computer security hints

[TicklingDuo]

Hi gang!

With the revival of interest in the issue of security, I thought I'd do something a bit different. For those who are concerned about securing their systems, I've found an excellent book. It's called "Security Complete". It's just over 1,000 pages of info. and instructions on risks to your system and what you can do to protect against them. It's set up like a text book, with all the how-to's and diagrams. I thought I'd start posting some of the tips here so that others could benefit from them. I'll post one a day (as I'm able) and see what people think. If you find it helpful, I'll continue. If not, I won't waste time putting them up.

Today's hint is geared towards those with the Windows XP operating system or livewire file sharing programs. If you have XP, look for something called remote assistance or remote access. This is a feature that allows you to permit others to have access to your harddrive from their own computer...ideally for tech support or file sharing purposes (or to access your own system from elsewhere). File sharing programs that you DL to open certain files to others have this same feature. Others may access not only what you grant them access to, but any file on your system.

In the process of investigating our hackers, we have learned that this is one of their best friends. If they get access during an open file sharing time or by hacking the normal defenses, they can give themselves permission to access things at any time they like...without you even knowing they're there. Besides the risk this poses to your own security, this access can also be used to give them false identities when sending out infected material or attempting to hack/crack systems.

The solution? Uninstall these features! Even if you simply disable them, a hacker/cracker can turn them on and still have access. You can always reinstall the remote assist from your reboot disks if you need it down the road. Or, better yet, CALL for live assistance. They can walk you through the steps to learn the same info. they'd get with a remote connection.

I haven't checked them out yet. But, these are the addys for the sites of the group that put out the book...www.sybex.com and www.sybestrainer.com

OK, that's it for today. Class dismissed. 😀

Ann

PS - If you have specific things you'd like me to look up and post about, just let me know.

 

[BigJim]

Hello Ann,

Me being the cheap arse that I am, bought my new PC with only the second edition of Windows 98 on it. Does this version have the same problem?

 

[qjakal]

Quick comment....

The single most neglected security issue is NOT updating through the freebies provided here...take a peek and see how "up to date" you are...

http://windowsupdate.microsoft.com/


Nice topic, btw Ann! 🙂 Q

 

[TicklingDuo]

Thanks Q! The same goes for updates of anit-virus, etc (free or not).

BTW, Jim....checking on your ?


Ann

 

[TicklingDuo]

Jim - I've found nothing that states whether you have that option on your system or not. What I would suggest is doing a file search of your system using "remote access" as your query. (There should be a find files or search button in your start menu.) If you have the disk to be able to re-install it later on and it has shown up, you may want to delete it. To do so properly, go to CONTROL PANEL and choose ADD/REMOVE PROGRAMS. Once there, you'll see the listing of programs on your system. Click on remote access and select uninstall. Then, you're all set.

Ann

 

[TicklingDuo]

Security hint #2: pulling the plug on hackers

As I was starting to say before I was so rudely interrupted by yet another hack attempt... 😡 Gee, Mr/Ms Hacker, am I pissing you off with these posts? GOOD!

Those of us who are on cable and DSL connections face a greater risk than those on regular dial-up. The reason for this is that our line (unless we choose otherwise) is always "on". We've traded a good portion of our security for the convenience of quickness. The good news is that there IS a happy medium.

If we install and properly format a good security system (preferably one that includes a firewall), we can block most attempts while we're surfing, etc. But, even with a firewall and all the anti-virus in the world, we need to be vigillant. That is a MUST.

If you're online and your firewall is warning you of intrusion attempts being blocked, that's great. That's what it's there for. If it goes beyond 3 or 4 attempts, get off and disconnect the modem. No matter how good your firewall is, it won't hold up if you're attacked by a bombardment...a quick series of automatic or manual repeated attempts that eventually overwhelm the security. (Anyone who's seen the movie "Hackers" will likely remember the scene at the end where they're all on at the same time trying to break through the security of the bad guy. That was one example of a bombardment attack...and it worked there as it would in real life.)

Getting offline (AND disconnecting the modem) for a few minutes will stop the attack and keep them from getting in. Simply signing off will NOT keep you safe. Remember, your connection is always on unless you disconnect. It only takes 5 sec. to unplug it/plug it back in if your modem is in a handy location. Taking 5 minutes to grab a cup of coffee, have a smoke or whatever before continuing your work is much better than the 3 - 4 hours it takes to wipe and totally reformat your entire system.

In the midst of watching a great vid clip from MTP's new site or a PPV streaming video from elsewhere when you get hit? Get off anyway! It costs less to go back and grab it again than it does to re-do your system. For those who don't know how to do it themselves...this is NOT covered under warantee and will cost you a minimum of $1 per MINUTE (Gateway was $1.39/min.) to have a tech walk you through the process...more if you take it to have them do it.

