|
|
This
technical information resource project is located
at the static internet address of 64.38.252.112
and is provided to you, as is, free of charge.
This
technical information resource project
("site") is maintained solely by
Lisa A. Johnson :: San Francisco :: California ::
USA
The
highly sensitive personal data ..reserved by authenticated
access
of this technical
information resource project
is intended to be viewed by AUTHENTICATED USERS
only, and is subject to discrete approval
process.
If you have been granted AUTHENTICATED
ACCESS to this highly sensitive data,
you are responsible for maintaining the confidentiality
of your account.
Additionally, you are responsible
for restricting access to your computer, and you
unconditionally agree to accept responsibility for
all activities that occur under your user account.
All
content included on this site, whether in whole
or in part, such as intelligent design concepts,
text, graphics, logos, button icons, images, audio
clips, digital downloads, data compilations, and
personally sensitive information, are the property
of Lisa A. Johnson and are protected by United States
and International Copyright Laws.
All
materials contained in this Website may not be reproduced,
republished, distributed, transmitted, displayed,
broadcast or otherwise exploited in any manner
without the express prior written permission.
Unauthorized Forms
of Use are
Strictly Prohibited! |
|
|
|
| DISPLAY |
| RECOMMENDED: |
1024
x 768 format, frames enabled |
| ALTERNATIVE: |
None
recommended |
How do I adjust my current Internet Explorer browser
settings?
 GO
TO YOUR DESKTOP
RIGHT
CLICK, a display menu will appear
Select
PROPERTIES
The
Microsoft Windows Display Properties Console will
appear
Select
SETTINGS from the console tab selection
GO
TO the SCREEN AREA sliding tool and adjust the selection
to 1024 x 768
Select
APPLY
You
will be prompted with a message, that explains and
applies your adjustment
|
| |
|
| PLATFORM |
|
| |
|
| ISP |
| RECOMMENDED: |
Broadband
Cable [Speed
Test] |
| ALTERNATIVE: |
None
recommended |
|
| |
|
| TOOLS |
Winzip
Real
Player
Windows
Media Player
Adobe
Reader |
|
|
|
| COMPUTER
SECURITY |
We
use computers for everything from banking and investing
to shopping and communicating with others through
email or chat programs.
Although you may not consider your communications
"top secret," you probably do not want
strangers reading your email, using your computer
to attack other systems, sending forged email from
your computer, or examining personal information
stored on your computer (such as financial statements).
Intruders (also referred to as hackers, attackers,
or crackers) may not care about your identity. Often
they want to gain control of your computer so they
can use it to launch attacks on other computer systems.
Having
control of your computer gives them the ability
to hide their true location as they launch attacks,
often against high-profile computer systems such
as government or financial systems. Even if you
have a computer connected to the Internet only to
play the latest games or to send email to friends
and family, your computer may be a target.
Intruders
may be able to watch all your actions on the computer,
or cause damage to your computer by reformatting
your hard drive or changing your data.
Unfortunately,
intruders are always discovering new vulnerabilities
(informally called "holes") to exploit
in computer software. The complexity of software
makes it increasingly difficult to thoroughly test
the security of computer systems.
When
holes are discovered, computer vendors will usually
develop patches to address the problem(s). However,
it is up to you, the user, to obtain and install
the patches, or correctly configure the software
to operate more securely. Most of the incident reports
of computer break-ins received at the CERT/CC could
have been prevented if system administrators and
users kept their computers up-to-date with patches
and security fixes.
Also,
some software applications have default settings
that allow other users to access your computer unless
you change the settings to be more secure. Examples
include chat programs that let outsiders execute
commands on your computer or web browsers that could
allow someone to place harmful programs on your
computer that run when you click on them.
The following information represents a very rudimentary
approach to protecting the data files on your home
network. |
| |
|
| DELETION |
When
you delete a file you may think it is destroyed.
Not so!
The file and the name of the file remain on your
hard drive even if you have deleted it from your
Recycle Bin.
Granted it has been “exploded” but the parts are
still in the free space (empty area) of the drive
and can be re-assembled by many recovery programs
widely available.
To ensure total file destruction you must “wipe”
the file and/or the free space of your hard drive.
There are several Wiping Utilities currently available
on the Internet but look for one that supports multiple-pass
wiping and wipes not only the file but also the
file name. |
| |
|
| ENCRYPTION |
Many
people have resorted to using encryption to keep
personal items secure.
PGP (Pretty Good Privacy) is freeware that has moved
to almost the “standard” for e-mail encryption today.
