Lets talk Internet Security
- Thread starter XXzz-Trauma-zzXX
- Start date
I work in IT and we get our hands on alot of really really badly infected machines in the course of any given work week. The only true way to keep a computer safe on the internet is to never connect it. I believe there were studies done, the results of which said that a computer running windows XP without any antivirus or security software was bound to be infected within 20-25 minutes of being turned on.
One major problem is that people go around using an Administrator account to browse the internet, and have either no knowledge of the Principle of Least Privilege, or no respect for it. This states that you should only use an account with the minimum necessary permissions to do what you're doing. So, just make two accounts: One to manage the properties of your system when you need to make changes, and the other to use when you're just messing around online or gaming. Simple as it sounds, this change can increase your safety by several orders of magnitude. Windows 7 and Windows Vista both have something called User Account Control which helps to enforce this, but its still not perfect, and there are still ways around it.
Personally, i have a knowledge of the threats out there and just stay away from sites which offer me free expensive technology if i take a survey, offer to give me an "Obama check" to stay at home and do nothing... But i still use software to stop my computer from trying to make decisions for me, and making the wrong ones.
If you were to go to one of the big ISP companies that is out there and ask "Which Antivirus software do you prefer?" they would list thirty or more scanners which run simultaneously. No one is perfect. I cant afford to sacrifice that much performance on my computer, but i do run two simultaneously. Don't take this as me suggesting you go out and download as many antivirus softwares as you can. Certain softwares conflict. I found that using AVG Free Edition in combination with Microsoft Security Essentials, I rarely have to be concerned with virus and malware threats.
The other thing is... DON'T USE P2P! This means no Kazaa, Morpheus, bittorrent, bearshare, emule, edonkey, or any of the other hundreds of programs/networks out there.
Yes yes yes, there are legitimate legal uses for it... but its in the top three causes of infections which people get. Yeah, that new movie that just came out and you downloaded in 30 segmented RAR files? No, thats not the movie, its a bunch of viruses.
I would say the top three causes of infections are, in no particular order:
-Clicking things that you shouldn't click
-Downloading things on P2P without knowing where they actually came from
-Opening email attachments without looking at them carefully.
If you are unsure about something, the safe choice is generally to not open or click or download whatever it is.... and thats a great way to avoid infection.
With wireless security, just like any security, its a door. If someone wants in, they are going to kick it down, or otherwise circumvent it. So, yes, as some other folks have said in this thread, hiding your SSID is largely useless, as anyone with any skill or intent can find your network anyways.
And encryption can always be broken, with a little patience and the right tools.
But nonetheless:
WPA2 > WPA > WEP
Change your passwords regularly. Not just your wireless keys, but your email passwords, your banking passwords, your computer passwords, everything.
While yes, a password with caps and lower case, letters, numbers, and symbols is harder to guess, choosing a ridiculously long password is not helpful. If you need to write it down to remember it, chances are you're going to hide it near your computer - a bad idea.
So pick something as randomly as you can - maybe make yourself an acronym or mnemonic. Toss in different cases, maybe an exclamation mark and a number.
One major problem is that people go around using an Administrator account to browse the internet, and have either no knowledge of the Principle of Least Privilege, or no respect for it. This states that you should only use an account with the minimum necessary permissions to do what you're doing. So, just make two accounts: One to manage the properties of your system when you need to make changes, and the other to use when you're just messing around online or gaming. Simple as it sounds, this change can increase your safety by several orders of magnitude. Windows 7 and Windows Vista both have something called User Account Control which helps to enforce this, but its still not perfect, and there are still ways around it.
Personally, i have a knowledge of the threats out there and just stay away from sites which offer me free expensive technology if i take a survey, offer to give me an "Obama check" to stay at home and do nothing... But i still use software to stop my computer from trying to make decisions for me, and making the wrong ones.
If you were to go to one of the big ISP companies that is out there and ask "Which Antivirus software do you prefer?" they would list thirty or more scanners which run simultaneously. No one is perfect. I cant afford to sacrifice that much performance on my computer, but i do run two simultaneously. Don't take this as me suggesting you go out and download as many antivirus softwares as you can. Certain softwares conflict. I found that using AVG Free Edition in combination with Microsoft Security Essentials, I rarely have to be concerned with virus and malware threats.
The other thing is... DON'T USE P2P! This means no Kazaa, Morpheus, bittorrent, bearshare, emule, edonkey, or any of the other hundreds of programs/networks out there.
Yes yes yes, there are legitimate legal uses for it... but its in the top three causes of infections which people get. Yeah, that new movie that just came out and you downloaded in 30 segmented RAR files? No, thats not the movie, its a bunch of viruses.
I would say the top three causes of infections are, in no particular order:
-Clicking things that you shouldn't click
-Downloading things on P2P without knowing where they actually came from
-Opening email attachments without looking at them carefully.
If you are unsure about something, the safe choice is generally to not open or click or download whatever it is.... and thats a great way to avoid infection.
