbox e-mail have become common actions through the use of PCs is growing at home and at work. The sources of these potential risks can be very numerous: computer viruses, now made in industrial quantities, alter the code downloaded from some website "corrupt" up to, at worst, destructive action of some hackers. Certainly it is not easy to realize the complexity and vastness of the problem now commonly known as information security, but it is clear that it can no longer be either neglected or underestimated by those who use a PC for a purpose not only playful. In this brief introduction will therefore be of general considerations on the issue of information security, whereas in the other paragraphs below, attention will be mainly technical aspects and practical solutions.

Virtually anyone who is motivated by its laudable intentions. For the identity of the attacker belongs to a particular system does not matter because the only objective is to penetrate the system itself to be able to subsequently reuse or to perform malicious activities, or even just for the sake of doing so. In some cases it is a disarming ease. Unfortunately, the complexity of the software being produced today is accompanied in some cases to a level of imperfection that gives rise to serious security problems.

These real "flaws" are those whose research is pushing the hackers and those who are exploited (by whom is not motivated by a strong ethical) for illegally entering computer systems. To address these shortcomings software makers are often forced to issue patches to update the application of which is within the sole responsibility of us end users. Also do not forget that the complexity of the software can sometimes invest in issues relevant to its proper configuration to a level that will induce the user to use cd configurations. By default, which pave the way for dangerous deficiencies in terms of safety.

THE SCENARIO:

This first step is to identify the exact amount to be protection you need, for example Personal data, confidential documents and information, e-mail, operating system, etc.). And the nature and sources of possible harmful events (e.g. viruses, intrusions and external attacks, malfunctions, etc.). Surely at this stage is crucial to make a general comment on what the primary use that is made of PC because this affects much of the scenario resulting in further defining. It is clear that the concerns of those who use the computer only to draft documents to be very different from that of those who uses it mainly to surf the net and download software.

WHAT STEPS SHOULD BE TAKEN:

Although you cannot find an ideal complex of preventive measures we can say with certainty that many of the problems that typically arise when it comes to the security of a computer system can be avoided by taking the following corrective actions that, taken together, may be treated as a do's and don'ts:

1. Use a good anti-virus: any computer connected to the Internet shall be so equipped, is also equally important to ensure regular updating of signature files;
2. Use a firewall may seem excessive but the use of filtering devices such as firewalls, if appropriately configured, is able to offer a reasonable degree of protection against certain types of attacks and especially against a range of preparatory activities (such as port scanning TCP / UDP) that an attacker usually performs before groped unauthorized access; naively, do not open email attachments: this rule also applies to e-mail messages that appear to originate from a known address, in any case you should always save a file in the attachment and submit it to a virus scan before opening it; do not naively programs of all kinds: it is always a good idea to check the authenticity of any program before running it and the same is true for all documents that contain macros;
3. Always apply the latest patch: This is true not only for the operating system but also for the application software; pay close attention to the abnormal function of the operating system is absolutely necessary to always look with suspicion at seemingly inexplicable workings of the operating system and try to identify the cause as possible with the use of specific instruments;
4. Disable Java, JavaScript and ActiveX: these technologies can be a real thorn in the side when surfing the Internet, or alternatively, not to make navigation on some sites frustrating, you can protect yourself, but within certain limits, using specific software that acts as a filter for interactive content that is normally received or forms of navigation using anonymous proxy servers;
5. Disable scripting features in email clients: often the most vulnerabilities affecting browser, linked to the presence of interactive content, we also present in this kind of software; make a regular backup of all sensitive data is equally important to keep copies in safe places generated; create a boot disk, this can help in the eventual recovery of activity of a compromised system but on condition that the copy is absolutely genuine and being stored in a safe place.

[RedZot]

FIREWALL – THE FIRST SOURCE OF PROTECTION

The firewall software or hardware devices are placed to protect the points of interconnection may exist between a private internal network (e.g. an intranet) and an external public network (eg. Internet) or between two different networks. Using a metaphor is as though these devices represent the points of a customs: their main function is to act as a filter controlling all network traffic from outside, as well as what is generated from within, and allowing only that traffic which is actually authorized.

Before getting into the speech should make a brief introduction to remind the working principles on which it relies on TCP / IP (Transport Control Protocol / Internet Protocol) as this popular protocol suite now provides the vast majority of services within and of private and public networks. In a network based on TCP / IP each system is uniquely identified by an IP address, consisting of four octets of the type aaa.bbb.ccc.ddd, and communicate with other systems by exchanging messages in the form of packets, also called datagram’s, through a particular protocol.

Basically every form of communication between the systems of a network of this type requires the existence of two distinct points, each of which is represented by a pair of unique items made only by an IP address also from a communication port: 's IP address, similar to a phone number, gives the opportunity to establish a communication with a particular system when the door is nothing but a number that serves to differentiate the network service, i.e. the same application used for communication (for e.g. the http service typically has a port number equal to 80, 21 to the ftp, etc.).

The mechanism that underlies the entire exchange of information is what allows the establishment of a connection and is called three-way handshake term which, literally translated, means "three-way handshake": without it no later flow communication could exist between two different systems. In order to act as a filter to the firewall needs to analyze all the packets flowing through it to make a decision conforms to a set of rules defined by the user. In general, these rules are set to bring about the acceptance or blocking of packets in transit on the basis of what are their distinctive elements, i.e. IP address and port source and destination IP address and port.

However, from the point of view of the inner workings of the firewall can be further divided into two separate groups:

• firewall packet filtering
• circuit-level firewall

The first are the most common and also less expensive: they shall examine the information contained in the packet header on the IP protocol and compare them with their set of internal rules allow or block the transit. The advantage of these devices, in addition to cost, is the speed while conversely weak points are made by a certain sensitivity to certain types of attacks such as those based on IP spoofing. In addition, another vulnerability is the fact that in this case there is a direct connection between source and destination so that, once the firewall lets pass the package, it no longer provides any additional protection against any subsequent attacks brought into being. In contrast, circuit-level firewall, much more expensive, provides a higher level of protection as it examines not only the header but also the contents of the packages in transit.

