Securing your computer

Status
Not open for further replies.
Greetings everyone,

I am a new member as of 2/8/2007 and I have a wealth of information to share both on this forum and my website, PC-Armor.com. I have been working as a network and system administrator for a global corporation for the past 10 years and it has been my job to ensure ALL of our network-connected computers, servers, and devices remain secure from external and internal attacks. I brought PC-armor.com online January 1, 2007 with the sole objective of helping average computer users understand the threats facing them in today's environment, how these threats can negatively impact their computers and personal identity, and to offer advice and late-breaking news through our Blog (which can be accessed from any page on PC-armor.com). We have also become affiliates with software companies who not only protect the enterprise environment I administer, but have a proven track record for consistently being at the top of their fields.

There is a lot of useful and practical advice in this thread and it is important to note that many people rely on security software to protect their systems; but in reality, they must adopt sound security practices to remain safe! It has been my experience in working with normal computer users in our corporate environment that user education is just as important as having "proven" and reliable software. I noticed that many people recommend "free" software to protect systems; but it is important to note that you get what you pay for...these days, most of the better programs have become quite affordable. I have tested the freebies against the security that must be purchased and the latter has always found malware the freebies missed.

Be safe and check out our blogs...we try to write an article 5 to 6 times each week.
 
Mark,

Windows firewall is a very basic packet filter that limits "incoming" traffic, in that it utilizes a simple access list type of filtering and only looks at the network and transparent layers of the ISO protocol stack. This is fine if all you want to do is block typical Windows services such as NetBIOS, RPC, etc., but as you pointed out in your post, you did have some infections and if those infections were of the "Trojan" family, ie., a program designed to "call home"; you need something more powerful to block the outgoing traffic as well. There are many personal firewalls that provide this type of customization, including the Visnetic Firewall which is what I personally use, the ZoneAlarm Professional firewall, the Sunbelt Kerio Personal Firewall, and others.

Additionally, you should have a hardware "Router/Firewall" between your Internet modem and computer(s) to provide NAT (Network Address Translation) capability and block incoming requests at the perimeter. I use a Netgear FR114P, which is no longer in production, but you can still purchase it from many retailers and online sources. This firewall was one of two that met the stringent standards of the ICSA Labs testing facility. You can find more useful information about firewalls and what to look for on their website at http://www.icsalabs.com.

I would encourage you to download a 30-day trial copy of the Visnetic Firewall from our site, http://www.pc-armor.com/products.asp and give it a try. It is easy to set up and configure and if you like it at the end of the trial period, you can purchase it online. If not, simply uninstall it and try another product. The idea here is to install a more powerful firewall than the Windows firewall...one that will actually protect your computer.

I hope this information is helpful to you.
 
~mr mixx~ said:
Also to protect yourself from intrusions: there are a couple that should not be missed when it comes to protection.

1) Called Blacklight , To detect malware..

2) Another is Called Hacker Defender , that link is info on it and how to protect yourself from it.

Here is another link on it incase the 1st link wont work for you.

Mr. Mixx,

I'm glad you mentioned "Blacklight" in your post. Blacklight is a technology offered by F-Secure with their Anti-virus product that scans for active Rootkits and malware associated with Rootkits deep into the system and if any are detected, the user will be able to clean them. This is important for a couple of reasons:

- Traditional AV software is not capable of detecting and/or cleaning Rootkits, and
- Rootkits are becoming more prevalent as a means of infecting and introducing other types of malware into unprotected systems

For those of you who have not heard of, or tried the F-Secure Anti-virus technology, I would highly recommend taking it for a test drive; you can download a trial from http://www.f-secure.com. I have personally been using their Anti-virus/Anti-spyware software for the past three years after McAfee failed to protect my system. Since deploying it, my systems have remained clean of malware.

Why is F-Secure so good? While most Anti-virus products utilize one engine to protect computers; F-Secure's Anti-virus solution uses four engines; which offers a very secure level of protection, since it would be quite difficult for malware to disable all of them.

WhiteHat
 
How to use online Proxy servers, and TOR.

This is for people with broadband connections (cable, ADSL)

This is my little tutorial/guide on how to use TOR for windows XP. I did this actually because its raining outside and IM bored. Lets begin.

This is for Windows XP with IE6 or IE7 firefox same setup (basically)


Go to http://tor.eff.org/download.html.en and download the bundle which consists of Tor & Privoxy & Vidalia bundle: 0.1.1.26 (sig), 0.1.2.12-rc (sig).

Download it, and save it on your system. Next, run it and install it on your system. After you click 'finish' the white privoxy window will display. Keep this window open just minimize it.