It can also be used for file encryption to removable
media (CD, floppy discs, etc.)
There are many programs that will encrypt folder/files
on your hard drive also.
DataGuard and FolderMagic are but two.
Look for the strongest encryption possible (128-bit
or more) to ensure safest storage.
As will any encryption model, if you forget your
pass phrase….forget EVER viewing your files again!
The 128-bit and above encryption is regarded as
uncrackable with today’s technology.
Also, avoid encrypting System Folders and other
files your computer needs to boot up and operate. |
| |
|
| PASSWORDS |
Guard
ALL passwords with care!
There are many great programs that will store your
passwords but if you cannot boot your computer…you
are basically out of luck! If you allow Windows
to “remember” your passwords then you have effectively
permitted anyone else access to files and websites
you have subscribed to.
Experts agree the best passwords are mixture or
upper and lower case letters along with numbers.
Whatever
you decide ..MAKE IT SOMETHING YOU CAN REMEMBER! |
| |
|
| FIREWALLS |
Now
that many people are signing up for DSL and Cable
Modems much has been written about “hackers” and
firewalls. Suffice it to say that having one is
better than NOT having one.
There are several software programs on the market
that claim to keep out unwanted access to your computer.
I cannot comment on them all as your computer’s
configuration is individual and probably will require
you to “try out” a firewall program before you decide
on one.
ZoneLabs provides what seems to be a good firewall
program for free and is worth checking out. |
| |
|
BROWSERS
and INTERNET CACHE FILES |
Those
who use Windows 95, 98 and Millennium may have found
that many files and data are stored on your computer
you may not want or even be aware of.
The option to clear your Internet Folder (download)
and Browser cache file is yours.
Clearing your URL history is an option also. Some
even go so far as to wipe the cookies in their Cookies
folder. |
| |
|
| REMOVABLE
MEDIA |
There
are many types of large volume (multiple megabyte)
removable media platforms available today.
If you plan on “archiving” files your may wish to
consider acquiring one or more of them. CDR/CDRW
(350-700M), LS120 SuperDisk (120M), Zip Drives (100-250M),
Orb Drives (1-2.2G) and the old standby 1.44M floppy
disc. DVD-RAM (3-6G) is breaking out and will soon
be within the reach of most consumers.
Consider removable hard drives also. With those
your whole hard drive slides out in a special case
and re-inserts likewise. |
| |
|
| ADVANCED
SECURITY |
UNIX
..Before you sculpt your own functional masterpiece,
keep security in mind!
UNIX
has been around for decades. Many corporate giants
have come along with their dazzling new proprietary
operating systems in an attempt to replace the defacto
standard for corporate servers, and some have done
quite well, but UNIX remains dominant.
There are many reasons for the popularity of UNIX.
It is standardized, portable, and proven. Most importantly,
however, UNIX is versatile. Most technological advances
can be supported by the fundamental design of a
UNIX system.
A versatile operating system allows people to do
many different things, even if the system administrator
doesn't want them to. When that happens, security
is breached. In today's increasingly electronic
society, security breaches have the potential of
being very serious.
Computer use is growing at a phenomenal rate. You
may have a firewall or an unlisted phone number,
but with a billion users and abusers out there,
you just can't hide. When a builder builds a home,
he takes a little time to make sure doors and windows
are lockable and can't be forced open. Doesn't it
make sense to do the same for your UNIX system?
People say that no computer can be 100% secure.
But can anything? The goal is to find a reasonable
level of security, without too much effort or too
much neglect. A little attention can prevent a lot
of problems.
Common Sense Security You've heard them so
many times that you could recite them in your sleep.
Rules like, "Don't write down your password."
and, "Remember to log out." Do I need
to repeat them? Yes. Security isn't about rules
at all. Hackers don't sit down and follow a flowchart,
so neither should you. Security is a way of thinking,
a simple "What if?" that should accompany
everything you do.
Passwords Programmers would like people to believe
that if a potential intruder doesn't know a password
there's nothing he can do. And banks would like
you to believe that if a potential thief doesn't
have your mother's maiden name, there's nothing
he can do. UNIX security, like any security, has
many issues and scenarios to consider. So while
the password isn't everything, it's a good place
to start.
A compromised password, even without access, is
a security breach in itself. It's a technique used
by beginners, but still kept in mind by the pros.
There are a lot of ways to find someone's password,
and be assured that clever troublemakers find new
ways each day.
