Ask yourself "would
I fly a flag with my bank account details on it in my front garden?"
if the answer is no,
please read on
With high tech crime
rapidly becoming 'big business', according to this
BBC report effective computer security is vital, this article
highlights just some potential problems. Regrettably, the labour government
has not only
failed to protect the identity of 25 million people theyve failed
to listen to a group of peers with suggestions
for dealing with e-crime. Labours heads are firmly in the sand over
this vital issue. Some financial institutions could also do much better,
failure to apply basic principles exposed following the theft
of a laptop, the guidance here would have prevented vital data being
compromised, resulting in loss of confidence and bad PR.
According to Symantec, in
2003 an unprotected Internet connected PC could be compromised within
15 minutes, by 2004 it was 15 seconds. Some worms now take only a few
seconds to detect a vulnerable coputer & every PC weve examined
has some form of scumware, adware or virus infection demonstrating that
security is still not taken seriously.
Home
users, with little or limited technical knowledge are percieved
as a very easy target. Paranoia is not the right answer either,
a review of your current arrangements with the correct action is all
thats required.
So what are they after? Believe
it or not, just about every single item of personal information is stored
somewhere on your PC. The opportunity to abuse your identity, bank account
or credit cards, setup a spam relay or attack large corporate networks
with a remote DDOS attack controlling your zombie PC, is easily assisted
by insecure web browsers & operating systems riddled with exploits
(Microsoft take note) and with hacking kits on sale, even for an amateur,
its just all too easy.
There are no surprises regarding
the current 'Wild West' situation as in just one year, 'Cool web search'
alone netted over $300m of your money. Banks are just as complacent,
they accept losses and in doing so encourage fraudulent Internet activity.
If any financial institution wishes to cut fraud then please contact
me but so far none have...
Even a well defended connection
may be vulnerable to a composite attack as virus writers team with malware
experts and hackers to create more effective exploits. Simply browsing
the Internet or using MS messenger may invite Trojans, scumware, browser
exploits & worms onto your PC via port 80 bypassing your firewall.
Your online security must evaluate
all methods of attack and be periodically reviewed & maintained,
its our opinion that Apple Macs are far more resistant to attack, PCs
running Microsoft software seem so very vulnerable in comparison.
To help you remain secure, first
review these points of entry then take action...
1. Secure your Internet connection
Use a router with NAT translation
& a SPI firewall, the Netgear DG834 for ADSL or similar for cable.
Configure your PC software firewall
correctly, the XP (SP2) one is not good enough, Zone
Alarm stops internal leaks
Dial up connections are open to
exploit by trojan dial viruses resulting in large telephone bills -
so avoid dial up.
Consider disabling
netbios as it opens port 139 & install the netbui protocol instead
if you have a small network
If you run a business network
consider an additional layer of security deploy the Arxceo
Ally IP100 as well as a firewall
DO NOT
install peer file sharing services such as KaZaa, Limewire, etc
your system will be vulnerable to trojans
Now check your security with Gibson
Research shields up, port probe & leak test
2. Microsoft browsers are not secure,
there are better browsers than Internet Explorer, so why not use one?
Once youve installed Fire
Fox, its easy to configure to stop web sites installing software,
block pop ups and control cookies
The Add
Block Plus extension to Fire Fox will block aggressive cookie &
addware sites & you can script your own
If you bank online ensure the
URL is always typed in the browser
- do not click any email links - see bank
safe online
If children use the PC, deploy
parental controls & take time to supervise them until
they are aware of the dangers.
Unfortunately children
will install everything and anything without consideration of the risks
- Parents, take charge
Avoid downloading add ons
& browser toolbars these are a constant source of
exploits and some contain malware.
This
hosts file will resolve malware & scumware sites to 127.0.0.1
the loopback and prevent adverts loading as well!
Avoid using Microsoft Messager if you
must use IM download an open source IM client as it will be more secure
than Microsofts
Scan your PC for Spyware frequently,
but dont bother with free software such as Ad-Aware & Spybot S&D
they just dosnt cut it anymore, get something decent & keep
it up to date. Programs weve used include:
PC
Tools - good but slow with clumsy update procedure (& does
not work interactive with Sophos client firewall)
Hijack
This - you need to know what you are doing, but there are plenty
of forums to post your logs
Please buy, register
or donate to the programs as without your funding they would not
exist - they all work well
Avoid
sites offering free 'tools' to fix a problem as some will install
their own spyware & malware!
