| Author | Message | ||
     Thumper74 |
I've finally got my home computer up and running. I run Windows XP: 2.6Ghz, video card, 160 gig HD, etc. I used to use it for gaming, but I don't have the time to dedicate to it anymore. I would like to use it for online banking, etc but I'm concerned about it's security being on a wireless network. What can I do to make my wireless network and computer a pain in the arse to hack? What good, free apps are there for virus', SpyWare, encryption, etc.? How can I password protect my wireless network? Will the wireless network still work with my Xbox if it's protected? | ||
| Jaimec |
Avast Anti-Virus and ZoneAlarm are free Anti-virus and Firewall applications that get high marks. Spybot Search & Destroy, and Ad-Aware are two highly recommended anti-adware/anti-spyware applications, also available for free. You should enable the highest encryption allowable on your wireless router, but I have no idea what that'll do to your X-Box. I'd be very surprised, however, if the X-Box didn't support WEP encryption. | ||
| Brinnutz |
Oh, and if your worried about your wireless...use WAP instead of WEP... =) | ||
| Doon |
WPA2 encryption and a decent passkey will be helpful. Also you can normally set MAC filtering on the Access Point as well to limit only the MAC Addresses of the devices you want to connect. Also you can Hide the SSID (Disable Broadcast) which will make the network a bit harder to find (since it won't show up in the browse wireless networks, and clients would need to know its name to join). | ||
| Doon |
oh yeah forgot the obligatory don't use windows post  | ||
| Brinnutz |
Don't use Windows eh? He games..and since Mac's don't have the capabilities to run majority of games (Linux either, because of lack of driver support), Mac's suck. LOL...if they had more support and you could actually customize and upgrade the internals and modify shit, I might switch, until then... | ||
| Guell |
Doons right, make sure that the mac addys are only set to ones you allow. I think the xbox can still work, i have mine wired in, but my wii was able to connect to my wireless router. | ||
| Buellinachinashop |
"oh yeah forgot the obligatory don't use windows post." I run Windows, have to here at work, but just got the Apple Safari web browser. Seems pretty cool. Anybody know if it contains great security than running IE or FireFox? | ||
| Reepicheep |
First and foremost protect the XP machine itself. Run the firewall (built in windows one is fine for simple stuff), run antivirus (I like the AVG stuff, either the free version or the bought version), and run anti-spyware (the basic windows stuff at a minimum). I would also strongly recommend running k9 web protection, which inserts itself into your OS networking stack. It's "official" job is web filtering (all under your control) to keep the kids from learning about... well, I won't go there... to give parents control over what their kids see. But it also brings to the table an *outstanding* blacklist of sites that you don't ever want your computer to visit (kids or no kids). Because malware wants to be small and light to be more effective, it typically does not have a payload besides a program that goes to another site to get the nasty rootkits and keyboard loggers. Having K9 on the machine keeps the malware from being able to get the bad payload, and stops full infection. I installed (and greatly appreciate it) to help keep the kids from getting slimed, but if I look at the logs, my kids are behaving *great* but my computer is behaving *awful*. It stops a LOT of attempted "grey" addware type drive by installs, and has stopped a few full spyware install attempts. Keep windows up to date as well. Most spyware and malware needs a "broken" part of windows to be able to install. No shortage of those, but you can at least make sure you are only getting exploited by the latest / greatest malware. Show common sense. The parallel I give is "don't go to a bad neighborhood to buy drugs, then come back whining because your car stereo got ripped off and you got mugged". Porn sites, illegal file sharing sites, etc, are run by people who will do anything (or exploit anyone) for a buck. There are lots of bucks in exploiting you, and they won't walk away from those. Turn off (or don't turn on) all file and printer sharing on the windows box. Or at least make sure it is passworded. When you browse, particularly with anything remotely sensitive (anything that includes a password), try and make sure the link is HTTPS and not HTTP. Everyone one the world can be seeing everything going across the wire when you are using an