A few days ago I did a diary called Lessons Learned https://isc2.sans.org/diary.html?date=2008-08-03. In the diary I talked about the many home computers out on the net and within our own networks that are compromised by malicious programs and are allowing our computers to be taken over by the bad guys on the net. I had stated that it was our responsibility to educate the home and small business computer users to the dangers of the Internet and how they can protect themselves. That is where the idea for this diary originated. Let me first say, I don’t have all of the answers. If I did, I would be rich and wouldn’t have to work again. And not everyone is going to agree with the things I say. If you don’t, if you have a better idea or alternative to one of my suggestions, or if you have one of your own, let me know. I will add some of the best ideas to the diary. That said, here are some ideas…tips from me.
- Back up your important data. At any point in time you could have a catastrophe happen and you suddenly realize your data is gone. It has happened to the best of us. You have a hard drive crash, you have a worm or other malicious program install and suddenly everything is gone. That is Murphy’s Law when it comes to computers. So back up your data, back it up often. How often really depends on you and your data. How often does your data change? How long would it take you to recreate it? These things are going to determine how often you will want to do backups. As for how to do the backups, that depends too. I do backups to disk using the old zip drives for all of the files that I want to be able to restore quickly. I also use a service called Mozy backup.
Mozy is great for storing your files online. If you have less than 2 gig of data to backup you can use Mozy Home. The data is encrypted and stored on a secure server and the backups run daily at what ever time you choose. The first time your backup is going to take a while to run. After that the backup is pretty quick due to the fact it will only back up the files that have changed. If you have more than 2 Gig of data or if you want to go to the next level of security you can use Mozy Pro. Mozy Pro adds more encryption, more security and faster upload and download and other features and enhancements at a very reasonable price. There is a Mac client available as well as a PC version. Go to www.mozy.com for more information.
Whatever methods you choose, make sure that you test the restore often, just to make sure that the data is really getting backed up.
- Install an antivirus / anti spyware program and make sure that you check it often to ensure that it is getting the important updates. If your ISP offers a Security Suite consider taking advantage of their service. They have your best interest at heart but they are also interested in protecting their network and resources. My company offers SecureIt (www.securitycoverage.com) to all of our customers. This program combines anti-virus, anti-spyware, Windows Updates, Parental Controls, Firewall and reports all rolled into one package. It never expires as long as you pay the bill.
You can also go to your local office supply store or retail store and buy Norton, McAfee, Trend Micro, or any number of other packages. Take them home, uninstall your old version, install the new version and do the updates immediately. Make sure you set the computer to update the files everyday and scan at least once a week. Also make sure that you do your annual renewal. If you fail to renew your subscription you will still be protected from the old exploits but not from any of the new ones. When you consider that there are 50 or so new virus/Trojan/Worms discovered every week that means that a lot of potential damage to your computer. Also, make sure that the package that you purchase has the Anti Spyware program with it as well. In today’s world of exploits the spyware creators are actually more dangerous than the virus creators.
- Install a firewall in your network. If you have an “always on” connection to the Internet, if you use DSL or Cable Modem and your ISP doesn’t provide a router, you probably will want to run to your local Best Buy, Staples, or other computer/office supply store and pick up an inexpensive router, just make sure that it has firewall capability. Take it home and follow the manufacturer’s instructions to install. As soon as it is installed, find the instructions for changing the password and default IP address and change them immediately. I just recently purchased a little Netgear device for my home network. I was really impressed when I got it home and started working with it. They had added a lot of great new features that can be used to secure your network. If you are using a Wireless Network in your home, absolutely without a doubt, change your router to use encryption. Here is a really good web site that explains how to secure your wireless network. http://compnetworking.about.com/od/wirelesssecurity/tp/wifisecurity.htm
Just make sure that you turn on WPA (I recommend WPA2 as a minimum) and setup a secure key to protect your network from outside access. This will prevent someone from jumping onto your wireless network and using your Internet connection for evil purposes or to hack into your computers.
- Apply all patches for your Operating System. If you are like most people and you are using one of the Microsoft OS’s turn on your Automatic Updates. This will allow your computer to get the updates from Microsoft as soon as they are available. Microsoft does their monthly updates the 2nd Tuesday of every month. Check our Diary at isc.sans.org for explanation of what the updates cover.
- Create a new account for the Administrator account …. And don’t use the name Admin, Superuser, or anything else that would indicate that it is the Administrator account. Use this account ONLY for things that require Administrator privilege.
- Create another account that is a user account. This account will be used on a day to day basis. This will prevent some of the malicious content on the net from adhoc getting installed on your computer.
