[Tutorial] 7 Steps to Secure Computing

Networking/Security Forums -> Beginners // Misc. Computer Questions

Author: Tom BairLocation: Portland, Oregon USA PostPosted: Wed Jun 13, 2007 1:32 am    Post subject: [Tutorial] 7 Steps to Secure Computing
    ----
We humans have instant access to information, credit and financial services, products from around the globe -- even to our work -- than ever before in history. We are living in the Information Age, and most of us have witnessed the birth of this new age.

However, we are also forced to witness the afterbirth of this new age. The Internet, and the anonymity it affords -- also can give online scammers, hackers, and identity thieves access to our computer, personal information, finances, and much more.

If we are aware and alert, we can minimize the chance of an Internet mishap. Being on guard online helps protect our information, our computer, and ourselves. To be safer and more secure online, adopt these seven steps below:

1. Protect your personal information.

It's valuable.

Why? To an identity thief, your personal information can provide instant access to your financial accounts, your credit record, and other assets.

If you think no one would be interested in your personal information, think again. The reality is that anyone can be a victim of identity theft. In fact, according to a United States Federal Trade Commission (FTC) survey, there are almost 10 million victims a year. It's often difficult to know how thieves obtainee their victims' personal information, and while it definitely can happen offline, some cases start when online data is stolen. Visit www.consumer.gov/idtheft to learn what to do if your identity is stolen.

If you're asked for your personal information --- your name, email or home address, phone number, account numbers, or Social Security number (US) --- find out how it's going to be used and how it will be protected before you share it. If you have children, teach them to not give out your last name, your home address, or your phone number on the Internet.

If you get an email or pop-up message asking for personal information, don't reply or click on the link in the message. The safest course of action is not to respond to requests for your personal or financial information. If you believe there may be a need for such information by a company with whom you have an account or placed an order, contact that company directly in a way you know to be genuine. In any case, don't send your personal information via email because email is not a secure transmission method.

If you are shopping online, don't provide your personal or financial information through a company's website until you have checked for indicators that the site is secure, like a lock icon on the browser's status bar or a website URL that begins "https:" (the "s" stands for "secure"). Sad to say, no indicator is foolproof; some scammers have forged security icons.

Read website privacy policies. They should explain what personal information the website collects, how the information is used, and whether it is provided to third parties. The privacy policy also should tell you whether you have the right to see what information the website has about you and what security measures the company takes to protect your information. If you don't see a privacy policy -- or if you can't understand it -- think about doing business elsewhere.

2. Know who you're dealing with

And know what you're getting into. There are crooks in the bricks and mortar world and on the Internet. But online, you cannot judge an operator's trustworthiness with a gut-affirming look in the eye. It's remarkably simple for online scammers to impersonate a legitimate business, so you need to know who you're dealing with. If you're shopping online, check out the seller before you buy. A legitimate business or individual seller should give you a physical address and a working telephone number at which they can be contacted in case you have problems.

PHISHING
BAIT OR PREY?

"We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity."

"Phishers" send spam or pop-up messages claiming to be from a business or organization that you might deal with -- for example, an Internet service prodiver (ISP), bank, online payment service, or even a government agency. The message usually says that you need to 'update' or 'validate' your account information. It might threaten some dire consequence if you don't respond. The message directs you to a website that looks just like a legitimate organization's, but isn't. The purpose of the bogus site? To trick you into divulging your personal information so the operators can steal your identity and run up bills or commit crimes in your name. Don't take the bait: never reply to or click on links in email or pop-ups that ask for personal information.

Legitimate companies don't ask for this information via email. If you are directed to a website to update your information, verify that the site is legitimate by calling the company directly, using contact information from your account statements. Or open a new browser window and type the URL into the address field, watching that the actual URL of the site you visit doesn't change and is still the one you intended to visit. Forward spam that is phishing for information to spam@uce.gov and to the company, bank, or organization impersonated in the phishing email. Most organizations have information on their websites about where to report problems.

FREE SOFTWARE AND FILE-SHARING
WORTH THE HIDDEN COSTS?

Every day, millions of computer users share files online. File-sharing can give people access to a wealth of information, including music, games, and software. How does it work? You download a special software that connects your computer to an informal network of other computers running the same software. Millions of users could be connected to each other through this software at one time. Often the software is free and easily accessible.

But file-sharing can have a number of risks. If you don't check the proper settings, you could allow access not just to the files you intend to share, but also to other information on your hard drive, like your tax returns, email messages, medical records, photos, or other personal documents. In addition, you may unwittingly download pornography labeled as something else. Or you may download material that is protected by the copyright laws, which would mean you could be breaking the law.