A password is a secret kept between the user's memory
and the computer. In fact, a UNIX system needs not,
should not, and most often does not, know a user's
password.
A brief explanation of DES On UNIX systems,
passwords are stored using an algorithm called the
Data Encryption Standard, or DES. There's no need
for me to explain the mathematical theory behind
it, but the idea is that the password code on a
UNIX system can only be used to verify a password,
and, supposedly, (countless brilliant researchers
have tried to show otherwise without success) cannot
be directly reversed into the user's password. Perfect?
Hardly! Computers are so fast that they can take
the password code and attempt to verify millions
(with that number increasing daily due to faster
computers) of possible passwords in a single second.
That's why people say, "Don't use a name or
word." and, "Use non-alphanumeric characters."
But still, you don't want any user on your system
to have infinite guesses at another user's password,
so the password code was made secret.
Shadowed password files In the beginning,
password codes were stored in the file /etc/passwd.
That file, however, is also used to associate user
names and UIDs (user numbers), "real names",
home directories, and default shells. So when people
started attacking password codes, /etc/passwd couldn't
simply be hidden from normal users. Instead, vendors
replaced the password code field with a character
or two that is meaningless, and put password codes
in a separate file that can only be read by programs
and users with authority. The name, location, and
format of the separate filevaries depending on the
type of UNIX system.
The trial-and-error process of cracking the DES
code is well known, and many programs have been
written to do it. Some system administrators use
these cracking programs to test their own users'
passwords. This gives them a false sense of security.
You can bet that a hacker has a better password
guessing system than you. But let's think of password
security in a more general sense. If the password
is a secret between the user's memory and the computer,
it should never be written down, spoken aloud, nor
displayed on a screen. (CRT monitors emit radiation
from all sides which can be received, even through
walls, and reconstructed into an image. Oh yeah,
people can look over shoulders, too.)
There's always the issue of new accounts. Ideally,
you'd like to hand the user the keyboard and have
him or her enter a new password. Unfortunately,
that's not always possible. Never send a password
in unencrypted e-mail. E-mail travels through and
is stored on multiple computers before reaching
its destination, and you can't be sure that all
those computers are secure. Criminal hackers almost
always search a compromised computer's e-mail for
passwords and other secrets. It's just one way that
a criminal hacker can use one compromised computer
to easily get into another. If you must snail (physical)
mail a password, contact the recipient for confirmation
of receipt and to ensure that it was the intended
recipient who used it. Also, be sure to have the
system force the user to change the initial password
immediately. That way, an old piece of paper won't
turn up and cause trouble down the line. Some systems
use the passwd command to do this (often called
"password expire now"). See man passwd.
It's also a good idea to have passwords expire on
a regular basis to prevent lasting threat, but if
users have to change their passwords so often that
they start forgetting them, it can be more of a
detriment than a benefit to security.
UNIX has the ability for accounts to have no password
(or, on some variants, a blank password). NEVER
USE IT!
Physical security When you think about computer
security, you probably don't think about chains
and padlocks. If someone can physically access your
computer, he or she can obtain superuser access.
What's worse, he or she can probably even walk away
with the computer. Locks can be picked, cables can
be cut, windows can be broken, and doors can be
left open. Most physical security devices are not
designed for unsupervised use. The idea is to give
someone a chance to see or hear the attempt and
stop it. Never assume that an unlocked building
or room won't have trespassers.
In conclusion…Before you sculpt your own functional
masterpiece, keep security in mind. Even the most
skilled and experienced programmers forget to stop
and check for unexpected vulnerabilities.
Mainstream advertising will always try to scare
the consumers into buying their security products,
but you have the power to control your own security
more thoroughly and at less cost... if you just
use common sense.
Most UNIX system administrators today fail to take
reasonable steps to ensure the security of their
UNIX systems. Here are some standard guidelines
for network administration to utilize:
Filtering Prevent unwanted access by using
a firewall.
Prevent Spoofing Eliminate imitation hosts.
Telnet Security Convince your users to use
SSH (secure shell) encrypted traffic.
FTP Security If you do not need this functionality,
TURN IT OFF.
Modem Security Connect at a central point.
Verify your work Utilize the benefits of
SATAN, designed by Dan Farmer and Wietse Venema
to make sure you haven't missed any obvious holes.
Monitor Utilize Snort, IDS (intrusion detection
system).
Other
topics that were not covered here, but are important
to consider are, Login daemons, Non-login daemons,
Stack Smashing, Safe Scripts. |
|
|
|
|
|
|
