Securing Your Computer: Is Your Computer Safe? Your Data?
March 15th, 2006 by Chuck Sharp
I’m going to briefly discuss several areas and layers of defense-in-depth computer security, and how to apply this to your Windows computer and home network. Defense-in-depth is a philosophy that says the more layers of protection, the better. The idea is that if one security mechanism fails to protect the system, another mechanism will stop the breach. Think of a computer system like an onion. You have the Internet on the outside, then the local network, the physical PC itself, the PC’s operating system, the system software, applications, your data, and then the actual computer users like yourself that access the system. Every one of those layers needs it’s own consideration and protection.
Network Security
Network security is about who and what are able to connect into your network, and what they’re able to connect to. This can be summed up in one word: firewall. As I’ve mentioned in my previous post on firewalls, you need a hardware (router) firewall as well as software firewall. You should also really consider replacing Windows’ own firewall with a more robust one, like ZoneAlarm Pro.
Lastly, test your firewall using GRC’s ShieldsUP!
Host System Security
Here, host refers to your computer(s). Each computer needs its own security measures in place. There are three major areas to focus on:
1. Windows Updates
Keep Windows updated! People keep finding more and more ways to break into Windows to do nasty things. Microsoft is good about putting out PC security updates to fix these issues when it discovers them.
In Internet Explorer, visit update.microsoft.com regularly to install the latest security updates for Windows. The cool thing about this update site, as opposed to windowsupdate.microsoft.com, is that it will install updates for all of your Microsoft software, including MS Office. While you’re there, make sure that Automatic Updates are turned on.
If you haven’t upgraded Windows XP to Service Pack 2, it’s time. It’s really well worth the trouble, and the update is free. Microsoft Update should apply that for you.
2. Anti-Virus
If you don’t have anti-virus software installed, or if it’s out-of-date and not licensed for further updates, remove the old and find something new! If you’re looking for something free, I’d go for AVG Anti-Virus Free Edition. It’s recently been reviewed by PC World and rated lowest in ability to scan viruses, but it’s still good detection and also includes email scanning.
However, I’d really recommend BitDefender 9 Standard. It’s only $30 USD/yr, which is a low price, and it was ranked best in class by the same PC World article.
Once you get your chosen anti-virus software installed, you need to configure it to update itself daily, do a full scan at least every few days, and do active “resident” scanning of programs as they run. You should also turn on e-mail scanning as well. Read the docs on these things. You can probably figure out how by right-clicking on the anti-virus icon in the taskbar tray (lower-right corner of the screen) and choosing Settings or Options.
3. Anti-Spyware
This has become such a big deal. Some spyware and malware are so difficult to remove that they really fit the term ‘virus.’ I’d recommend using all three major spyware removers regularly: Spybot S&D, Ad-Aware SE, and Microsoft’s own Windows Defender (all completely free).
Again, once these are installed, update them before every use. I would recommend a full scan with each tool every week or two.
As one final measure, install Spyware Blaster. Once it’s installed, run it, update it, and then tell it to enable all protection. This program doesn’t stay running. Rather, it sets up a block list of spyware that will prevent Windows from accidentally installing. It’s not fool-proof, and it needs manual updating every once and a while, but, personally, I make sure it’s on every PC I touch.
Application Security
Your applications need updating too. Microsoft Office ought to be updated automatically if you use Microsoft Update as described above. Firefox 1.5 updates itself as well. If you use Firefox 1.0, I’d recommend upgrading. You ought to check any program that accesses the Internet, like email programs (Thunderbird, etc), media players (iTunes, winamp, etc), and anything else you might have for updates once every couple of months.
Browser and Email Security
Basically, I’d recommend using Firefox whenever possible. When you do use Internet Explorer, you can prevent 99% of the spyware that gets installed on your system with one simple technique: whenever the browser asks you if you want to install some software, unless you totally trust the website and the company behind it, Just Say No!
If you’re having problems with popups in Internet Explorer, get Google’s Toolbar, which has a very good popup blocker.
You can also set up security zones in Internet Explorer, which I’d recommend if you use that browser frequently. Microsoft has a nice page on configuring zones. Basically, it lets you set higher and lower security for certain websites. Nice feature.
Also, don’t use Outlook Express. There is no reason. Seriously. Use the free and excellent Thunderbird instead, or Outlook if you have it. Outlook Express has many security flaws, and it’s just unnecessary to put you and your computer through the risk.
Data Security
Three words: BACKUP YOUR DATA! Put it on CD-R, thumbdrive, email it to yourself, anything. Just get a backup. Any files you care about need to have copies, and the really important stuff needs to have a backup at another physical location as well. What if your office burned down? Would your quickbooks data be recoverable? How would that affect your business? Think about this now. The sad truth is that everyone seems to get burned by not thinking about backups until it’s too late. If you do nothing else in this article, think about backups, and do something about it.
Physical Security, Safety, Environmental Protection, and User Accounts
At least consider these two questions: Who has physical access to your computer? Who can log in to your computer? This isn’t the same as who is supposed to have access and who isn’t. Who could conceivably get to your computer? Steal it? Turn it on or off when you’re not around? Do you have puppies that might chew through cables, or little kids with peanut butter and jelly? Who could log in to your PC, even if they’re not supposed to have an account? Who knows your password? Think about these things. Depending on your needs, consider putting more physical controls in place, like shutting or locking doors, putting the computer in a corner where it wouldn’t be bumped as much, or just bundling up loose wires better.
Next, thing about the environment. Can you reduce the amount of dust, smoke, and animal hair that gets into the computer’s room? Can you ensure that the room’s temperature doesn’t get above 80 degrees (farenheit!)? Do the front, back, and sides of the PC have a good margin of empty space around them? Is there a good, cool airflow all around the PC? If any of these things aren’t taken care of, your computer will not last as long as it could.
Consider reviewing and possibly disabling unneeded user accounts. Make sure that all the user account passwords are strong: greater than six characters in length, upper and lower case, numbers, and punctuation are all important to include in a good password. Make it easy enough to remember but not easy enough to guess (and remember, people will always guess your passwords easier than you think they will).
Technorati Tags: defense-in-depth, computer security, Network security, System Security, PC security, Application Security, Data Security
Entry Filed under: PC Basics
Trackback this post