With wireless security, just like any security, its a door. If someone wants in, they are going to kick it down, or otherwise circumvent it. So, yes, as some other folks have said in this thread, hiding your SSID is largely useless, as anyone with any skill or intent can find your network anyways.
And encryption can always be broken, with a little patience and the right tools.
But nonetheless:
WPA2 > WPA > WEP
Change your passwords regularly. Not just your wireless keys, but your email passwords, your banking passwords, your computer passwords, everything.
While yes, a password with caps and lower case, letters, numbers, and symbols is harder to guess, choosing a ridiculously long password is not helpful. If you need to write it down to remember it, chances are you're going to hide it near your computer - a bad idea.
So pick something as randomly as you can - maybe make yourself an acronym or mnemonic. Toss in different cases, maybe an exclamation mark and a number.
Last edited:
Most of the features your stated are Common in most router Security, including the 256 bit Encryption key.
Ask your Brother if hes fluent in C++
, probably is 
The safest computer is one turned off.
1. Just because you "think" you browse safe your not, sites like cnn, msn and so on can be hacked and injected with malicious code.
2. friends can send you emails you think is safe cause they are your friend= wrong
I mean even motherboard makers are finding viruses in their bioses and such these days
NOTHING is safe and everyone should run AV and some malware app and go from their, unfortunatly common sense alone does not protect you anymore!
1. Just because you "think" you browse safe your not, sites like cnn, msn and so on can be hacked and injected with malicious code.
2. friends can send you emails you think is safe cause they are your friend= wrong
I mean even motherboard makers are finding viruses in their bioses and such these days
NOTHING is safe and everyone should run AV and some malware app and go from their, unfortunatly common sense alone does not protect you anymore!
oh it's true that you can still get screwed over even if you think of what your doing but people also need to think about how to recover from things.
with my setup it is impossible for me to lose any of my data and i can recover a working system from disc images in about 15min.
so for me it makes more sense to just keep my network secure, use common sense and keep my good plan b.
since i can recover it all in about 15min there is really no point in getting a bunch of bloatware too scan. and a issue is really rare anyone it has been 12 years since any of my computers got infected.
Yep. The best thing to do is try protect yourself as good as possible with good anti-virus/spyware/malware and a fire-wall, but also a better recovery plan.
Pebkac
eliminate this problem and all will be fine
eliminate this problem and all will be fine
I've gotten a few viruses from just browsing the internet, not doing anything different than I normally do. Does that mean I am the problem?
^ yes
WEP encrypt your WiFi, use a randomly generated 32-character MD5 hash as the password.
+
Kaspersky/Norton Internet Security (set to auto update AT LEAST every hour) + Malwarebytes (for every connected computer).
+
Lock up unused/unnecessary router ports to prevent injection/backdoor attacks.
+
Common sense. :chair:
=
Not getting a virus/hacked/identity stolen because you did your research.
+
Kaspersky/Norton Internet Security (set to auto update AT LEAST every hour) + Malwarebytes (for every connected computer).
+
Lock up unused/unnecessary router ports to prevent injection/backdoor attacks.
+
Common sense. :chair:
=
Not getting a virus/hacked/identity stolen because you did your research.
Until somewhat recently I used a linux box as my gateway/router. The cable modem was connected straight to it. It in turn was connected to my router, which was not wireless.
I now have a D-link wireless router. It may amuse y'all, but I have zero encryption on it. I MAC filter the connections (meaning, I allow ONLY the devices I have defined to access the router). The router does not allow remote login.
My computer is hard wired into the router (not wireless), which is one of the reasons I don't really care about the encryption. The only thing using the wireless is my PS3, my sons computer and my cell phone.
I run avast on my computer, and I do weekly scheduled scans.
My gf and i both have an account on my computer, and both are password protected. My account has admin rights, hers does not. She can NOT install any program (or do anything) that will modify the system registry.
My login CAN install that stuff of course, but I have it set up to prompt me everything something tries to modify the system, and I have to grant it permissions. (This is true even for stuff like x-fire. When x-fire updates itself, I get a message saying "x-fire is trying to access and update so-and-so.", and I have to allow it...each time). I prefer it that way. Nothing gets installed or updated without my permissions.
I keep everything up to date, including all Microsoft products (I'm running win 7, professional edition).
As stated, the BEST thing is common sense. (but then again, common sense is learned from experience...)
I now have a D-link wireless router. It may amuse y'all, but I have zero encryption on it. I MAC filter the connections (meaning, I allow ONLY the devices I have defined to access the router). The router does not allow remote login.
My computer is hard wired into the router (not wireless), which is one of the reasons I don't really care about the encryption. The only thing using the wireless is my PS3, my sons computer and my cell phone.
I run avast on my computer, and I do weekly scheduled scans.
My gf and i both have an account on my computer, and both are password protected. My account has admin rights, hers does not. She can NOT install any program (or do anything) that will modify the system registry.