If you decide to use file-sharing software, set it up very carefully. Take the time to read the End User License Agreement (EULA) to be sure you understand the side effects of any free downloads.

SPYWARE

Many free downloads -- whether from peers or businessess -- come with potentially undesirable side effects. Spyware is software installed without your knowledge or consent that adversely affects your ability to use your computer, sometimes by monitoring or controlling how you use it. To avoid spyware, resist the urge to install any software unless you know exactly what it is. Your anti-virus software may include anti-spyware capability that you can activate, but if it doesn't, you can install separate anti-spyware software, and then use it regularly to scan for and delete any spyware programs that may sneak onto your computer.

EMAIL ATTACHMENTS AND LINKS
LEGITIMATE OR VIRUS-LADEN?

Most viruses sent over email or Instant Messenger won't damage your computer without your participation. For example, you would have to open an email or attachment that includes a virus or follow a link to a site that is programmed to infect your computer. So hackers often lie to get you to open the email attachment or click on a link. Some virus-laden emails appear to come from a friend or colleague; some have an appealing file name, like "Fwd: FUNNY" or "Per your request!"; others promise to clean a virus off your computer if you open it or follow the link.

Don't open an email attachment---even if it appears to be from a friend or coworker---unless you are expecting it or know what it contains. You can help others trust your attachments by including a message in your text explaining what you're attaching.


3. Use anti-virus software and a Firewall.
Update both regularly.

Dealing with anti-virus and firewall protection may sound about as exciting as flossing your teeth, but it's just as important as a preventive measure. Having intense dental treatment is never fun; neither is dealing with the effects of a preventable computer virus.

ANTI-VIRUS SOFTWARE

Anti-virus software protects your computer form viruses that can destroy your data, slow your computer's performance, cause a crash, or even allow spammers to send email through your account. It works by scanning your computer and your incoming email for viruses, and then deleting them.

To be effective, your anti-virus software should update routinely with antidotes to the latest "bugs" circulating through the internet. Most commercial anti-virus software includes a feature to download updates automatically when you are on the internet.

When installing an anti-virus package, make sure it performs the following:

-Recognizes current viruses, as well as older ones.
-Effectively reverses the damage.
-Updates automatically.


FIREWALLS

Don't be put off by the word 'firewall'. It's not necessary to fully understand how it works; it's enough to know what it does and why you need it. Firewalls help keep crackers from using your computer to send out your personal information without your permission. While anti-virus software scans incoming email and files, a firewall is like a guard, watching for outside attempts to access your system and clocking communications to and from sources you don't permit.

Some operating systems and hardware devices come with a built-in firewall that may be shipped in the 'off' mode. Make sure you turn it on. For your firewall to be effective, it needs to be set up proplerly and updated regularly. Check your online "Help" feature for specific instructions.

If your operating system doesn't include a firewall, get a separate software firewall that runs in the background while you work, or install a hardware firewall--an external device that includes firewall software. Several free firewall software programs are available on the Internet.

Zombie Drones
Word of Warning!

Some spammers search the Internet for unprotected computers they can control and use anonymously to send unwanted spam emails. If you don't have up-to-date anti-virus protection and a firewall, spammers may try to install software that lets them route email through your computer, often to thousands of recipients, so that it appears to have come from your account. If this happens, you may receive an overwhelming number of complaints from recipients, and your email account could be shut down by your ISP.

4. Be sure to set up your operating system and Web browser software properly
Update them regularly.

Crackers and spam-kiddies also take advantage of Web browsers (such as Internet Explorer, Firefox, Netscape) and operating system software (like Windows or Linux) that are unsecured. Lessen your risk by changing the settings in your browser or operating system and increasing your online security. Check the "Tools" or "Options" menus for built-in security features. If you need help understanding your choices, use your "Help" function. If you still don't understand, post a question to the forum here and receive help from your fellow members.

Your operating system also may offer free software "patches" that close holes in the system that crackers could exploit. In fact, some common operating systems can be set to automatically retrieve and install patches for you. If your system does not do this, bookmark the website for your system's manufacturer so you can regularly visit and update your system with defenses against the latest attacks. Updating can be as simple as one click. Your email software may help you avoid viruses by giving you the ability to filter certain types of spam. It's up to you to avtivate the filter.

If you're not using your computer for an extended period, turn it off or unplug it from the phone or cable line. When it's off, the computer doesn't send or recieve information from the Internet and isn't vulnerable to crackers. (An exception to this is if you schedule updates from the Internet during non-use hours).

5. Protect your Passwords

Keep your passwords in a secure place, and out of plain view. Don't share your passwords on the Internet, over email, or on the phone. Your ISP should never ask for your password.