HTTPS connection, and unless they have access to all known computers and a few thousand years of dedicated computing, they won't know what is in that encrypted stream of data. If you have VPN software for your company, use that whenever you connect through the internet. It adds another isolated and encrypted tunnel data, and effectively moves your machine back behind the protections of your corporate infrastructure. That also renders WEP or WPA encryption irrelevant, people could see every byte you send and they would never be able to make sense of it. It's good to have some encryption on the wireless access point, but mainly to raise the bar for someone trying to sniff your data or use your internet connection to do bad things. It won't really stop them. Even when it is encrypted via WEP or WPA, it is decrypted by the router and sent via the cable modem to a local sub network that probably has several hundred of your neighbors all able to listen in if they so choose. Wireless or no wireless, assume you are talking loudly in a public cafeteria unless you see that "HTTPS" URL and a little padlock showing up in the corner of your browser. You may laugh, but put your wireless router in your basement. The signal goes up pretty well to cover your house, but the dirt keeps it from going too far into the neighbors and the street. There *are* people driving around looking for unsecured connections, but they are more likely to use them to send a few million spams, transmit something illegal, or look for an unprotected share then they would be to bother sniffing your content. The last thing they want is to be sitting in front of your house pointing a pringles can at your window when you are home. They want to make their money or do their crime and get out quick. Or the neighbor just wants free internet. If a neighbor (or punk in the street) posts copyrighted music on a bit torrent network, you will be the one getting the lawsuit letter from the RIAA, and you are the one that will be effectively declared guilty until you can prove yourself innocent. I would also keep your email off your local box and use something like gmail, preferably via HTTPS. Email is an unecrypted data stream and easy to sniff (with our without wireless involved). Use a simple off the shelf router / firewall, in basic and secure default setups. Most are configured well direct from the factory. Every port you open on it (for file sharing, gaming, etc) is one more window an attacker can pry on. First and foremost, protect the machine, thats the richest target for an attacker. | ||
| Jaimec |
For Safari's security, I think I'd stick with IE (but I use Mozilla's Seamonkey myself): http://www.theregister.co.uk/2008/05/15/apple_safa ri_carpet_bombing_vuln/ | ||
| Thumper74 |
Does the HTTPS prefix work on everysite? Can I just use HTTPS://www.badweatherbikers.com to secure the information at anysite? | ||
| Doon |
Notice the smiley after the don't use windows in my post. I will re-iterate what I said in a different thread. the only safe computer(regardless of OS) is the one that is in a box, not connected to anything.. I use a bunch of different computers.(FreeBSD for servers, OpenBSD for Firewalls, Linux/OSX/FreeBSD for workstations) they all have their issues. it is just about mitigating the risk of them getting owned/cracked. All of them could be subject to a 0-day exploit. Windows is the just the largest target as it has the largest market share and a questionable record of patching (it is getting better though). So the trick to anything is to stay current with vendor patches/fixes. Disable uneccasary services. Don't click on stuff you don't know/open unknown attachments. If you get an email from cnn and is says you need a codec to watch the movie don't run it And if it sounds too good to be true, it probably is. (oh and for what it is worth I can play portal on my ubuntu machine via wine ). But I don't play too many PC games, normally just use them for coding and the like. I do most of my game playing on the Xbox360, PS3, or wii (they are all on a separate network, different firewalls from the lan and wireless networks at home just in case they get p0wned). My current game of choice is lego indy (playing it with my wife on the ps3). | ||
| Doon |
thumper. HTTPS must be configured on the server. Most places do not as it increases server load and proc usage on each connection. A suggestion is that you use different passwords on each site you are on. So that way if say your badweb username/password gets compromised (for whatever reason), they don't have the password to your bank.. Etc.. Assume that anything with HTTPS can be intercepted in transport (this goes for either using wireless or the wired). HTTPS is much harder for an attacker to break (much easier to social engineer the information out of you, that to attack the SSL keys). | ||