- On all of your user accounts use strong passwords. Don’t use anything that can be identified with you such as your name, birthdate, spouse/child’s name, pet’s name, or any word found in the dictionary. Many programs exist on the Internet that can be used to crack easy passwords in a short amount of time. Try using phrases or better still take the phrase, pull out the first and last letter of every word and use that as your password. Or try replacing characters with numbers such as the 0 (zero) instead of the O, a ! instead of a 1, a 3 instead of an e, etc. Don’t use the same password on every site you logon to either. In other words, don’t use the same password for your Amazon account or your ITunes account as you do for your Bank or Credit Card web sites. Try mixing it up a little. For instance, if you use the phrase The Fox Ran Fast and you bank at Wells Fargo and you have a Citibank Credit Card – try these for passwords. Your base password might be tefxrnft – now for Amazon you add az and the year you were born, so Amazon password might look something like this tefxrnft54az, your bank password might be wftefxrnft54 and your Citibank password might be cb54tefxrbft. Now if you want to be really secure you can change the e to 3 as in wft3fxrnft5$. I think you get my drift. Be creative, but safe. If you want to see how secure your current password is check out this site from Microsoft.
Use care when surfing the net, chatting on IM and opening emails. Don’t click on links in emails unless you are absolutely certain that you know the origin of the email. Just because it looks like it came from Aunt Sally there is no guarantee that it really did. It could have come from someone masquerading as Aunt Sally or it could have come from Aunt Sally’s infected computer. When surfing the net be very careful that you only surf to trusted sites. Even some trusted sites can become compromised, so if you are on a site or doing a search in your favorite search engine do so with caution. If you are prompted to install a program, err on the side of caution and say no. Never install software just because a pop up tells you to install. This happened to my daughter the other day. She is fully protected with AV, anti-spyware and firewall. However, she did a Google search looking for some information on motorcycle parts. A window popped up and said that she had a potential infection on her computer. Did she want to install Anti Virus 2008 and clean up the infection? She thought that was her AV program telling her to update and she clicked yes. Of course it installed. Then she got the message that she needed to buy the program in order to do the scan. She kept clicking cancel but the program would not close. A cleanup of her computer took about 2 hours and then a half hour lecture followed about clicking yes. As my mom used to say when cleaning the leftovers out of the refrigerator – if in doubt throw it out. Same goes for clicking. If in doubt just say no.
- Don’t download from untrusted sources. There are some free programs on the Internet that can help with cleanup of your computer and help keep your computer running smoothly. Some of these are good little tools. Just be careful were you download from. Only go to trusted sites to download programs.
- Set your email to plain text instead of html. This will prevent the links in your email from being clickable and will prevent malicious code hidden in the email from running when you open the email.
- Do some simple things to protect your computer. Turn off File and Print Sharing, NetBios or any other service that you don’t need to use. A sight with good information for home computer users using Windows computers is www.microsoft.com/protect. This site has a lot of tips for the home computer user.
- There are many cool new toys that can add some zip and zam to the computing experience. Many of them use the computers USB port to connect and have storage capabilities. Whether it is your memory card for your digital camera, your MP3 player, your flash drive/thumb drive for removable storage, a removable hard drive or a digital photo frame you may get more than you bargained for when you plug them in. We have had reports of malicious software on all of these devices, brand new, out of the box. Use care when plugging in USB storage devices. Before you plug in any USB device turn off autorun http://antivirus.about.com/od/securitytips/ht/autorun.htm and virus scan the device.
- Never give your personal information on line. There are a lot of phishing emails circulating attempting to convince you that your personal information is needed by your bank, Credit Card Company or other financial institution. There is some circulating that want you to believe that they are from the IRS, the Dept of Revenue or another government agency. They are simply trying to trick you into giving them your identity. Don’t let them trick you… don’t answer, just throw away.
- Know your computer – hard disk space available, is it running slow, unexpected pop-ups. If anything seems out of the ordinary, slow down and take a close look. Your computer may be trying to tell you something. It may be warning you that something has gone amiss. Run a virus scan, run a spyware scan, look at the Event Viewer logs. Check the space on your hard drive. Is it using a lot more now than you expect? If it is you may have a backdoor on your computer and someone may be storing information on your computer that could be dangerous and costly.
- Don’t download P2P programs. Music/Video download from services like Limewire, Bearshare, Gnutella and Kazaa can open your computer up to massive exploits. These services claim to allow you to download for free that which you would have to pay for at Napster, ITunes, NetFlix or any of the other legitimate download sights. Why would you want to pay for something when you can get it for free, right?
Well, as my momma’ used to say…. No such thing as somethin’ for nothin’. Somewhere down the line you are going to have to pay. These “free” downloads sites have a large payload. That payload is an open door right into your computer’s hard drive and the network it is connected too. This payload may include keyloggers or other nasty little parasites that can strip you of your personal identity. My recommendation is don’t use P2P programs. Download your entertainment from legitimate sites.
These are just a few of the tips that I have to offer. Now let’s hear from our reader’s. As I said, I don’t have all the answers and am open to input from our friends on the net.
Aug 9th 2008
I'm not sure if this makes any difference, but one rule I try to follow is to close all browsers (and use Task Manager to make sure the processes have exited) before accessing any financial or commerce websites. I then open the browser (with no homepage set) and then go straight to the site, do what I need to do, and then exit the browser before doing any more browsing. It seems like a lot of the XSS vulnerabilities that get announced only apply to activities within a given browser process, and so mythinking behind this particular approach is to minimize the chances that a random site has managed to hijack the session. True security heads should maintain separate accounts for financial, commerce, and other websurfing. Fast User Switching in XP/Vista (or similar in other OSes) makes this a lot easier.