Our record to date is 1150 items of scumware
& over 200 viruses and trojans without a windows re-install
Use Open DNS, a safer, reliable
& free DNS service with anti phishing
Open
DNS is a free service, its fast and reliable
Open
DNS is safer because it uses Phishtank
lookups to deny access to known phishing (fraudulent) web sites
Open
DNS can prevent address bar typos going to the wrong web site
which may be deliberately hostile
3. Protect your computer from rogue
applications
Unfortunately, some web sites
offer free 'tools' in the promise of a quick fix, they may remove one
item of scumware but in turn install their own adware or they may be
badly written and cause further problems.
Rogue
Remover Pro scans for rogue applications then allows you to remove
them, there is a 30 day trial & its very reasonable to register.
Rogue Remover Pro can block rogueware web sites by resolving them to
the root in the hosts file
4. Secure your e-mail
Read your mail in plain text
as opposed to html - tools, options, read tab - this
page has a good explanation
Control spam, we find Mail
Washer Pro works well, it allows you to view the headers before
download & bin the spam
NEVER unsubscribe from
'friendly spam' it merely confirms your email address and adds value
to your address
Use a throwaway e-mail address
when you dont want details to be held like Pookmail
Be wary opening messages from
unknown senders - hopefully this is a well established practice by now
but a spam
filter should be removing the junk anyway & your antivrus program
maintained up to date
Block high risk attachments such
as .exe .bat .pif .com etc
5. Secure your critical data and
sensitive files so they remain private, forever...
Careless HM
government officials responsible for loosing 25 million personal records
& MOD responsible for losing several hundred laptops please take care,
take note and above all, take action:
To us, its absurd that any sensitive
information would be managed without additional layers of security.
Whats the point of a good locks on your front door if the windows are
open?
If you process confidential sensitive
or personal data, then very strong encryption to secure the data such
as Cypherix is mandatory.
Cypherix is our preferred solution & uses the Blowfish encryption
algorithm to secure your files in a digital vault. The algorithm is
classified as public domain making the source code available to developers
and has been analyzed extensively through years of peer review. At no
point since it's release in 1993 has the Blowfish code ever been cracked,
a significant achievement for the cypher.
Unbreakable encryption makes
the Blowfish cypher the preferred solution to secure our data, why not
yours?
In comparison, when you connect
to a secure socket for on line credit card processing its generally
via 128 bit encryption. 448-bit encryption provides an encryption strength
that is 2.1X10(to the power of 96) times stronger than a 128-bit key
as each bit added doubles the strength of the cipher! This makes Blowfish
the choice encryption algorithm for military, financial & commercial
institutions or any organisation with a requirement to secure their
data such as the legal profession.
Further information
here
General common sense & useful
links
We hope it is common sense by
now to keep your anti virus signatures up to date as recommended in
our antivirus page
Download the latest fixes for
your operating system from Windows
update
Test your security with Gibson
Research shields up, port probe & leak test etc nothing is worse
than a false sense of security!
Be aware that some scumware will
re-write the hosts file in an attempt to resolve AV & antispyware
sites to the loopback, just locate hosts, edit & remove any unwanted
entries that point to 127.0.0.1 except the localhost entry ie: 127.0.0.1
localhost, for example 127.0.0.1 www.sophos.com - means you will
not be able to browse the Sophos web site for help (unless you know
their IP!)
Turn off Net BIOS over TCP/IP
as it opens port 139 if you can manage without name resolution over
IP
If you do receive spam, delete
it & remove from deleted items in your mail client, run a virus
& spyware scan if it looks suspicious
DO NOT
LOGON FROM AN EMAIL LINK REQUESTING A PASSWORD CHANGE - see
this harmless example your bank/building society never issue
security requests by email. a lot of spam is fraudulent phishing emails
and contain a keylogger which the fraudsters will use to capture login
details.
Please forward as an attachment
any unsolicited mail from banks or building societies to the relevant
department so they may be checked & traced, for further information
regarding security for online banking see Bank
Safe online
Dont opt to 'save any passwords'
the store in IE is easy to compromise
Dont take Windows 'security' for
granted - see the gaping
hole in XP SP2 security, be aware of exploits in allegedly 'secure'
Microsoft operating systems, Windows also permits raw socket access
which in our opinion, is a very serious flaw
An except from the article
at PCMAG
However, it's almost like Microsoft
has given attackers the path, door and keys, Windows itself contains
a test utility, WBEMTEST.EXE, that allows you to view, add and edit
the values in the WMI. In addition, files associated with the utility
provide the namespace, classes, and data types associated with the Windows
Security Center, all in plain text. The danger in this utility is not
that it can edit the WMI, but it lets a malicious developer learn the
data and fields needed to do the spoof. Read
full text
Microsoft - THIS IS APPALLING YOU MUST DO
BETTER THAN THIS
The opinions expressed in this article are personal
& acquired from over 25 years experience in various sectors of IT
This information is provided freely with no liability
for loss or damage what so ever
|