My login CAN install that stuff of course, but I have it set up to prompt me everything something tries to modify the system, and I have to grant it permissions. (This is true even for stuff like x-fire. When x-fire updates itself, I get a message saying "x-fire is trying to access and update so-and-so.", and I have to allow it...each time). I prefer it that way. Nothing gets installed or updated without my permissions.
I keep everything up to date, including all Microsoft products (I'm running win 7, professional edition).
As stated, the BEST thing is common sense. (but then again, common sense is learned from experience...)
Where do you people store your passwords?
I have looked into getting a password storer thingy. But hackers would easly be able to hack into that and get all my passwords.
I have looked into getting a password storer thingy. But hackers would easly be able to hack into that and get all my passwords.
keep them in your head
Thats hard, Someone said change them everyweek. I am out of passwords.
I want them to be like 4ada28sa12dc <-- I dont use that
I want them to be like 4ada28sa12dc <-- I dont use that
you dont need to change your password every week, most of the password systems people say to use are BS, because most people can not remeber them, thus they write them down or save them in a txt file or something.
for me i have passwords for
Forums
Games
Important things
Email
and in that i have about 8 total i remember that range from 8 to 17 characters using alpha and non alpha numeric characters
for me i have passwords for
Forums
Games
Important things
and in that i have about 8 total i remember that range from 8 to 17 characters using alpha and non alpha numeric characters
you just got to prioritise them for example i really don't care if someone hacked into this forums account so i never change it's pass. but things like my e-mail login details and my server passwords and ssh keys i change around ounce and a while and use harder pass's on them to begin with
Some minor points of correction:
- You mean to use WPA2 not WEP. WEP can be broken on a consumer grade PC in a few hours or less now. A proof-of-concept break of WPA2 has been demonstrated but is not widely in distribution yet. It's also the strongest available consumer encryption scheme.
- There's no need to update your AV/Malware programs every hour.
- Locking down unused router ports does not prevent injection attacks, per se. Injection attacks happen at the "application layer" through a trusted application (which presumably has router port permissions). Locking down unused ports may help prevent non-authorized applications from opening a new port, but most people have outbound requests implicitly approved so it's moot anyway.
MAC address filtering does NOT protect your wireless computer/network. MAC addresses are broadcast in a manner such that anyway can listen promiscuously and pick them up. Takes a few minutes or less to change your MAC address to anything of your choosing.
Forget about network security: Not encrypting your wireless network opens a whole pandora's box of risks. What if someone gets onto your network and starts doing "illegal" things. Since they have a trusted MAC address (trivial to obtain) how are you going to "prove" that it wasn't you doing those things?
A good open source solution for storing passwords is KeePass.
http://keepass.info/
What's wrong with writing passwords down on paper? I bet you already have bits of paper, with ink and writing on them, securely stored away all the time and don't lose track of them.
In fact, next to those bits of paper, you may have some hard plastic cards with equally valuable numbers on them, another card with your picture and more writing on it, and all wrapped in a leather or fake leather container?
If you write your passwords down, just make sure you have the paper in a safe place - not on a Post-It note taped to your monitor. You wouldn't tape a $20 dollar bill to your monitor or laptop would you?
WEP encrypt your WiFi, use a randomly generated 32-character MD5 hash as the password.
+
Kaspersky/Norton Internet Security (set to auto update AT LEAST every hour) + Malwarebytes (for every connected computer).
+
Lock up unused/unnecessary router ports to prevent injection/backdoor attacks.
+
Common sense. :chair:
=
Not getting a virus/hacked/identity stolen because you did your research.
- You mean to use WPA2 not WEP. WEP can be broken on a consumer grade PC in a few hours or less now. A proof-of-concept break of WPA2 has been demonstrated but is not widely in distribution yet. It's also the strongest available consumer encryption scheme.
- There's no need to update your AV/Malware programs every hour.
- Locking down unused router ports does not prevent injection attacks, per se. Injection attacks happen at the "application layer" through a trusted application (which presumably has router port permissions). Locking down unused ports may help prevent non-authorized applications from opening a new port, but most people have outbound requests implicitly approved so it's moot anyway.
- - -
MAC address filtering does NOT protect your wireless computer/network. MAC addresses are broadcast in a manner such that anyway can listen promiscuously and pick them up. Takes a few minutes or less to change your MAC address to anything of your choosing.
Forget about network security: Not encrypting your wireless network opens a whole pandora's box of risks. What if someone gets onto your network and starts doing "illegal" things. Since they have a trusted MAC address (trivial to obtain) how are you going to "prove" that it wasn't you doing those things?
- - -
A good open source solution for storing passwords is KeePass.
http://keepass.info/
- - -
What's wrong with writing passwords down on paper? I bet you already have bits of paper, with ink and writing on them, securely stored away all the time and don't lose track of them.
In fact, next to those bits of paper, you may have some hard plastic cards with equally valuable numbers on them, another card with your picture and more writing on it, and all wrapped in a leather or fake leather container?
If you write your passwords down, just make sure you have the paper in a safe place - not on a Post-It note taped to your monitor. You wouldn't tape a $20 dollar bill to your monitor or laptop would you?
