OK, this is a long one....
Sorry about my last post. It was a bit of a late night rant without actually putting across my reasoning’s behind my statements.
What did I mean…
Firewalls and NAT (on your router):
Note that I shall use the word “spyware” for both spyware and malaware to save characters.
My first recommendation with regards to securing yourself at home as to buy yourself a router that supports NAT (Network Address Translation). The reason for this is that with NAT enabled (even with the Firewall turned off) your IP address is not routable from the WAN. Only connections that you have established will be allowed to pass through the NATed router (and only from the IP address you have established the connection with. This stops pretty much all attacked directly to your machine. Although there are advantaged with enabling the Firewall on your “broadband router”, since only “established connections” are allowed through anyway with NAT enabled, then the chances are even if you have the Firewall running, you’ve already opened that port to use anyway. The other reason for not recommending inexperienced users from configuring their Firewall, is that in many cases it’s easy to get things wrong.
E.g. Not knowing the differences between “Port Forwarding” and “Port Allowing”. (“Port Forwarding” effectively makes the port routable to the outside world)
Port 80 (usually used for Web traffic) is one of the biggest risks to your computer, since this is one of the ports your “programmer” knows will usually be enabled. So if to effectively secure yourself you need to only allow specified IP address ranges through the Firewall which is obviously an administration overhead.
I’ve run Zone Alarm and have left my PC on for days firstly putting my system in the DMZ (i.e. Fully exposed) and just with NAT enabled. In the DMZ I obviously get loads of hits where as with just NAT enabled I saw nothing. The thing is, there are so many systems out there fully exposed, then all you really have to do is make sure you are not the “lowest hanging fruit”. Think of this like putting a security alarm on your house (so that the intruder picks another house)
Virus Protection:
Not much to say about this one really apart from make sure it’s a good one with real time protection. Make sure it’s always up to date
System Updates:
Again, make sure your system is always up to date.
Local Firewalls:
Local Firewalls have additional functionality where they can lock down an application to specific ports to stop any unauthorised access by other applications (viruses, spyware etc). The problem with this that “programmers” are now aware of this so instead of trying to access the port directly (say to send personal information) they now hijack other applications which they know will be allowed access. Administering the Local Firewall is much easier than a “broadband router”, so if you were keen then you could enable the Firewall, and build up over time the external sites you allow access to for Web traffic. My biggest problem I have with this is that it not just me who uses the computer. I sat down with my wife and explained about the Firewall, what is was there for and how if she tried to access an address that we hasn’t been to before she just needed to “Allow Access” to that site. This however gets translated to “just press the OK button if it pops up”. Yes I could sit down with her again and explain this in more detail but does anyone think she’d really be interested and take in my comments?
Spyware tools:
The better Spyware tools on the market usually have two main functions. The first one is the usual Spyware scanner (search your hard drive for spyware etc) and the second “real-time protection” system. These real-time protection systems typically contain anti application hijacking systems that stop unauthorised access which is obviously more effective than the Local Firewalls. Unfortunately (usually) the free products only contain the Spyware scanners where as the subscription products offer the real-time protection. With most of the Spyware tools you are able to evaluate them before you buy. This I found really useful and some of the tools seem to produce prompts with “Allow or Deny” which was not ideal when other people uses the PC (I like the deny all) and I get called if something doesn’t work.
Another useful tip is to use a second Spyware tool for "scanning only" (so could be one of the free versions) as the different tools appear to pickup different threats (I haven't found one tool that was best for all).
Using Non-Microsoft Tools for security:
There are many people out there using non MS tools for Web browsing etc as they offer “better security”. There will be security holes in these tools, but they are not really at the top of the list to be exploited at the moment. If you do run these tools, just like you do with Windows, make sure you keep them up-to-date and secure them as best as possible.
Threats to your computer at home:
As with most of security, you have to way the risks to your system with the overhead to manage the security you implement and any reduced functionality that the implementation creates. What I mean by this is that we all know the likes of Active-X controls and the “likes” are security holes. But at the same these offer greater functionality and user experience of the internet that just basic HTML.
For most people, the main risk to their system is that personal bank information, and this risk could be access to files on your computer or by Spyware key-loggers (log key actions). As long as you are sat behind a NAT’ed broadband router you will stop all but the very persistent hackers on the internet. (A very, very persistent hacker could also compromise all but the best Firewalls) from hacking into your computer and real-time spyware and virus tools will protect yourself while you surf.
As always, it’s also important to “back up” your personal data. So, in the event that a virus does slip through the net (your Virus protection) and trashes your PC then you can recover your system. It’s also pretty handy if your hard disk fails!
Why this is different to the office:
In the office we have a team that manage our Firewall/Proxy full time. They are adding and removing rules for Web traffic on a daily basis. Security is a very high priority as if the business was compromised or a virus breaks out, this can cause millions of $$ to the company, and could even put it out of business. If you have data on your PC that is that critical, I recommend you don't keep in on a PC connected to the internet. Other less drastic ways to protect sensitive data is to “password protect” the data (encrypt).
The “issues” I have with Firewalls is that the term seems to be used by the likes of Microsoft etc as the ultimate security tool. In reality, as spyware and viruses are more of a threat, the dedicated Virus and Spyware Tools offer better protection (providing they offer real-time protection) with less administration overhead than Firewalls.
I believe that these are reasonable steps that even the most inexperienced is able to implement, with minimal setup overhead and on-going support.
I hope this explains my original comments. Any comments?
BTW – Yes, I know NFS v4 is secure, but unfortunately like may companies we still have legacy equipment to support within our environment which “those poor people I support” will not allow us to get rid of! (Yep, we have SunOS 4.1.4, HP-UX 10.20, RH 6.0). Were still stuck on NFS v2 on most of our systems as some of these OS’s fail to negotiate properly even with an NFSv3 filer.