Next, is Vidalia (GUI for TOR) the icon, in the system tray which is a little grey icon for TOR, before starting Vidalia lets configure our web browser. If your running IE6 OR IE7 use this configuration setup. For additional security, I would recommend disabling cookies in your web browser before configuring TOR to work with your web browser.


Open IE go to tools, internet options, click on connections tab, click on LAN settings below, place a check in 'Use a proxy Server,' leave those two white fields blank. Next, click on the advanced button:

Under 'Proxy address to use'

Under HTTP: enter localhost port 8118

Under SECURE: localhost port 8118

under FTP: localhost port 8118

Under Gopher: leave the field blank.

under SOCKS: localhost port 9050

Do not check "use the same proxy server for all protocols" also leave the bottom box blank. Click on OK. and OK and OK. This will close it.

Now go to start, all programs, click on TOR, this will bring up a command prompt box: saying something similiar;

Apr 15 10:58:00.665 [notice] Tor v0.1.1.26. This is experimental software. Do no
t rely on it for strong anonymity.
Apr 15 10:58:00.735 [notice] Initialized libevent version 1.1b using method win3
2. Good.
Apr 15 10:58:00.735 [notice] connection_create_listener(): Opening Socks listene
r on 127.0.0.1:9050
Apr 15 10:58:17.930 [notice] We now have enough directory information to build c
ircuits.
Apr 15 10:58:22.517 [notice] Tor has successfully opened a circuit. Looks like c
lient functionality is working.

Minimize this box or close it.

Next, right click on the grey icon (tor) and go to start. It should now have a green onion instead of the grey icon. To see if TOR is successfully installed go to www.ipchicken.com or www.ip2location.com and see what it IP address it detects. Or you can open command prompt an issue netstat -ano and look for the established connections. Or you can open comand prompt and issue netsh diag connect ieproxy


C:\Documents and Settings\sysadmin>netsh diag connect ieproxy

Internet Explorer Web Proxy (localhost)
IEProxyPort = 8118
IEProxy = localhost
Server appears to be running on port(s) [8118]


C:\Documents and Settings\sysadmin>


Just a little FYI, Tor uses SSL to encrypt all data, and doesn't even leak DNS requests, unlike some proxy servers. As long as it's configured properly and using an appropriate proxy (such as Privoxy, which comes in the bundle).

TOR cannot offer 100% total anonmity so If the connection to the website is not secure (e.g https) then the last gateway will be able to see (and potentially sniff) all traffic.

Thus, it is vitally important when using TOR to check the server certificates and only use encrypted protocols (pop3-ssl, https) if you are logging in.

However, it is true that communication between nodes is encrypted so an intermediate node cannot intercept it.


---------------------------------------------------------------------

Another way to use a proxy server to assist in your web surfing a website proxy server such as www.hidemyass.com where you enter the website you want to visit in the field provided. It will connect to them with their information instead of yours. Again, disabling cookies in your web browser first before configuring TOR to work with your web browser.

--------------------------------------------------------------------

Another method is to use a public proxy server from sites such as http://www.publicproxyservers.com/page1.html

I perfer to use a proxy server from this site but in another country, and perferrably a so called* high anonymity* proxy server running on port 8080.

To do this Open IE go to tools, internet options, click on connections tab, click on LAN settings below, place a check in 'Use a proxy Server,' this time fill in the two white fields with any of the proxy servers from this site or any proxy site. Hit OK and OK. Go to www.ipchicken.com and see what IP address it detects.


A little more FYI I have the best luck from this site http://www.publicproxyservers.com/page1.html
when I select proxy servers running on port 8080.


Only downfall they leak DNS request so your not as anoymous as you think you are.

I hope this helps. Cheers, :)
 
the latest news : on line privacy
http://www.pcworld.com/article/id,131019-c,onlineprivacy/article.html

news on the Vista operating system :

http://www.pcworld.com/search/results?qt=vista&sort=date

home computer security for your computer :
http://www.cert.org/homeusers/HomeComputerSecurity/#thinking

IT security info :
http://www.itsecurity.com/

Computer Security info :http://www.jmu.edu/computing/security/

More Security news :
http://www.enterpriseitplanet.com/security/news/


Science and Technology resources :
http://www.istl.org/02-fall/internet.html
 
Don't install more than 2 anti-virus products as the can generally work against eachother and it is only good if you have 1 installed.
 
intresting thread and ill definatley take some advise from you lot . I from time to time read up on the hole hacking thing something that spooked me was someone told me if a hacker has your ip number they can hack your computer using the Telnet system if they also have a port number to get in with i dont know myself what do you think ? if this is the case how do you defend against it
 
Status
Not open for further replies.
Back
Top Bottom