This mechanism of operation is also called stateful packet inspection because the review of the contents of the datagram is to determine the status of communication in progress and, therefore, to ensure that the target system has actually requested the communication itself. In this way there is no guarantee that all communications are conducted only with source addresses actually known the effect of previous interactions.

WHY TO USE FIREWALL

When a PC accesses the Internet it becomes, in effect, and for the duration of the connection, a network node. The connected system, like any other node may expose network services that applications that have specific functionality and are still listening on a specific port (e.g. a telnet or ftp server or even the old concept of sharing files and printers to Windows).

In some cases it may happen that these services to hide their own internal vulnerability or otherwise make posters for the configuration of these defects can be exploited to gain unauthorized access to a system. Typically groped before any form of intrusion the attacker makes use of specific software to scan for potential targets of listening ports. Once identified, these doors is very easy to go back to the application running and, hence, the kind of security problems affecting the application itself and, therefore, it becomes possible to use an exploit (a particular attack technique that based on the presence of known vulnerabilities) in order to gain access to the system.

Of course, in reality, things are rarely so simple but the example is intended to emphasize a fact of fundamental importance: the use of a firewall, in combination with other tools, can actually provide a level of protection discreet, not only against attempts to exploit known vulnerabilities or not a service but also and above all against the occupation of that port scanning is usually always the prelude to an attack.

[RedZot]

IT IS IMPORTANT TO HAVE A GOOD HARDWARE SUPPORT

Firewalls, as already mentioned, devices are not "independent" in the sense that they must be trained in making decisions regarding the admissibility of traffic transiting through precise rules defined by the user. The preparation of this set of rules may require a period of study and implementation more or less long and tedious, depending on what the actual defense needs that arise in this case but in any case, the core of the operation of these devices lies in their proper configuration. Be in possession of more advanced software product on the market is of no use if the same product cannot be used in the fullness of its functions on account of a bad configuration. In these cases it is rather better to renounce the use of a firewall because the same can lead to a false sense of security in people using it.

RULES FOR SECURITY

You can create a set of rules describing which ports should be opened, which is prohibited and any IP-addresses or network entirely blocked. Firewall at the border of your network will function effectively only when the correct settings. And do not forget about the internal traffic: I supervise not only connect to the Internet - and use them to control user access from one part of the corporate network to another. You never know - maybe that one over there innocuous-looking intern is now trying to crack inside your billing database. There are three types of firewalls. Each has its advantages and disadvantages in terms of safety and productivity.

FIREWALL PACKET FILTERING

The easiest ME is a packet filter. These ME are often inserted into routers, broadband modems, devices NAT, switches and other networking devices. This is due to the fact that these MEs are simple in design and require a minimum of CPU resources and memory. Filters all packages in a row, information about previous packets not counted. Each packet is checked against a given set of rules. Typically, rules are based on the address and port number of the source or at the address and port of destination. Some firewall allow you to view the flags TCP, in particular, SYN, but it can quickly overwhelm you, especially if you have to do it manually. Related to this type of firewall are useful in cases when it is necessary to filter out traffic to a particular type. So, if you want traffic SNMP or NetBIOS never passed through your border router, use the packet filter.

However, packet filters have several significant drawbacks. They can be "misleading" by IP-address spoofing. They do not "see" the serial numbers of packets TCP, and the worst part is that they cannot determine where to initiate a connection - outside or inside. Anybody outside can send packets with an indication of the usual source port number, e.g. 53 (DNS) or 80 (HTTP), and successfully scanned the entire internal network.

PRIVACY POLICY

Traveling through the Internet, users leave a huge amount of traces of personal information. Starting with data on the pages visited and addresses, search options, shopping, downloaded files, sent and received mail, and ending with dialogue in a chat room. Employees ISPs can get lots of information about user activity on the network. Buying online? Merchant site receives the name and address of the buyer, as well as some other data from the questionnaires. This applies to all sites related to online shopping and delivery. There are also employees of the terminal payment systems that test data on plastic card. Another problem - the bank employees who have access to the parameters of the transaction, administrators working with the bank database and gain access to account information.

Combining all these data, we can obtain any and all information about users accessing the network. Take into account the number of people having access to such information, and once again demonstrate the existence of problems of protection of personal information.

SERIOUS VULNERABILITY PIN-CODES AND PASSWORDS

Another strategy game hackers tied to the habits of consumers. In most cases, if the user has a password, it tries to use the former, which is already defined somewhere. For example, the same may well be the PIN-code on the credit card, by phone from the alarm! This is bad because, after learning one of these codes, the attacker will have access to everyone else. Here are a few features. First of all, how many sites a user enters a password and PIN-codes? Are the passwords and PIN-codes for different sites? If the passwords for each site are different, where they are stored, because to keep them in mind user simply cannot?

Administrators and employees of many sites can access the credentials of users of their sites (PIN-codes, passwords, etc.). Banks, payment gateways and other structures, which store data cards and accounts, are to be understood that the protection of this information can become useless if the user data will be available in some other way.

[abuawaisktk]

Dear Brother,
WE ARE WORKING IN PRIVATE ORGANIZATION WHERE WE CANT USE SOCIAL NETWORKS AND OTHER WEBSITE DUE TO ADMINISTRATIVE RIGHTS. PLEASE LET ME GUIDE TO SOLVE THESE PROBLEMS.
THANKS
ABUAWAIS KHATTAK
engrilyas@hotmail.com