Whenever I take a look at our web server log files, I am amazed how many robots are trying to hack their way into our machines every day. And whenever I help a friend or neighbor to fix a computer problem, I need to explain even the most essential safety measures as most PCs are infected with some trojan or virus already.
Computer and network security is a big issue, don’t underestimate the risks. I first noticed this years ago when I installed a free personal firewall on my PC. Only seconds after the program started to do its job, it alerted me of suspicious activity on ports and protocols that I even didn’t know existed. Steve Gibson calls this activity Internet Background Radiation. Much of this is not merely junk but malicious traffic. To protect my personal computers, data, and privacy, I have taken a number of simple security measures which I want to share with you.
Hardware
Use a router
No matter whether you have a cable, DSL, or ISDN connection, buy a router and let it block all unwanted traffic. Modern routers include a hardware firewall which will close or „stealth“ all machine ports that do not need to listen for incoming network traffic. Make sure that all network ports are stealth (invisible), or at least closed (unresponsive). You can use the Shields Up online tool to challenge your computer’s ports.
Security tokens
Paypal/Ebay implements two-factor authentication. For very little money you can purchase a small device (see image above) which generates a unique key each time you log in. So even if somebody knows your password, they cannot log into your account because they don’t know the extra number which changes each time. Verisign offers a similar system which you can use to secure your OpenID account. Many online banks have similar tokens or devices that generate one-time keys using the bank’s card.
Encryption
Use encrypted connections to the Internet whenever possible. If a web shop or service offers a secure (SSL, https) connection, use it. Try to set up your email client with a secure connection (TLS, SSL) to the mail server. Encrypt sensitive emails or email attachments.
If you run a WLAN, encrypt your traffic. Do not use WEP to do this as this protocol can be cracked within minutes! All modern routers have WPA which is much more secure. If your access point and connecting machines support WPA2, often also referred to as AES or CCMP, use this. For regular WPA encryption (a.k.a. WPA1 or TKIP) a vulnerability was recently reported which could allow a hacker to decrypt very small data packets under certain circumstances. With both WPA1 and WPA2 your WLAN is definitely protected from eavesdropping as long as you use a secure password. Generate a strong password here.
My Laptop’s harddisk is encrypted with TrueCrypt [comment Nov 10, 2014: Truecrypt is no longer supported by its developers, see truecrypt.sourceforge.net]. Should it ever get stolen, nobody will be able to see the data.
I never connect my private Laptop to a wireless access point in an Internet Café or hotel. On my company Laptop I can use a secure VPN connection. If you don’t have company VPN, use a service like OpenVPN to get your data encrypted before it is aired on an insecure WLAN.
Software
Operating system updates
Always install all security patches immediately.
Firewall
Since service pack 2 of Windows XP every windows machine fortunately runs Microsoft’s software firewall. It only blocks incoming traffic though which is why I run the Sygate free software firewall. Sygate alerts me when a program on my computer wants to connect to the Internet. I would therefore be able to quickly identify and block any trojans that try to phone home. Once malicious software finds its way into your computer it can disable the software firewall. A hardware router therefore provides better protection.
Antivirus programs
I run Avast free Home Edition on my PC. Needless to say that every computer should have Antivirus software installed. Computer viruses ar no longer ditributed via floppy discs or email attachments. Most infections happen on websites these days so you better have virus tool scan the incoming traffic
Anti Malware tools
Next to Avast I run Spybot Search & Destroy. There is much more junk out there than just viruses.
Virtual machines
A virtual machine will protect you from any damage caused by viruses and malware because it is a self-contained operating system environment which can be easily reset to a previous state if it was compromised. If you like to surf the darker corners of the Internet, get yourself a copy of VMware.
Web browser
Use the most recent version of your web browser of choice. Don’t stick to older versions as they have known security vulnerabilities that got fixed in more recent releases. Configure the browser to block 3rd party cookies. Delete permanent cookies from time to time. Do not allow unknown or even dubious websites to run Javascript in your browser. Use Internet Explorer’s trusted zones or the Firefox NoScript add-on.
Secunia PSI
This useful tool helps you to always run the most recent and secure versions of software. It scans your PC and reports programs that should be updated.
Good security practice
A number of additional simple measures will significantly increase your security and privacy.
Do not work and surf with your computer’s Admin account, create a less privileged user account.
Make your hosts file read-only to prevent malware from tampering with it.
To prevent keystroke logging, copy-paste user names and passwords, don’t type them.
To prevent cross site request forgery, log out on a passwor protected website before you surf to another one.