In addition, crackers may try to figure out your passwords to gain access to your computer. You can make it tougher for them by:

-Using passwords that have at least eight characters and include numbers or symbols.
-Avoiding common words: some crackers use programs that can try every word in the dictionary.
-Not using your personal information, your login name, or adjacent keys on the keyboard as passwords.
-Changing your passwords regularly (at a minimum, every 90 days).
-Not using the same password for each online account you access.


One way to create a strong password is to think of a memorable phrase and use the first letter of each word as your password, vonverting some letters into numbers that resemble letters. For example, "How much wood could a woodchuck chuck" would become 'HmWc@wcC'.

6. Back up important files.

If you follow these steps, you're more likely to be more secure online, free of interference from crackers, script-kiddies, viruses, and spammers. But no system is completely secure. If you have important files stored on your computer, copy them onto a removable disc, and store them in a safe place.

7. Learn who to contact if something goes wrong online.

Cracking or Computer Virus
If your computer gets cracked or infected by a virus:

-Immediately unplug the phone or cable line from your computer. Then scan your entire computer with fully updated anti-virus software, and next; update your firewall.
-Take steps to minimize the chances of another incident.
-Alert the appropriate authorities by contacting:

=your ISP and the cracker's ISP (if you can tell what it is). You can usually find an ISP's email address on its website. Include information on the incident from your firewall's log file. By alerting the ISP to the problem on its system, you can help it prevent similar problems in the future.

=the FBI at www.ifccfbi.gov . To fight computer criminals, they need to hear from you.


Internet Fraud
If a scammer takes advantage of you through an internet auction, when you're shopping online, or in any other way, report it to the Federal Trade Commission at www.ftc.gov . The FTC enters Internet, identity theft, and other fraud-related complaints into Consumer Sentinel, a secure, online database available to hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.

Deceptive Spam
If you get deceptive spam, including email phishing for your information, forward it to spam@uce.gov. Be sure to include the full header of the email, including all routing information.

Divulged Personal Information
If you believe you have mistakenly given your personal information to a fraudster, file a complaint at www.ftc.gov, and then visit the Federal Trade Commission's Identity Theft website at www.consumer.gov/idtheft to learn how to minimize your risk of damage from a potential theft of your identity.

Lastly, to keep up to date with information about the latest computer threats, sign up for alerts from the Department of Homeland Security at www.US-CERT.gov.


Last edited by Tom Bair on Mon Nov 05, 2007 8:00 pm; edited 1 time in total

Author: capiLocation: Portugal PostPosted: Wed Jun 13, 2007 2:46 am    Post subject:
    ----
Nice article, Tom. Good introduction to important security topics in a way which is easy to understand.

It's important to improve public awareness about security, and this should contribute to that.

Author: GodDoTheRest PostPosted: Mon Aug 27, 2007 7:37 am    Post subject:
    ----
nice tutorial

Author: 29daveLocation: USA PostPosted: Mon Nov 05, 2007 6:53 pm    Post subject: Excellent
    ----
Well done...

Author: juniortech1209Location: ~behind you~ PostPosted: Mon Feb 04, 2008 10:50 pm    Post subject:
    ----
very informative. well done!

Author: OmaniDevLocation: Oman PostPosted: Fri Jul 11, 2008 7:24 pm    Post subject:
    ----
Very Nice! Well Done

Author: Tom BairLocation: Portland, Oregon USA PostPosted: Fri Jul 11, 2008 9:02 pm    Post subject:
    ----
Seems I failed to cover the issue of Scareware, although that topic really doesn't fit in this tutorial.

Guess I'll have to write one up soon, I'm seeing more people being affected by it and questioning whether they should pay the price to 'activate' the free spyware checker to have it remove all the bountiful cookies and spyware it detected on their PCs.

(Simple short answer is NO. Download and use SpyBot S&D. It is free, and it will remove cookies and spyware without you having to pay to 'activate' it).

Author: computek7 PostPosted: Sat Oct 18, 2008 7:47 am    Post subject: Consumer Security Organisations
    ----
This is very nice article, Also was wondering it would be good to give where to report when a consumer has become a prey for phisher.

Here is a few links, where you can report phishing attacks.

Anti-Phishing Working Group - http://www.antiphishing.org/

Federal Trade Commission - http://www.consumer.gov/idtheft/ (As suggested by TOM)

United States CERT - http://www.us-cert.gov/nav/report_phishing.html

These organisation specially are dedicated for cyber Crime Law enforcement such as identity theft, phishing, pharming and so on.

Author: Tom BairLocation: Portland, Oregon USA PostPosted: Sat Oct 18, 2008 11:57 pm    Post subject:
    ----
Thank you for the additional links to report phishing to.

