[10068]

Quote:

Originally Posted by mjg pessimistic? More like reaslistic.

How did I know you were going to say that

 

[Welly Wu]

Another idea: if you are really serious about security, then you absolutely need to build up your knowledge and experience by getting books on the topic. Go to your local bookstore and browse through the Security+, CISSP, etc. books. Start reading them one at a time, but make sure that whichever book you buy first is the one that speaks to you best in your own language. Those books are a treasure trove of information on how to secure your Windows and Linux operating systems along with esoteric (but absolutely critical) networking topics including networking topologies and building a secure hardware network infrastructure. That'll start you off in the right direction for sure. You won't have to wade through all of the crap on the Internet that tell you to do x, y, and z when you know for sure what you need to do.

Matter of fact, I'm going to start reading my Hardening Linux book. There's a Hardening Windows book too and I can recommend it because it's easy to read and it teaches you concepts by making you do specific exercises; a task based learning book works best for me.

 

[10068]

Quote:

Originally Posted by viator122 Well just to offer a perspective, I do everything you mentioned in your OP but I can safely say I don't know the first thing about making myself stealth.

Quote:

Originally Posted by Sduibek i've properly set-up a Router and software firewall.

eg- I know about port 113, I know how to Stealth ports, I know about MAC address filtering, and have configured my router and firewall(s) as such. "Properly set-up" means all those things to me, FWIW. So no, you didn't do everything in my OP

Quote:

EDIT: mjg, welly, what do you think is a good compromise level of security? i.e. not giving yourself a migraine and an ucler over it, but also not leaving your SS# posted on the web either.

Exactly. That's what my OP was meant to say. Sorry if I gave the wrong impression

 

[Welly Wu]

Honestly, I'll go to extremes to secure my computer systems. Do a search on some of the past threads and posts that I've left here on Head-Fi when it comes to security. I'm still doing all of the stuff that most people have suggested in this thread alone for both my Windows and Linux machines. Another invaluable part of security is to stay up to date by buying books. I'm a book guy and I learn best from reading and doing. Soon, I'll be reading my Hardening Linux book and I'll be buying the CISSP and Security+ books at work. Whatever I read, I seem to take action upon. For me, having an up to date library of security books and subscribing to systems administrator magazines is essential too. However, I realize that most people will not go this far.

 

[10068]

Quote:

Originally Posted by psychogentoo If you have a wireless network setup, be very paranoid even if you use WEP. WEP is very easy to crack, very easy. The bright side of WEP is that most people don't even have that turned on so a wardriver will most likely by pass your network for an open one.

What about WPA and WPA-SPK?

 

[Feanor]

I wonder. I use the norton firewall, with minimal customisation, yet according to those sites, all my ports are shielded (stealth, whatever). FYI, I get alerts about once in an hour about trojans and viruses trying to get in. Should I be taking extra steps in security?

 

[10068]

I just got done reading something that says routers can be tricked into thinking the data a hacker sent is actually coming from a legit IP on the internal network system... in that sort of situation, how does one protect their data?

 

[Welly Wu]

Sduibek:

I edited my post #15 so you may want to look at it again.

WPA-PSK using TKIP is the best standard Wi-Fi encryption system available to home users today. It has built in anti-hacker protection so use it instead of WPA-PSK AES which uses the Advanced Encryption Standard that enables symmetrical 128bit encryption but no anti-hacker protection. Also, you need to engage Wi-Fi channel hopping if it is possible in your hardware router's internal configuration. Let it change the Wi-Fi channel automatically throughout the day and night for you. Then, you will also want to limit the number of DHCP users and restrict any unused IP / MAC addresses as well. Say you have DHCP enabled and you have say 7 computers in your home. IP addresses 192.168.0.100 - 192.168.0.106 or 192.168.1.100 to 192.168.1.106 and your specific MAC addresses should be in your whitelist of permitted computers to access both your internal LAN and external WAN. Why not blacklist the other IP addresses such as 192.168.0.107 through 192.168.0.254 or 192.168.1.107 through 192.168.1.254 as well from gaining access to the WAN? CHANGE YOUR SSID and CHANGE YOUR PASSPHRASE randomly every day by using a combination of a simple phrase and random numbers and symbols: mh#al&8l&ll (maryhad#alittle&8lamb&littlelamb) but make sure it is over 12 characters long.

Go out there and buy the Mozilla FireFox hacks book at your local bookstore so you can learn how to modify the chrome code.

Do all that stuff that I recommended with the security software in post #15. That'll make sure your Windows OS is clean and secure on the inside.

