What's New!

Chat with
Hackers

How to Defend
Your Computer 

The Guides
to (mostly) 
Harmless Hacking

Happy Hacker 
Digests (old stuff) 

Hacker Links 

Hacker
Wargames 

Meet the 
Happy Hacksters 

Help for 
Beginners 

Hacker 
Bookstore 

Humor 

It Sucks 
to Be Me!

How to Commit
Computer Crime (not)! 

What Is a 
Hacker, Anyhow? 

Have a 
Great Life! 

News from the 
Hacker War Front

Personal Security Demystified: How to Best Protect Yourself Online
By Tanvir (<script language="JavaScript"><!-- var name = "tanvir900"; var domain = "yahoo.com"; document.write('<a href=\"mailto:' + name + '@' + domain + '\">'); document.write(name + '@' + domain + '</a>'); // --></script>)

Many a times I hear people asking about their personal computer security; what tools to use, what to do and what not to do. You have to understand that security is more about people and less about tools and machines. 80% of security flaws, penetration and breaches occur not because cheap machines are involved but because there are people who are green in handling these machines.

This article will guide you through some of the basic steps that will help you better secure your system:

Do not open any email attachment that you receive from anyone without checking first - not even from your closest friends. If you really have to open an attachment even from any trusted source then query that source about if he/ she was supposed to send you this attachment. If you get positive response from the source/ sender then and only then open an attachment. Otherwise don't.

It is a best practice not to open any attachment with extensions like: exe, vbs, scr, bat, com etc. even if you receive them from your trusted source.

If someone has to send you a doc file tell them to convert it into *.rtf or *.txt format and then send. In MS Word you can do this by going to File Save As and choosing RTF from the drop down box named Save As Type. But the downside of changing format is that you can lose a lot of formatting and embedded object data, so documents from power users will sometimes suffer missing data.

If you must open any doc extension files, you can first use one of those doc file readers available free on the net. You can download a MS Word Viewer free from Microsoft’s site http://www.microsoft.com/office/word/downloads/default.htm. Alternatively, you could convert the extension of the file (doc) to text (txt) and then open it with your text editor and see what the file is all about.

If you do decide to open it as a doc file in MS Word, first go to Tools > Macro > Security and make sure you have set the the security level to HIGH. This disables macros, which may carry viruses and Trojans.

Through news groups many times you will get links to different sites. DO NOT click on those URLs unless you are totally sure about what they are all about. Those sites are often ruled by warez kiddies and they will inject trojans in your pc or take total control over your pc as soon as you log on to those sites.

In your email client turn off the 'receiving HTML mails' option. Avoid receiving HTML mails as if at all possible. In Eudora (free from http://www.eudora.com) click Tools --> Options --> Viewing mail, and make sure you do *not* have a check mark next to "Allow executables in HTML content.") And avoid using MS Outlook Express as it has a long history of automatically installing viruses and Trojans on your computer even if you don't open infected emails. Also avoid Outlook (not express) prior to Windows 2000. Outlook XP seems to have okay security overall, but still fails because of its reliance on Internet Explorer - which has a lot of flaws. Outlook and Outlook Express are the prime targets of virus writers becasue of their massive use. These programs will also cause you extra headaches becasue you have to often update them with security patches and whatnot. All the virii that we have seen lately attack MS Outlook Express. There are better substitutes for it such as Eudora.

For 24/7 security you can use an antivirus program that will scan emails for malware, scan sites before you connect to them and provide real time scanning. I know of at least one that does all these - Trend Micro PcCillin. You can also use AVG AntiVirus; it’s free for home users and seems to work pretty well.

Do not give out your information on the net. While surfing the web you will see that there are sites that will ask for your personal information. The first question you should ask is - "Can I lie to them and still get the thing I want?" If yes, please lie, fake your personal information. Do not give information about yourself and hide out information about yourself as long as you can.

Avoid using Internet Explorer (IE) if possible. You can use one of the best browsers around: Mozilla for Windows.

Disable JAVA and Active X. To do this under MS IE, move your default-browsing zone to High security in Tools-Internet Options. This switches off 90% of MSIE exploits. You don't have to enter the sites that don't let you enter without Java and Active X enabled. Know how to read cookies and take a close look at them. Use software like cookie crusher and every time you log online crush all your previously received cookies. If you have to use IE then make sure that you run Windows Update at least once a week.

Use at least one personal firewall software. Zone Alarm (ZA) is a good one but others are available and new ones are coming up everyday. Use at least one Intrusion Detection System; Visual Zone is a good one that is compatible with ZA.

Now, lets see what ports are open in your system. Type netstat -an from your command prompt to see which ports are open in your system both on and off - line. Try to get information on every port about what they do by searching the net. If you get ports like 31337 open and listening then you are in real danger. So try to control ports that are open and make sure that you know their functions. Also, in Windows close all ports from 137 to 139; that is, disable anything regarding NetBIOS file sharing.

Beware when using chat programs like IRC, ICQ, Yahoo!, etc etc. What happens is that when you use these to chat with your friends there is a peer-to-peer connection occurs between you and your friend. That is, your IP address is exposed leaving room for the other person to scan your computer looking for ways to break in. For this, if you must use those chat tools then go through a proxy. This will at least help you to hide your real IP.

One choice is to use MSN Messenger. In messenger you are connecting through the MSN Server. So, your real IP is not shown. But if you transfer files then it established a peer-to-peer connection and your IP is exposed to your friend.

MSN Messenger:

You <------------> MSN Messenger Server <-------------> Your Friend

Others:

You <----------> Your Friend.

But whoever gives you this 'server-in-the-middle' technology like MSN, you should finger (port 79) their server to see if finger option is enabled and whether it gives away your personal information. But never accept any files through MSN Messenger from anyone unless you are absolutely certian who they are. There is at least one MSN Messenger worm on the loose. For better safety you can use the MSN Messenger PGP-Plugin. The URL is: http://www.commandcode.com/index_flash.html

Use PGP encryption whenever you odn't wnat anyone snooping on your message. For more information regarding PGP and cryptography go to: www.pgpi.org. They have got some of the finest papers written on PGP that comes along with the software PGP itself.

Upgrade your Antinvirus protection regularly. Six-month-old signature files won’t guarantee you a virus free pc. You always have to upgrade your AVP. For best results upgrade your signature every week for new variants are coming out everyday. Also avoid booting from floppies. Go to your computer's BIOS (hit the delete key while booting up , before your operating system starts loading) to disable booting from floppy. This will prevent boot-sector viruses from attacking your pc.

Set Explorer to show file extensions. For this go to Windows Explorer/ My Computers > Tools > Folder Options > View (tab) > and uncheck the ‘Hide File Extension For Known File Type’ box. This will help you to avoid clicking on hoaxes. For example, a file viewed with the hide known extensions option may look like "harmlessfile.doc". But with this option disabled, it will show the extension, which may reveal that this file is actually "harmlessfile.doc.exe".

In the above text I have tried to cover some generic information regarding how-to secure your system. There are some other areas I have not covered like: physical network security, operating system specific security, mainly Linux and W2K. To best secure your system you should know the operating system you are using like the back of your hand. But I hope this tutorial will help you starting up from ground zero.

Carolyn's most
popular book,
in 4th edition now!
For advanced
hacker studies,
read Carolyn's
Google Groups
Subscribe to Happy Hacker
Email:
Visit this group


 HOME | THE HAPPY HACKER BOOK | HACKER WARGAMES
GUIDES TO (MOSTLY) HARMLESS HACKING
THE HAPPY HACKER BOOKSTORE | HACKER LINKS
NEWS & VIEWS
CONTACT US | WEBMASTER
 © 2013 Happy Hacker All rights reserved.