Is your computer secure?

Security is not an easy thing for the average consumer. The methods and procedures to ensure that you are not vulnerable to attacks are typically difficult and prone to configuration errors. With so many solutions out there, where does a consumer start?

Since Windows dominates the consumer market, let’s focus on securing this beast. Let’s use the analogy of physically securing one’s house. If I lock the door with my super expensive medico lock, but I leave my basement window open, am I secure? So I then lock all my windows, great I am now secure … Wrong!! The thief kicks on my door which has the expensive lock but I forgot to reinforce my door frame and within 5 big kicks, the thief is in. I reinforce my door to the point that the thief will need to drive a car through it. Haha, I showed that thief that he cannot mess with me … Wrong again!! The thief breaks my basement window and enters my house again. Now I need lock bars across all Windows and make it look like Alcatraz except people are trying to get in instead of out. I hope that you are starting to see my point.

A layered security approach is required and it takes many security controls implemented to ensure that I minimize the amount of risk that I am willing to accept … you can never be 100% secure and if any vendor says their solution is, they are wrong and I have swampland in Florida to sell you.

Where does one start? To not overwhelm the average consumer, I will focus on 4 things:

  • Windows software up-to-date;
  • Latest anti-virus definitions installed;
  • Personal firewall running; and
  • Never click on links.

Users should enable Windows automatic updates which will ensure that security software updates are transparently downloaded and installed as soon as the patches are available. Keeping your software up-to-date will prevent attackers from exploiting vulnerabilities within the software.

With latest anti-virus definitions, newly identified viruses or malware will be detected and mitigated. This will only protect you from known malware. It is one layer of your security onion.

A personal firewall that is stateful will monitor all communications from the Internet and can filter out unwanted traffic in accordance with the policy rules enabled. For example, the personal firewall could deny all hackers trying to find live IP addresses by blocking ICMP (Ping) echo requests.

User awareness is probably one of the most important aspects of keeping the bad guys out. Attackers can deliver malware using many mechanisms through the web or e-mail:

  • Clicking on malicious links;
  • Downloading bad software;
  • Visiting high risk sites;
  • Opening infected attachments; and
  • Inserting infected media.

This is a never-ending list as attackers find creative ways to stay ahead of security defences. The easiest way is get users to click on malicious links. Links may look fine and when visited, the site appears fine but what you do not see is potentially the malicious code being downloaded and a backdoor for an attacker to remote connect to your computer. E-mails or Facebook are the easiest ways to massively deliver these links. If a trusted friend is infected, the attacker can generate an e-mail which comes from your friend’s e-mail account. As there are many things to look for in a link, I would recommend for novice users to never click on links, regardless if it comes from a friend. Your friend may have actually sent the link and does not know that it is malicious. In another post, I will give you tips on what to look for in a link.

Safe browsing!!

Add to DeliciousAdd to DiggAdd to FaceBookAdd to Twitter

About the author

kim.edwards - Kim Edwards owns and operates an information and network security consulting company which provides security services to both public and private sector clients. With over 18 years experience in networking security and telecommunications, Kim excels at leadership, design, threat management, and architecture. His recent work covers advanced research and security assessments and impacts for enterprise-type networks such as the Canadian House of Commons, Communications Security Establishment and Nortel. Kim has earned an MSc in Electrical Engineering from Queen's, specializing in cryptography with a BSc from the Royal Military College of Canada.

4 Responses to "Is your computer secure?"

  1. Hey Kim,

    Thanks, that’s very clear, practical and useful advice which I certainly agree with.

    While I was reading, I was thinking about the effect of deterrence. In general, home computer users aren’t usually selectively targeted. By that I mean that by attacking a home user, the attacker isn’t usually looking to gain something that only that user has. In those cases, if the attacker quickly realizes that a particular target is prepared, then the attacker will quickly switch attention to much easier targets elsewhere. The defence will in that case only have to be a deterrent. To use your analogy, if your house has an alarm system, but the neighbour doesn’t then the burglar will choose the easier target.

    On the other hand, this won’t hold true if the attacker chooses his target because he/she knows that target have something special that the attacker wants. Analogous to when it’s a hot day and the burglar is looking to steal ice cream and knows you have high end ice cream in your fridge but your neighbour doesn’t, then the alarm system might not be a deterrent…

    So, maybe one can say that by following Kim’s advice you’re clearly going to be a much more difficult target compared to others who don’t follow it and you’ll be deterring attacks. There is generally no need to go beyond that unless you know you might be a target because of your fridge contents or something like that…

    Great first blog entry, I’m looking forward to more!
    Cheers!
    /P

  2. Great post Kim. You’ve highlighted a significant area that everyday internet users should familiarize themselves with.