It would be wonderful to see knowledgable members post tutorials on these topics to better assist the General Public in understanding the threats and how to combat them.

Author: kisezr00kLocation: McEwen, TN PostPosted: Mon Oct 20, 2008 2:57 am    Post subject: Security
    ----
Thank you. I have never seen guidelines for people listed out like this; it was very helpful.

Author: desinet1 PostPosted: Fri Dec 05, 2008 12:21 pm    Post subject:
    ----
Most of the Internet Security threats get successful because of the user's own irrational habits and haste. You have to be a bit careful and reasonable while surfing. This protects you more than what hundreds of dollars worth of software. Smile

Author: FruscianteLocation: Brasil PostPosted: Tue May 26, 2009 8:25 pm    Post subject: Thanks a lot!
    ----
Another one issue that may be considerer is the use of Free Web Hostings services.

From this, your personal informations, like name, location and e-mail, will be vulnerable because you don't know who is in the background of service.

However, this topic is so good for all of us, even users.

Author: techsniper PostPosted: Sat Jul 04, 2009 8:23 pm    Post subject: Quite informative
    ----
I have just come across this article.. and its' really informative....covers all the major pc security areas.

Author: jgs90 PostPosted: Fri Sep 04, 2009 3:50 pm    Post subject:
    ----
Thanks Tom for a thorough tutorial! I'll be referring my friends here who are new to Computing or securing their computers. Thanks!

Author: Tom BairLocation: Portland, Oregon USA PostPosted: Fri Sep 04, 2009 9:49 pm    Post subject:
    ----
Thanks to all for the great comments. I just re-read the article and it is as valid today as it was when I wrote it. Maybe even more so, since we are experiencing economic hard times.

No matter what your level of PC Security expertise is, everyone is a target of thieves. Case in point:

I've been checking my bank balances every single day (when I have Internet access available) for the past 3 years. Last Sunday I noticed a $1.00 charge to PayPal and a charge to Domino's Pizza in Los Vegas NV made to my wife's bank card.

We've not been in Vegas for quite a long time, so I called the 800 number for the Bank's fraud department and reported the bogus charges. They immediately removed the two charges from our account, and instantly credited the funds back to our account. They cancelled my wife's card, and started the process of issuing a new card.

This has happened 4 times total in the past two years. And we've always caught it each time on the very day the charges were submitted for processing. On the first 2 incidents, the bank held the funds for 10 days! But now they no longer do so due our efforts and reputation.

The facts are, nobody had gained access to my wife's card. What they did was bomb PayPal on a Thursday with random card numbers until one hit good. Then they bomed PayPal on that card number with 3 digit security code variations until they nailed the correct code. That is where the $1.00 PayPal charge comes in.

Next, they tested the card by ordering from Domino's Pizza over the phone. (It would be interesting to see where the Pizza was delivered, or if it was a Will Call order). If I had not caught this on Sunday, no doubt they would have hit the International Gambling Sites online gaining credits off our card. However, no doubt on their first attempt after the card was cancelled -- it came back as an invalid account.

As I said, it could happen to anyone. The best action one can take is to stay aware of your account charges, and if you see a bogus charge, report it immediately regardless of the day or time.

Author: izangLocation: Philippines PostPosted: Mon Oct 11, 2010 7:10 am    Post subject:
    ----
I keep the tips noted and remembered to secure my computer from bad sectors.

Author: davidbosten PostPosted: Sat Oct 30, 2010 2:08 pm    Post subject:
    ----
It's very nice article for the Internet using community. This article is very useful who are mostly use Internet for money transaction with Internet. The seven topics can protect our computer with hacker and viruses. If the computer is held main role in your business than you must read and apply these points.

Author: georgec PostPosted: Thu Feb 03, 2011 5:02 pm    Post subject:
    ----
Very comprehensive article, well done Tom Smile I would add just one thing: the use of a restricted user account as opposed to using the administrator account for normal tasks!

Author: Tom BairLocation: Portland, Oregon USA PostPosted: Sun Apr 03, 2011 10:28 pm    Post subject:
    ----
Thank you for the kind words, ljane.

Something I have not mentioned is that you should NOT use autofill or 'remember password' in your browser. These two features should be turned off for your protection.

They of course are real time-savers, and I've got hooked on using them on my laptop. But if my laptop were ever stolen, I'd be in a bad way! The other issue is forgetting what your user name and password is over time since you are depending on your browser to enter such information.

Also be sure to request a FREE credit report directly from the 3 major credit reporters twice a year. Go directly to them and don't use a third party site offering you ease and simplicity for a nominal fee. Learn to look for hints of ID Theft actions in your report.



Networking/Security Forums -> Beginners // Misc. Computer Questions


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group