210 likes | 584 Views
Home Computer Security: How to Make Your Home Machine More Secure. Laurie Walters lwalters@psu.edu Security Operations and Services ITS@PennState. “Just Minutes to the Internet ”.
E N D
Home Computer Security: How to Make Your Home Machine More Secure Laurie Walters lwalters@psu.edu Security Operations and Services ITS@PennState
“Just Minutes to the Internet” “The iMac is the quickest way to get on the Internet. It’s so easy to set up and use, you’ll be online and surfing the web in minutes…” -http://www.apple.com/imac/
The Problem…. • There is a tradeoff between ease of use and security for computers • To sell more products, companies have to make computers easy to use. • However, today’s powerful computers plugged into the internet shouldn’t be treated like any other new household appliance.
The Even Greater Problem… • Internet being scanned constantly by self-replicating worms and deliberate attacks. • Hackers want to exploit computers with lax security to take advantage of hard drive space and relatively fast connections.
Common Security Problems for Home Machines • May include: • virus infections, • backdoor/trojan infections where an unauthorized person remotely has complete control of your computer. • privacy invasions • warez (file-trading) servers installed, • your computer is used to attack other computers • destruction of files (data, operating system, etc)
Am I at Risk at home? Why? • Cable modems / DSL: have a fast, always on connection that hackers can return to again and again. This atmosphere also provides a good breeding ground for self-replicating worms. • “Camping out” on a PSU modem: keeping the same IP address allows hackers to scan your system and return at a later date to infect it. • Short dial up modem sessions: Occasionally, security incidents occur on dial-up machines with both worms and “hacking” incidents.
How to Make Your Home Machine As Secure As at Work • Make sure your machine has good passwords • Patch your machine regularly • Use an anti-virus product • Use a router-based firewall or install a personal firewall • Use a VPN to connect to PSU resources • Know what is running on your system • Use good internet hygiene
Make Sure Your Machine Has Good Passwords • Most operating systems require a password to protect your computer from unauthorized access. • Passwords should not be dictionary words and should consist of 7+ characters of mixed case including numbers, letters, and symbols. • http://www.alw.nih.gov/Security/Docs/passwd.html
Operating System Password Requirements • Windows: • Passwords required for Windows XP Pro and Home versions, Windows 2000, and Windows NT. • Note: With Windows XP Home edition you may have to boot into “Safe mode” to assign an administrator password • Passwords not necessary for Windows 95, 98, or ME. • Linux / Unix: • Passwords required for all flavors. • Macintosh: • Passwords required
Patch Your Machine Regularly • Computer vendors provide regular updates for their products that can protect against known security vulnerabilities. • Use automatic updates where possible (e.g. Windows update) or download updates from vendors. Try to download major / “critical” patches to removable media such as cd and install them before putting computer on the internet for the first time. • When you hear of a new major vulnerability or patch, try to install it as soon as possible.
Install an Anti-virus Product • PSU has purchased a site license for Symantec’s Norton Antivirus Corporate Edition • Consulting and Support Services (CSS) provides user support for product • Norton can be downloaded at: http://computerstore.psu.edu/ • Update virus definitions weekly or more often if you hear of a new virus • Set virus protection to automatically download virus definition updates if possible. • Perform full Scan system at least monthly (if not more often)
Install a Personal Firewall • A personal firewall is a software-based filter between your computer and the outside world that is installed on your computer to protect it from unauthorized access by other external users. • Personal firewalls are configurable to specify which incoming and outgoing programs, ports, and IP addresses can be accessed. • Recommended personal firewalls that are free for personal use: • Zonealarm • http://www.zonealarm.com • Tiny Personal Firewall • http://www.tinysoftware.com
Inexpensive Routers with Built-In Firewalls • A firewall that is firmware or hardware based is a separate device that physically sits between your computer and internet connection. • This type of firewall is generally more secure than a personal firewall and saves processing time on the computer that the personal firewall would otherwise be using. • Router-based firewalls can range in price from relatively inexpensive ($60) to thousands of dollars. • This type of firewall device is highly recommended for home use and can protect many types of connections including dialup modem, cable modem, DSL, etc.
Two Inexpensive Router-based Firewalls • (Recommended by Skip Knoble: hdk at psu dot edu). Thank you Skip! • Linksys Cable/DSL Router at Micro Warehouse ($60) http://www2.warehouse.com/product.asp?pf_id=DEB2730&blind=&view=&cat=pcThis is for Cable/DSL and quite usable for home use (1 to 4 ports). • SMC 7004ABR ($80): http://www.smc.com/index.cfm?action=products_show_description&productCode=SMC7004ABR from http://www2.warehouse.com/product.asp?pf%5Fid=DEB3144&cat=pc&blind=This is for Cable/DSL and also has an RS-232 port (for Internet connection via modem).
Use a VPN to Connect to PSU Resources • A Virtual Private Network (VPN) is an encrypted tunnel between your computer and a remote machine. • There are several benefits to using a VPN, including encryption, authorization, and privacy (e.g. data between your home machine and PSU cannot be intercepted). • The PSU VPN service enables your remote computer to appear to be a part of the psu.edu domain.
Installing the Penn State Anywhere Virtual Private Network (VPN) • VPN is provided free of charge to anyone with a valid PSU access account. • A simple download and configuration of the VPN client software is required in order to use the service. • See: http://aset.psu.edu/vpn/index.html
Know What Is On Your System • You should periodically determine what all of your running processes are on your computer, and if they are valid. • You can analyze what processes are on your Windows system by downloading a tool such as TCPView, Fport, Inzider, or Active Ports. They can be downloaded from the links at: http://www.personal.psu.edu/lxm30/windows/utils.html • On a unix system, you can analyze running processes by typing the command “lsof”.
Use Good Computer Hygiene • Don’t create non-password protected file shares • “Think before you click” • Be careful with e-mail attachments • Be careful about what web sites you go to. • Be careful when prompted to download software • Use good passwords and change them periodically for both machine and web sites you visit! • Look for padlock at bottom of web pages when submitting sensitive information. • Install minimal applications and services • Backup data frequently • Remove internet access when it is not needed
Presentation Available At: • http://www.personal.psu.edu/lxm30/windows/windows.html