When you aren't online...keep your modem turned off and unplugged. If you aren't there to monitor things, you have no way of stopping a bombardment attack. Better safe than sorry, right?

{Though this is directed towards those with cable/DSL connections, the same advice can be followed by those on a normal dial-up connection AFA getting offline if you're getting hit.}

Ann

 

[BigJim]

A question for Ann.............

Ann, does unplugging my cable modem provide a safe disconnection? That's be easier for me than removing the cables, as I'd end up putting them back in the wrong sockets. (By unplugging, I meant unplugging the power source.)

 

[TicklingDuo]

Jim...unplugging the power won't do it. You still have a working cable connection. It's kinda like having regular cable straight into your set rather than through a cable box. The connection won't be as good. But, it will still be there.

Ann

 

[BigJim]

Jim...unplugging the power won't do it. You still have a working cable connection. It's kinda like having regular cable straight into your set rather than through a cable box. The connection won't be as good. But, it will still be there.

Ann

Okay Ann, thanks for the advice.

 

[Biggles of 266]

Another thing, people with dial-up get a different IP address every time which makes them slightly harder to track from the hackers point of view. Cable and DSL connections keep the same number, even after disconnecting and reconnecting.

 

[TicklingDuo]

Good point Biggles. One of the few things dial-up has over livewire connections.

Security Hint #3: Back-up your files!

No matter how much security we may have on our systems or how clean we think we are, something can always happen. Even a natural thing like an electrical storm can crash your entire system. Prevention is one thing. Security checks, anti-virus, surge protectors, etc. are good to have. But, information on your system should ALWAYS be backed up on a regular basis. Grab some extra floppy disks or CDs (if you have a CD burner) and save stuff. This way, if something should happen to corrupt your system, you can restore everything from the disks rather than losing it all.

A lot of people argue about how often back-ups should be done. Some say that once a week is good enough. Others insist that it should be done on a daily basis. After losing a fair amount of material that I'd prepared for site updates over only a 2 day period, I now count myself a member of the latter opinion. How often you back things up depends on you....how much work you do and how important it is to you to keep that work from being lost.

Think "SAVE"!

Ann

 

[TicklingDuo]

Security Hint #4: Mail Threats

Since one of the current threats has been e-mail bombs, I thought I'd do that next. One of the things that our wonderful intruder has been doing is sending us e-mail bombs. We've gotten dozens of them. I'm not sure how many others have gotten them. But, we've picked up some clues to help avoid them.

First of all, you need to be aware that they MAY be disguised as being from someone that you know. The first one we got claimed to have been from Myriads. It wasn't. Some others were also supposedly from people we know. They weren't.

If you use Outlook Express, you're a step ahead of the game on one side and a step behind on the other. It tells you the size of the e-mail. So, it makes it easier to isolate possible threats. The bombs we've gotten so far are between 125 and 160 KB. (However, this DOESN'T mean that all will be. There are plenty of different bombs out there.) The way OE is behind the game is that you don't always see the return address without opening the e-mail. So, you aren't sure if the name assigned to the sender matches an e-mail address you have for them.

If you're on AOL, they routinely scan mail as it comes through the system and eliminate anything that appears to be a threat. But, don't take that as meaning that you're safe. They have missed some on occassion. To find the file size, I THINK you can right click and hit properties. (Since I'm no longer on AOL, I can't check that. Maybe one of our AOL users will be kind enough to do so and let us know.)

The basic rule I'm now using is to save suspect mail to floppy and scan them before trying to open them. If they're infected, I simply dump them.

OK....So, what makes them suspicious? First of all, when I receive mail from someone (whether I know them or not), if it's over 30KB, I check it. The program inserted in e-mail bombs takes a certain amount of space. While it's generally much larger than that, it's better to be safe and scan them than to have it go off on you. Most normal e-mails range between 3 and 10 KB...unless the sender is long-winded. 😛

What happens if they DO go off? Well, that depends on the specific bomb. The ones we opened before catching on to the patterns triggered a series of windows opening that could not be stopped. As it kept us busy with trying to stop it, it was loading the included virus onto our system...in this case, a self-regenerating worm virus that could only be completely eliminated by wiping and reformatting our system and dumping any files we'd saved since opening the first bomb.

Again, there are MANY kinds of e-mail bombs. So, if you get something you aren't expecting (from someone you know or not), check it out first! It takes an extra couple of minutes. But, once again, it's less time than wiping and reformatting your system.

Think SAS....save and scan.

Ann

 

[TicklingDuo]

Security Hint #5: Trojan Horses

I just came across this site Trojan Horse Attacks It gives the info much better than I could in a limitted space. I recommend that everyone check it out.

Ann

PS - I know I haven't posted on this thread in a few days. Just trying to get caught up.