| Buellinachinashop |
"I do most of my game playing on the Xbox360, PS3, or wii (they are all on a separate network, different firewalls from the lan and wireless networks at home just in case they get p0wned)." Party at Doon's. | ||
| Reepicheep |
You meant "anything using HTTPS can't be intercepted in transport" I think... Cracking a modern browsers SSL (HTTPS) connection is dang near impossible. Much easier to compromise machines at either end (your machine and browser, or the site you are connecting with). AES256 encryption, which the newer versions of WinZip will do out of the box, is estimated to take all the computers ever built running for the known age of the universe. Computers will keep getting faster, but that is a *boatload* of headroom. SSL (depending on how new your browser and the server you are connected with are) is probably at least 128 bit encryption. To set up HTTPS with an official "signed" certificate is like $500 a year or something, that is what keeps many smaller sites from doing it. If you are going to a larger ecommerce site that doesnt it, go someplace else. If you go to a site that accepts credit cards and doesn't use HTTPS for the credit card PAN transfer, they are in voilation of the PCI credit card standards and should be fined by their payment accepting bank. | ||
| Doon |
reepicheap: yeah I meant to say assume anything that doesn't start with HTTPS: Sigh long day at the NOC and need to be back in a couple hours to debug the long day. Well you can get cheap SSL certs (<$100)>7,FF3) you must pay the Tithe . We used to use self signed Certificates (just as secure) but most new browsers make you jump through hoops to add them, or add exceptions. As for the party @ my house. Okie dokie just bring beer / food.. But I better clear it with my controlling terminal (SWMBO) and make sure it is ok first | ||
| Court |
And the less bright among our ranks do what? . . . me? . . I keep an old credit card from 35 years ago in college with a meager credit limit on it. It works great for the Zumo 550 new Nikon etc. . . . but it won't do much at any one time . . . . It's the same thing as carrying $3.54 and wearing a $7 watch when you get mugged. | ||
| Josh_ |
256-bit SSL certs are $30 at godaddy.com and are from a top-tier signer. Work great! https://www.godaddy.com/gdshop/ssl/ssl.asp?ci=8979 #tabs | ||
| Reepicheep |
Thanks Josh, thats great! I use them for some "playing around" hosting, didn't realize they would give an SSL cert so cheap. Their linux hosting plan is dirt cheap as well, and has been great since I have been using it. | ||
| Xb12rene |
For the computer: keep Windows updated (most important), decent firewall, anti-virus, anti-spyware, anti-trojan should do the trick. All can be had for free: check here http://www.techsupportalert.com/ for an overview. The router: minimum is WPA encryption with a good password (>32 characters, include numbers, special characters, no words found in dictionary, example: Z-LQ6]bB9TxC2D5P.X38). WPA is hard to hack, and a potential hacker most likely moves on to an easier target. WEP encryption, MAC filtering, hiding SSID only give a false sense of security. Each one can be hacked by an 13 year old in less than 10 minutes. But remember the best protection on the web is common sense. Hope that helps | ||
| Cityxslicker |
Fine line between security and access. Want to be totally secure? Tak your machine out in the back yard, and smash it to pieces with a bat. It will ensure that you are never hacked. Anything short of that is gamblin with varying rates of success. probably nsfw  http://www.youtube.com/watch?v=wzGWvZAd228 | ||
| Corporatemonkey |
There a few good points aleady mention in this thread. As for WIFI security there is only one protection that matters; a strong WPA2 pass key on a fully updated router. Everything else is just fluff. Check with your wifi routers manufacture website for the latest firmware. If you need help, list your router manufacture/model number I will post a link. As for a strong WPA2 key I use a random code generator. https://www.grc.com/passwords.htm You want to use a 63 character key, as WPA2 has not officially been cracked yet, but brute force attacks work quite well one it. (I won't go into detail and bore the class) If you use a 63 character key, and change it every few months you will be fine. You are more likely to get into trouble visiting Pr0n sites. |