Lastly, consider dual-booting Windows and Linux. Run Linux for general purpose day to day computing needs such as e-mail, Internet, word processing, etc. Run windows for games or music only in user mode, not administrator mode.

Don't forget to start backing up your data. I would recommend a tape backup system along with Dantz Retrospect Professional for windows (http://www.dantz.com). Schedule a backup cycle and segregate the backups into two sets: A and B. A will be your total 1 week's worth of data backups. B will be your daily backups. Go out and buy a fireproof safe with two keys to store your data backups or consider going to your bank and opening up an safe deposit too. Keep your montly data backups in that bank safety deposit and keep it outside of your home. For Linux, use the AMANDA backup program to backup your Linux data and partitions.

 

[10068]

Quote:

I find it aggravating that you think that this is a private thread

Quote:

assume everybody knows as much as you do about this topic.

do i? I started a thread asking for other's opinions, didn't i? then obviously i don't assume i know everything. i know a decent amount, but i know i dont know "more than everyone else"

 

[Welly Wu]

Quote:

Originally Posted by Sduibek I just got done reading something that says routers can be tricked into thinking the data a hacker sent is actually coming from a legit IP on the internal network system... in that sort of situation, how does one protect their data?

Sduibek:

This is called spoofing. It is possible for an external war driver to gain legitimate access to your LAN through spoofing a real IP address and MAC address combined. It's easy to do especially under Linux. That's why you need to change your ssid, disable ssid broadcast, change your encryption to WPA-PSK 128bit key, change your passphrase, and disable remote management through port 8080 along with disabling uPNP in your router. This is also why you need to run all of those security programs that I mentioned in post #15 to make sure you are reviewing and monitoring your security logs so that no one actually spoofs a real and legitimate IP / MAC address to gain unauthorized access into your computer network system.

Windows XP Professional and especially Home still have 15+ security holes that could grant an outsider remote access into your computer - take a look at secunia for the detailed analysis and security audit: http://www.secunia.com . RHFC3 SELinux doesn't have those kind of problems with remote access, priviliged escalation of rights, or root kits because you can modify the kernel by implementing SELinux with finer granualar restrictions or use GRSecurity which is even better: http://www.grsecurity.com . Please consider installing RHFC3 SELinux or RHFC4 SELinux on June 6th, 2005 as a dual-boot configuration on your computer to avoid these security holes in Windows.

If you can, turn of Wi-Fi completely. It will simplify your security and it will make you less vulnerable to war drivers, hackers, and crackers. Heck, pull out the antenna to your hardware router if it is possible!

 

[minya]

Or you could just, you know, turn your computer off.

 

[10068]

Thanks for your wealth of information, Welly. Me is a happy camper now.

As far as disabling WiFi, I can't

My mom is grumpy and refuses to use normal hardwired internet at the moment. And i'm not yet stable enough to live on my own.

What do I lose by switching to Linux? How easy is the switch for someone who's used to DOS and Windows systems primarily? What runs on it? Games, drivers, programs? I've heard lots of things don't run right or don't run at all on Linux...

 

[minya]

Quote:

Originally Posted by Sduibek What do I lose by switching to Linux? How easy is the switch for someone who's used to DOS and Windows systems primarily? What runs on it?

Games don't run under Linux, usually, and Linux also has pretty terrible audio-app support. There's nothing anywhere near as powerful as foobar2000 for Linux, and there really isn't an equivalent of EAC, either.

Linux is a great idea, but it has a long way to go in terms of software support until I'll use it.

 

[morphie]

Hiding your IP is riduculous as you will most likely be unable to access most online servers. Not only that but its a difficult process. You could use a proxy server but whats the point?

Who cares who sees your IP or not? You think the guy can hack you just because you browsed his website and he got your IP? Dont give your files too much credit, fact is, noone cares about them, and the people who may actually hack you successfully using only your IP have better things to do, thats for sure.

Stop being a paranoid freak when it comes to computers, noone in your family will die because someone knows your IP finishes by 156 and ure using IE 5.5....

 

[mjg]

Quote:

Originally Posted by morphie Hiding your IP is riduculous as you will most likely be unable to access most online servers. Not only that but its a difficult process. You could use a proxy server but whats the point? Who cares who sees your IP or not? You think the guy can hack you just because you browsed his website and he got your IP? Dont give your files too much credit, fact is, noone cares about them, and the people who may actually hack you successfully using only your IP have better things to do, thats for sure. Stop being a paranoid freak when it comes to computers, noone in your family will die because someone knows your IP finishes by 156 and ure using IE 5.5....

hahhaahahahah

i actually am totally agreeing with this dood... definatley
hit the nail on the head.