    A “layered security approach” or “defense in depth” is absolutely necessary if an everyday user wants to be somewhat protected. With mediums such as DSL and cable modems, we are in an “always connected” generation; great for accessibility and availability but it also exposes an infinite amount of vulnerabilities that threat agents (attackers) can easily exploit. With providing safeguards at different layers, it makes it more time consuming (annoyance) for attackers to penetrate. The goal we are trying to achieve is to frustrate the attacker to the point where he moves on to another machine (a deterrence, as Patrik pointed out in his comment). The primary function of these safeguards is to provide a secure perimeter around our operating system and applications. The reason is that security was not a primary focus when these applications were developed (a topic left for another blog entry) . The analogy you will hear to describe this is “soft chewy centre/hard crunchy outside”. What this means is once you can penetrate the perimeter, it’s open season :). This is why we use multiple safeguards to form layers.

    This leads back into another point that you made in that you can never be 100% secure. This is known as the residual risk (ie. the amount of risk you accept). Implementing safeguards provides good protection but individuals have to realize that risk is still present and vulnerabilities can still (and will) be exploited.

    What you’ve outlined is a good first step but I also think that more can easily be done. Let’s be honest here, a significant majority of internet users don’t follow the basic principles that you outlined. Is it that they are naive, ignorant, unfamiliar or just don’t care? I really don’t know the answer to that. All we can really do as security professionals is educate people on following necessary security baselines and procedures. Knowledge is king!

    Here are some additional steps that can be used to help protect your systems. The tools mentioned are all free tools:
    -Microsoft Security Baseline Analyzer. This tool will help identify any missing security updates and also if there are any misconfiguration in your system and remedies on how to correct them. It can be downloaded directly from Microsoft.
    -Harden the OS. What is OS hardening? It’s ensuring that any unnecessary services within the operating system are closed. Attackers can easily exploit these services to cause harm such as a denial of service attacks or Malware. A good tool available is called NMAP which is a network mapping tool that can be used to determine what services are running on your machine and to determine the network topology. There are some guides available on the web that define proper hardening guidelines. The NSA has some guides that can be followed: https://www.nsa.gov/ia/guidance/security_configuration_guides/operating_systems.shtml
    -File Integrity Checker. A tool I’ve been using of late is called Sentinel. It’s a file integrity checker that takes a snapshot (can either be a CRC32, MD5 or SHA1 hash) of all the critical operating system files. It can integrate with your anti-virus checker as well so when it does a scan and finds that a file has been modified (hash is different from the snapshot view), it’ll launch the anti-virus to scan the file
    -CCleaner. This tool helps protects your privacy online by deleting any trails left behind while browsing (cache entries, cookies etc..). It also scans registry entries for any broken links, securely deletes files (by using DoD procedures). A great little tool that I’ve been really happy with

    Some other best practices to follow:
    -Be wary of Social media sites such as Facebook, Twitter, linkedIn. More and more attacks these days are occurring from these platforms, and the intriguing part is that these attacks aren’t sophisticated but are relying on old techniques such as social engineering. People will divulge anything and everything these days. Attackers can easily learn personal information and use it in a malicious manner against an intended individual. These attackers pose a greater risk than the group mentioned above as they are going after a specific individual and will most likely due their due diligence
    -Be careful of the information you exchange while in WiFi hotspots. The majority of the WiFi hotspots don’t use secure mechanisms such as WPA and WPA2 so your traffic is going to be sent in plaintext, yet people still may check personal emails or do work. Who knows the potential confidential information that is exchanged and could be intercepted by an attacker. I for one never check personal email in hotspots and if I do, I ensure that I use a VPN.

    Looking forward to more blogs. Keep up the good work Kim.

    Cheers,
    Jojo

  3. Very interesting info, i am waiting for more ! Keep updating your blog and you will have a lot o readers

  4. Found your blog via yahoo the other day and absolutely like it so much. Carry on this fantastic work.

Do you have something to say?

Your email is never published nor shared.
Required fields are marked *

WP-SpamFree by Pole Position Marketing