|
Here to recap about security (what I can’t do is to realize that you need it).
Anyway, I recommend you to check your security measures one more time.
1. Run an hardware firewall, this is the best thing you can do.
If you want a brand name, Netgear.
Do you own a HDSPA or 3G modem and you feel the waves you
are subject to are enough to think to a wireless router?
You do well! I thought something like that:
 but it still doesn’t exist on the market.. so try to talk about it.
2. Run Windows Firewall and mainly if you have a HDSPA or 3G connection.
Not so powerful but it defends you from port scans and ddos attacks.
3. Run a serious software firewall, Outpost Firewall seems alike.
In ImproveNet, rules auto-creation, set disable automatic rule creation.
Configures for the best the Application Rules for every application
accessing the web, giving attention on “process termination",
"critical changes”, “process injection", “ole control” and "key logging"
and as the network access happens. On explorer.exe, “block all the network
access” and “low-level network access” but also the "ole control".
On svchost.exe leave HTTP, HTTPS only as network rules and
block “process termination”, “critical changes”, "process injection".. leave the Ole
Automation Control on Use Global, confirming, any future request
and remebering that false-positive-series-and-attack is a common practice.
Under Firewall, Wide rules, Global Rules, block port 445, 135 and 139
both udp and tcp. Under Firewall, Network rules, ICMP, uncheck all.
Under Attack Detection uncheck “Block intruder IP for”, if the intruder
impersonificates your dns server is inconvenient to block it; than Customize,
Attacks, select all. From your browser, navigate to http://user-agent-string.info
and press Analyze my UA; locate the string stating your operating system,
Windows, and copy it, go back to Outpost Firewall, Settings, Web Control,
ID Block, click on Add, put “OS” as Description and past the string copied
above as Data to protect, click OK. Doing so you prevent to send online your OS
version, you can do the same with information like MAC address, Computer
Name, SID, Username..
* Outpost rules for IIS http://tr.im/BDlW
* consider to block the network access to any component excluding svchost
and the applications and services you are concerned about
4. In Windows 7, secure cmd.exe, nslookup.exe, netstat.exe by AppLocker
5. Minimize applications and services running on the machine
6. Run every web application by a downgraded user. This means to create
a web user with the least amount of authorizations to run your web applications
only. Doing so you forbid attackers to enter by your browser bugs into your system
grabbing your live and, probably, administrators credentials.
In Windows XP launch apps by holding SHIFT, right click on the app,
“Run as..”
In Vista download ShellRunAS. Ones installed, right click on the app
“Run as different user..”
* Live Messenger can’t be downgraded, so Meebo, Miranda IM
* IE, Firefox, Chrome, Safari rely on core Windows OS components that
are purely downgradable
7. Rename Guest user, and deactivate it, rename Administrator and possibly
deactivate it. Download renuser if you need it.
8. Strengths passwords http://tr.im/xipv and run syskey http://tr.im/xio8
9. Check out the the NSA recommendations, and you laugh..
10. Check out your browser settings, Opera, as code and plugins
are locked, svchost independent and..
Install the flash blocker and set the content blocker for your browser.
* Protect your Opera settings file, it could be altered to push u on other lands
11 Download and buy, there is no easy escape, Fortres 101. This software will
definitively lock down the web user created above and all the non
administrator users present in your system.
12 Configure cache and proxy appropriately to limit connections, net access
control, monitoring and port mapping.
* trick, setting the wrong proxy you forbid the internet access to a local user
13 Install a professional HTTP filter. You can set it in cascade with the proxy.
14 Eventually change dns settings. Most of the attacks you receive
are through your dns servers ip impersonifications, indeed don’t exclude
any morbose friendship alive within your dns servers network. Eventually,
but useful: opt for a script periodically changing your dns settings
15 Use a web proxy: Gizlen.org seems versatile with a fast response. This
should guarantee you the anonymity and this means to write down http://
www.gizlen.org/browse.php?u= before every link you are usual to surf..
There is also a pretty nice bookmarklet that looks like that:
 16 About wireless, activate the MAC filter on your access point remembering that
"the better MAC spoofing attack is where an attacker sets up a rogue access point
near yours hoping that you will try to connect with it." - Personal experience..
17 About social engineering, the more respectable person, hair dresser, job
agency etc can gather information about you, your business by a page view, by a
phone call, a reply to a job offer, a business meeting, ..
We now have a civil contention among these environments..
The youth of today are not permitted to approach the traditional heritage of mankind through the door of technological awareness
The Medium is the Massage, Marshall McLuhan http://tr.im/BzlG
|
|
|
|
Loading ...Related Posts:
- Category: Computer and Internet
July 9th, 2009 at 12:38 pm
log_excerpt: http://tr.im/rxzQ