Security Proceedures-Crucial or not?

[cruzlite]

How important are the following?

1. Strong Passwords (MS Help)

2. Not running computer [on the web] as administrator (MS Help)

3. Configure TCP/IP to use WINS - Disable NetBIOS (Norton scan)

[jdhurst]

I'm not sure if it has been fixed in new installs, but Microsoft originally sent out XP so that Administrator worked without a password by default. Some people had their machines compromised in a matter of minutes if connected without a firewall. So:

1. Use a strong firewall
2. Use a strong firewall
3. Use a strong firewall
4. Use a hardware firewall on top of a software firewall if possible.
5. Use strong passwords. Any alpha-numeric password can be cracked with Cain and 3Gb of rainbow tables in about 5 minutes. Alpha-numeric-symbol tables take about 20Gb and about 8 months to build on one CPU, so not too many people carry the latter tables around. I do have the former tables on my laptop.
6. Use strong antivrus and keep it active and up-to-date.
7. Use a strong spyware remover and keep it active and up-to-date
8. Work responsibly and with good common sense.

If you do the above working as an administrator doesn't present any unusual difficulties. Corporations like users to be restricted because rule 8 gets broken all too frequently (even if innocently).

With respect to disabling NETBIOS - I usually forget to, but it is probably a good idea. If you do disable it, make sure that you can still network browse what you always could.

... JD Hurst

[cruzlite]

JD wrote;

" 1. Use a strong firewall
2. Use a strong firewall
3. Use a strong firewall
4. Use a hardware firewall on top of a software firewall if possible. "
--------------------------------------------------------------------------------

When installing Norton 05 AV, at the choice;
Use Norton worm...instead of Windows fwall...
which is best?

Can a wireless router provide a hardware firewall?

[Kyocera]

Any network certification test lists strong passwords, routine of changing passwords, backups, firewall, set up DMZ. I know some network guys who are serious about filters for internet access, disable everything except what the employees need to access and some completely disable I.E.

Yes, most wireless routers today are loaded with security features and the good thing about them is the browser interface can be configured by most computer savvy people. Port filtering, encryption, SSID, DMZ, just to name a few.

I may get slammed here but I think the SP2 firewall is pretty good for the person who sticks to careful browsing, Zone Alarm is a great freeware firewall, but requires constant attention. With Zone alarm, router configured correctly and a good AV, Spyware and also like JD said an internet security program which also in some packages may require some additional attention from time to time you should be almost secure. Also keep the programs updated. Use Norton Worm would probably disable the Windows firewall and serve the same purpose, it may be better to use the worm since it is part of the norton suite and probably just a little bit better, however, it may have pop ups that can become nauseating, but beats trying to get rid of malware. You can use wins or dns. Wins is usually used when no DNS server is available on the network. Functions the same resolving host names.

[jdhurst]

Yes, my wireless router has a decent firewall. On top of that I use Symantec Client Security V10 integrated firewall and antivirus. Nothing gets through this. The big issue with this is that most people cannot buy the product. ... JD Hurst

[cruzlite]

Very impressive ..THANKS

[SteveDC]

jdhurst, that is great advice. Two questions and a tip of my own. My situation is self-employed, one computer.

1. I see advice to "set up your own User Account" in XP and do not operate routinely as "Administrator". OK. I do so, but since I manage my own computer, including software updates, I have essentially the same rights as an Administrator under my User Account (I think). What is the point of a separate User Account in this case?

Or, is the intent that, indeed, I create a very limited User Account for routine use, then switch to Administrator when making changes to my computer? I am sorry if this is a trivial question, but this point has been fuzzy to me for a long time.

2. Are there hardware firewalls for single (i.e., DSL) internet connections? The hardware firewalls I see are rack mounts for enterprises. Other than that, I use Zone Alarm and it seems to work fine.

My advice is to keep Auto Protect enabled if using Norton Anti Virus. One of the O'Reilly XP books for power users suggested turning it off for increased performance, suggesting that it is good enough to catch bugs in the full scan. I turned it off, and, sure enough, got bit and had to re-install everything.

[jdhurst]

SteveDC - I see advice all the time not to operate as administrator. If a person knows what they are doing and is on their own like you and I are, I see no point in operating as a limited user. I set up my own administrative account for two reasons: (a) IBM computers (at least the ones I have used) make you create an owner account different than the built-in administrator account and (b) I like using an account of my name anyway. The admin profile is not used and only consumes 7Mb on my machines.

I protect my machine with good security and intrusion protection software and use it with common sense, so I have not been bitten on this front.

There are good hardware firewalls that consumers can use for one or two computers. LinkSys firewalls work, although I have had problems with some firmware levels. I use a Netopia router which is more expensive (but still affordable) and trouble-free. These things are cheap enough that I would not operate without one.

With respect to your advice to keep autoprotect enabled, I agree with you 100 percent.

Thanks for your input. ... JD Hurst

[asiafish]

Yes, my wireless router has a decent firewall. On top of that I use Symantec Client Security V10 integrated firewall and antivirus. Nothing gets through this. The big issue with this is that most people cannot buy the product. ... JD Hurst

Is that the same as Symantec Client Security Corporate Edition, which I get free from the army (no expiration date either)? So far I've had good luck with it since switching from Norton 2005, which allowed a few malicious microbes to pass.

As for firewalls, I use the hardware firewall built into my Apple wifi router, ZoneAlarm Pro, the Windows firewall AND Symantec Client Security firewall. Those are boosted by Symantec Client Security AV, AdAware SE and Pest Patrol.

My PowerBook is protected by the router, and, um, nothing else, since there isn't any malware for OSX yet.

[jdhurst]

Is that the same as Symantec Client Security Corporate Edition, which I get free from the army (no expiration date either)? So far I've had good luck with it since switching from Norton 2005, which allowed a few malicious microbes to pass.

Yes, so far as I know, we are talking about the same product. ... JD Hurst

[ibmuser]

Try this site too as a general guideline:

http://www.markusjansson.net/exp.html

[GomJabbar]

Is that the same as Symantec Client Security Corporate Edition, which I get free from the army (no expiration date either)? So far I've had good luck with it since switching from Norton 2005, which allowed a few malicious microbes to pass.

As for firewalls, I use the hardware firewall built into my Apple wifi router, ZoneAlarm Pro, the Windows firewall AND Symantec Client Security firewall. Those are boosted by Symantec Client Security AV, AdAware SE and Pest Patrol.

The web sites you visit must be as dangerous as the military ones.

[yossarian]

Strong passwords are very important. Powerful symmetric/asymetric algorithms for encrypting data are no good to you if your password is the weakest link. If you really want to be secure, I'd suggest you use the TPM and CSS software to randomly generate a 127 character password that includes all sorts of funny things like @*#/\ etc, as well as your usual alphanumerical stuff, and keeping it on that keyring. Then use a very lengthy alphanumeric mixed case and fancy character password that you should memorise, and use that with a fingerprint entry (if you have a fingerprint reader model) to secure the password list.

Also not running as administrator for regular tasks is a must for everyone. It's pretty negligent of microsoft to dump people into the computer as an administrator in windows. Under unix-like accounting systems, everybody uses a limited access account to do their regular thing, and only log on as administrator to do administration (hence the name). There are HUGE benefits from doing this in XP. You limit the scope of any potential spyware, trojan and virus infection to your local user (unless it's exploiting an OS/service bug), programs cant litter your system registry with redundant crap, and you won't be able to break the system as easily with rogue programs trying to do stuff to system settings or accidentally doing something yourself. It also stops things like DRM drivers being installed in C:\windows\system because they don't have permission to.