RSS

Case #7: Computer System Security

Another way of Computer System Security

1. Use electrical surge protectors to ensure your computers will not experience sudden surges of electricity, e.g., during storms, if the quality of your electricity in your building is poor, or is the computer is turned off and on.

2. Develop a disaster recovery plan. The plan should address contingencies. It should include procedures to respond to, e.g., if a disk crashes, if the computer quits working, if the network is down, if the building is somehow destroyed, etc.

3. Make back-up files to avoid losing information stored on your computers when, e.g., a disk breaks (or "crashes"), ensure that computer files are regularly backed up to another media, e.g., backed up onto magnetic tapes, "zip" disk, CD-ROM, etc.

4. Keep your system patched Most vendors provide patches that are supposed to fix bugs in their products. Frequently these patches do what they’re supposed to do. However, sometimes a patch fixes one problem but causes another. For example, did you ever have a repairperson fix an appliance but in the process, they scratched the floor or damaged a countertop during their visit? For a computer, the repair cycle might have to be repeated until a patch completely fixes a problem.

5. Ensure that computers remain working as much as possible (that is, maximum their uptime) by recording and testing detailed procedures for all routine, but critical, tasks performed by staff on the computers and associated peripherals, e.g., for computer backups and restores, fixing recurring problems, etc. Locate and label the procedures in a central location of which all staff are aware.


6. Only run services that you need.  Each network service that is installed on your computer opens a network port that can be probed by hackers and viruses. Resist the temptation to experiment with network services that you are not likely to use. Commonly targeted services are IIS (Microsoft's Web server), ftp (file transfer protocol), telnet (remote login to a command prompt), Upnp (universal plug and play) and Microsoft File Sharing.

7. Use plain old common sense. When in doubt, err of the side of safety. Delete email attachments from people you don’t know (WITHOUT opening them!). Beware especially aware of tempting animations on unprofessional-looking sites. Keep an eye out for strange links or attachments in Instant Messaging (IM) programs—they just might contain malicious code.

8.  Don’t trust foreign networks. This is especially important on open wireless networks such as at your local coffee shop. If you’re careful and smart about security, there’s no reason you cannot use a wireless network at a coffee shop or some other untrusted foreign network, but the key is that you have to ensure security through your own system, and not trust the foreign network to be safe from malicious security crackers. For instance, it is much more critical that you protect sensitive communications with encryption on an open wireless network, including when connecting to Web sites where you use a login session cookie to automate authentication or enter a username and password. Less obviously, make sure you don’t have any network services running that are not strictly necessary, as they can be exploited if there is an unpatched vulnerability. This applies to network filesystem software such as NFS or Microsoft CIFS, SSH servers, Active Directory services, and any of a number of other possibilities. Check your systems both from the inside and the outside to determine what opportunities malicious security crackers may have to attempt to compromise your computer, and make sure those points of entry are as locked down as reasonably possible. In some respects, this is just an extension of the points about shutting down unneeded services and encrypting sensitive communications, except that in dealing with foreign networks you must be especially stingy with the services you allow to run on your system and what communications you consider “sensitive.” Protecting yourself on a foreign, untrusted network may in fact require a complete reworking of your system’s security profile.

9. Get an uninterruptible power supply. You don’t just want a UPS so you won’t lose files if the power goes out. There are other, ultimately more important reasons, such as power conditioning and avoiding filesystem corruption. For this reason, make sure you get something that works with your operating system to notify it when it needs to shut itself down, in case you aren’t home when the power goes out, and make sure you get a UPS that provides power conditioning as well as battery back-up. A surge protector simply isn’t enough to protect your system against damage from “dirty” power. Remember, a UPS is key to protecting both your hardware and your data.

10. Monitor systems for security threats and breaches. Never assume that just because you’ve gone through a checklist of security preparations your systems are necessarily safe from security crackers. You should always institute some kind of monitoring routine to ensure that suspicious events come to your attention quickly and allow you to follow up on what may be security breaches or threats to security. This sort of attention should not only be spent on network monitoring but also integrity auditing and/or other local system security monitoring techniques.


11. Enable MAC Address Filtering Each piece of Wi-Fi gear possesses a unique identifier called the physical address or MAC address. Access points and routers keep track of the MAC addresses of all devices that connect to them. Many such products offer the owner an option to key in the MAC addresses of their home equipment, that restricts the network to only allow connections from those devices. Do this, but also know that the feature is not so powerful as it may seem. Hackers and their software programs can fake MAC addresses easily.

12. Do Not Auto-Connect to Open Wi-Fi Networks Connecting to an open Wi-Fi network such as a free wireless hotspot or your neighbor's router exposes your computer to security risks. Although not normally enabled, most computers have a setting available allowing these connections to happen automatically without notifying you (the user). This setting should not be enabled except in temporary situations.


13. Assign Static IP Addresses to Devices Most home networkers gravitate toward using dynamic IP addresses. DHCP technology is indeed easy to set up. Unfortunately, this convenience also works to the advantage of network attackers, who can easily obtain valid IP addresses from your network's DHCP pool. Turn off DHCP on the router or access point, set a fixed IP address range instead, then configure each connected device to match. Use a private IP address range (like 10.0.0.x) to prevent computers from being directly reached from the Internet.

14. Defrag your hard drive Run a utility program to "defragment" your hard drive. The utility will place your files in contiguous cluster and will optimise your hard drive, placing your most frequently used files up front for faster access. This will improve performance over time. You should run your defrag utility frequently to minimize the time required to complete the task. If possible, run the defrag utility once a week, or at a minimum, once a month.

15.  Avoid social networking sites. Sites like MySpace and Facebook are a dream for thieves and stalkers. They allow anyone the ability to gather information about you that may aid them in stealing your identity. Think twice before you post any sensitive or damaging information on these sites.


16. Filling in web forms and registration pages - There may be nobody behind you watching you as you type. But that doesn't stop a keylogger (a program or device that logs all your key-strokes) from collecting your information. Try to keep all sensitive material on your own machine (the one that you maintain and protect), and keep it off those public computers.

17. Disconnect from the Internet when not in use. Remember that the Digital Highway is a two-way road. You send and receive information on it. Disconnecting your computer from the Internet when you're not online lessens the chance that someone will be able to access your computer. And if you haven't kept your anti-virus software up-to-date, or don't have a firewall in place, someone could infect your computer or use it to harm someone else on the Internet. and help protect others: disconnect!

18.  Reboot Your Computer Since many of today’s PC’s and Laptops now have Power-Save options, it’s natural to forget that your computer needs to reboot occasionally. When you make changes to your computer’s settings, or install new programs, it can help to reboot your PC to help these changes to take effect.

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS

0 comments:

Post a Comment