Thursday, March 04, 2010

How to Secure your Computer

The following list various methods and software*** that can be applied to secure your computer.

1.Use a Firewall - see Firewall Testing (Hardening)
Software: Comodo Firewall, Zone Alarm
To configure firewall, it is useful to know the port numbers of common services. This can be found from IANA in:
www.iana.org/assignments/port-numbers
Your own IP address can also be discovered using: http://whatismyipaddress.com


2. Use Anti-Virus software
Software: Avast, Avira, AVG
Testing of antivirus software can be performed using the following tools:
- EICAR - www.eicar.org/anti_virus_test_file.htm - Provides a standardized test file for signature based virus detection software.
- Spycar - www.spycar.org - Spycar is a suite of tools designed to mimic spyware-like behavior, but in a benign form.

3. Use Anti-Spyware
Software:  Spybot Search and Destroy, SuperAntiSpyware

4. DNS Routing and protection - setup your DNS to be routed over a DNS provider with filtering and protection.
OpenDNS

5. Use a password manager to manage multiple passwords
Software: KeePass
Testing passwords can be accomplished using these tools:
SecurityStats - http://securitystats.com/tools/password.php

6. Browser Plugin Protection
Software: Web of Trust, McAfee Site Advisor

7. Encrypt your files on your computer.
Software: TrueCrypt

8. Securing your websites.
Using SSL: How to implement SSL in IIS
Testing Tools:
Goolag Scanner (www.goolag.org) provides one more tool for web site owners to patch up their online properties. It is powered by Google to help see if your sites are vulnerable to a hacking attempt. By typing in a domain name it may return site vulnerabilities. The tool makes “it easy for unskilled users to track down vulnerabilities and sensitive information on specific Web sites or broad Web domains.” The tool uses the Google Custom Search engine and has a detailed specification (http://www.goolag.org/specifications.html) on how it works.


9. Disable Autorun to prevent attack from infected USB or other removable drives.

Click the Start button, then Run and enter “gpedit.msc” without the quotes
Go to Computer Configuration -> Administrative Templates -> System
Scroll down to “Turn off Autoplay” and double click on it
Click on the “Enabled” radio button, then for “Turn off Autoplay on” select “All drives”

10. Use portable Linux which runs entirely from the CD or DVD without accessing the hard drive. The distributions are:

Google Chrome OS - developed by Google. Intended to run on Netbook and allow user to interact with web applications. The standalone DVD is available to use as a standalone OS without installation

Lightweight Portable Security (LSP) - developed by the USA's Department of Defence, is a small Linux live CD focusing on privacy and security, for  this reason, it boots from a CD and executes from RAM, providing a web browser, a file manager and some interesing tools. LPS-Public turns an untrusted system into a trusted network client.

11. Check various alert service websites:
Stay Smart Online

12. How to Lock Down Linux - short article with a few basic essentials to secure Linux.

*** This article, writer and blog does not recommend the use of the software above and is not liable for anything. The list of software is represents the authors personal opinions.

13. To check suspicious behaviour, there is a range of tools, collectively called Sysinternals, which is now available from Microsoft. Here is a presentation on how to use Sysinternals by its creator Mark Russinovich, entitled:
Malware Hunting with the Sysinternals Tools
Date: June 12, 2012 from 3:15PM to 4:30PM

14. Security on USB.

Ghost USB honeypot (http://www.honeynet.org/node/871)
This is currently a research project to identify malware on a PC that tries to infect any connected USB. Here is a description from its website.
----------------
"Ghost is a honeypot for malware that uses USB storage devices for propagation. It is able to capture such malware without any further knowledge - especially, it doesn't need signatures or the like to accomplish its task.
Detection is achieved by emulating a USB flash drive on Windows systems and observing the emulated device. The assumption is that on an infected machine the malware will eventually copy itself to the removable device."

15. Social Network
For Facebook and Twitter and perhaps some other social networking sites, there are profile scanners available to scan links, newsfeeds, messages, such as the free one from Eset https://socialmediascanner.eset.com/.




No comments: