I found a site that describes how to secure a computer. Could someone look over and see if this merits being used as good advice to follow.
Thanks
Cheers
Thx to all who respond
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Security site recommends...
- Thread starter braddds
- Start date
- Status
I found a site that describes how to secure a computer. Could someone look over and see if this merits being used as good advice to follow.
Thanks
Cheers
Thx to all who respond
I suppose its alright. Its really just one guys opinion on how he secures his computer. I presonally wouldn't install many of the apps he is using.
Here's a great site for security reading...
(check out the winows sections)
Here's some guides on securing Windows. Note the source. I'm thinking they're an authority on the issue.![[smile]](/data/assets/smilies/smile.gif "[smile] [smile]")
Cool upcoming game! Check it out!
!
Here's a great site for security reading...
(check out the winows sections)
Here's some guides on securing Windows. Note the source. I'm thinking they're an authority on the issue.
Cool upcoming game! Check it out!
!
- Thread starter
- #3
Thanks, I'll give a read through!
As for the programs listed in;
I have actually used the firewall (Kerio) and Spybot SD for some time! Though I didn't try the "sponge.bin" files with preset security setting for the firewall. Though I was unaware that the firewall had this capability it sure is a nice way to share your setups instead of the usual method! As for the rest I tried Proxomitron and SpywareBlaster only. They seemed to be unobtrusive and relatively easy to setup, not real sure how well they work but they don't seem to slow down or interfere with the system or my browsing. The others, DNSkong and ID Blaster I didn't bother trying. DNSkong just didn't seem easy enought and wasn't sure what benefit that I could over using a Hosts file instead!
Anyways, I seem to have some reading to do!
Thanks
Cheers
Thx to all who respond
As for the programs listed in;
I have actually used the firewall (Kerio) and Spybot SD for some time! Though I didn't try the "sponge.bin" files with preset security setting for the firewall. Though I was unaware that the firewall had this capability it sure is a nice way to share your setups instead of the usual method! As for the rest I tried Proxomitron and SpywareBlaster only. They seemed to be unobtrusive and relatively easy to setup, not real sure how well they work but they don't seem to slow down or interfere with the system or my browsing. The others, DNSkong and ID Blaster I didn't bother trying. DNSkong just didn't seem easy enought and wasn't sure what benefit that I could over using a Hosts file instead!
Anyways, I seem to have some reading to do!
Thanks
Cheers
Thx to all who respond
I think the best way of securing your system for any length of time is to try and learn as much as you can regarding it's workings, vunerabilities and weaknesses.
Then you can think how you might best secure your own system, and adapt it as you learn more.
At home I only use a basic firewall and Virus scanner. None of my data is really very critical, and there is a thin line between security and total lack of flexibilty.
In my opinion, of course
Then you can think how you might best secure your own system, and adapt it as you learn more.
At home I only use a basic firewall and Virus scanner. None of my data is really very critical, and there is a thin line between security and total lack of flexibilty.
In my opinion, of course
9x and Me do not belong in any network environment. IMO, its hopeless trying to secure those, they're just outdated OS's and there's really no reason to use them.
Cool upcoming game! Check it out!
!
Cool upcoming game! Check it out!
!
- Thread starter
- #8
Grenage
Thanks for the response. I agree, knowledge and experience are the best ways to ensure what is right for you! I also use a firewall and virus scanner for my home network. However, the exception is that I feel any data (critical or not) is my business only. I do not like the idea that someone can just waltz in and have a look see...it's like leaving you home unlocked! Therefore I employ other methods and software to ensure my business stays mine. As for "flexibility" I agree some methods are too draconian to be useful! Some of the software like Spybot SD, Ad Aware, requires constant updating to be useful but then the same can be said for virus scanners! That's where I liked "Proxmitron" (and programs like it, i.e.: Firewalls) once installed and setup these programs work near seamlessly in the background. If they cause a problem they can be quickly turned off and/or bypassed! For me I want a secure and easy pc browsing experience. My goal is to gain knowledge and apply that to ensure my privacy without sacrificing my experience!
Cheers
Thx to all who respond
Thanks for the response. I agree, knowledge and experience are the best ways to ensure what is right for you! I also use a firewall and virus scanner for my home network. However, the exception is that I feel any data (critical or not) is my business only. I do not like the idea that someone can just waltz in and have a look see...it's like leaving you home unlocked! Therefore I employ other methods and software to ensure my business stays mine. As for "flexibility" I agree some methods are too draconian to be useful! Some of the software like Spybot SD, Ad Aware, requires constant updating to be useful but then the same can be said for virus scanners! That's where I liked "Proxmitron" (and programs like it, i.e.: Firewalls) once installed and setup these programs work near seamlessly in the background. If they cause a problem they can be quickly turned off and/or bypassed! For me I want a secure and easy pc browsing experience. My goal is to gain knowledge and apply that to ensure my privacy without sacrificing my experience!
Cheers
Thx to all who respond
Here's my take on this braddds. If you're just running one machine, and its just for home (generic) use. Then a simple firewall (zonealarm/kerio) should do the trick. Most script kiddies out there will notice you have a firewall, and move on to an easier, softer target. Spyware and trojans can be a problem, but your firewall can block most (unless they're calling home via port 80). Either way, you should always keep your spyware and trojan scanners up to date, and do a scan at least once a week.
Read some articles on securing your web browser and email client as well. There are exploits/vulnerabilites out there that can hit your machine through these apps.
If you're really concerned about security, don't run IMs or P2P software, as most, if not all, of these are gaping security holes...they're fun though!
Hope this helps a little!![[thumbsup2]](/data/assets/smilies/thumbsup2.gif "[thumbsup2] [thumbsup2]")
Cool upcoming game! Check it out!
!
Read some articles on securing your web browser and email client as well. There are exploits/vulnerabilites out there that can hit your machine through these apps.
If you're really concerned about security, don't run IMs or P2P software, as most, if not all, of these are gaping security holes...they're fun though!
Hope this helps a little!
Cool upcoming game! Check it out!
!
Monitor "by program" and monitor "by port" and one is good at home the other at work.
can you make some kind of basic comment(s) that help me understand a little more what's going on here and how you determine what kind of monitoring is appropriate where?
can you make some kind of basic comment(s) that help me understand a little more what's going on here and how you determine what kind of monitoring is appropriate where?
Sorry yes I should have explained my views more thoroughly.
While at home you dont usually wish to have the restrictions that a solid Hardware firewall can impose, by explicitly denying connections on ports blocked. By using softare such as zonealarm you are free to choose which programs can use the connection as and when they arrived. it doesn't hinder your enjoyment/use.
Using this in a large organisation on workstations would be a bit of an administrative nightmare, here a hardware firewall/Linux alternative which blocks off/allows specified ports allows one central point to administer it.
So I guess what I am trying to say Is I've always found zonealarm great for home use because when a program needs to access the internet or a remote machine needs to access my machine, a window will pop up and ask me if this is ok.
While at home you dont usually wish to have the restrictions that a solid Hardware firewall can impose, by explicitly denying connections on ports blocked. By using softare such as zonealarm you are free to choose which programs can use the connection as and when they arrived. it doesn't hinder your enjoyment/use.
Using this in a large organisation on workstations would be a bit of an administrative nightmare, here a hardware firewall/Linux alternative which blocks off/allows specified ports allows one central point to administer it.
So I guess what I am trying to say Is I've always found zonealarm great for home use because when a program needs to access the internet or a remote machine needs to access my machine, a window will pop up and ask me if this is ok.
so then the security risk in the business becomes if someone can find a way to sneak in an access point you have to leave open for a required business use - on the home system all the access points are open and some one has to write a software that sneaks by your guard software?
My take on it? Thanks for asking! Zonealarm is great for new users who are concerned about security. Think of it as ease of use. Example, try to forget everything you know about IP.
User cannot access the internet after installing a firewall. Why not? Why??!?! User doesn't know. User uninstalls firewall.
User installs ZA. Alert comes up saying ie explorer needs to access the internet. User understands this and allows it! User can access the internet, and also has a firewall. The world is a better place for it.
ZA cannot be used as a perimeter firewall in a network (as Grenage has already stated). BUT! It can be used as a decent host-based IDS for sensitive servers.
Cool upcoming game! Check it out!
!
Zonealarm is great for new users who are concerned about security. Think of it as ease of use. Example, try to forget everything you know about IP.User cannot access the internet after installing a firewall. Why not? Why??!?! User doesn't know. User uninstalls firewall.
User installs ZA. Alert comes up saying ie explorer needs to access the internet. User understands this and allows it! User can access the internet, and also has a firewall. The world is a better place for it.
ZA cannot be used as a perimeter firewall in a network (as Grenage has already stated). BUT! It can be used as a decent host-based IDS for sensitive servers.
Cool upcoming game! Check it out!
!
- Thread starter
- #16
Further to, "app vs. port", I have found that firewalls like ZoneAlarm control an "app’s" connection and Kerio control apps "port" connection (simplified definition). An application might connect to the net using many different "ports". So in giving permission through ZoneAlarm you give it all port access, typically, unless you modify the rule or use some presets. Something similar happens when using Kerio except that each "port" must be given permission for an app. However, both firewalls can be setup to act similarly. It is that each takes a different approach in administration. Alternately, you could run both firewalls together thereby allowing each firewall to protect each by it’s own strength.
I personally use only Kerio (on my pc) and download the per-generated config files to simplify to setup. I then modify the configuration to suit my needs. However on the rest of my home network I use ZoneAlarm. I do this since ZoneAlarm is easier for my wife (since she knows it and we've used it for years). Kerio doesn’t have the same interface and requires a bit more knowledge to use. Personally I feel more in control with Kerio (with tweaked pre-generated configs) then with ZoneAlarms simple yes or no style of interface. But as I stated eariler the same control can be achieved with ZoneAlarm and other firewalls.
Cheers
Thx to all who respond
I personally use only Kerio (on my pc) and download the per-generated config files to simplify to setup. I then modify the configuration to suit my needs. However on the rest of my home network I use ZoneAlarm. I do this since ZoneAlarm is easier for my wife (since she knows it and we've used it for years). Kerio doesn’t have the same interface and requires a bit more knowledge to use. Personally I feel more in control with Kerio (with tweaked pre-generated configs) then with ZoneAlarms simple yes or no style of interface. But as I stated eariler the same control can be achieved with ZoneAlarm and other firewalls.
Cheers
Thx to all who respond
- Status
Similar threads
- Locked
- Question
- Locked
- Question