When you get a new Windows PC or re-install an old one from scratch there are things you should do to secure the box and your habits. These are the ones I semi-automatically do or think about when going through this process. They fall into several categories with sub-point(s) to each.
Security
1. Use a firewall.
I don’t care what others say about not needing a firewall - you do. How you choose to implement this is entirely a different matter. You can opt to:
trust XP or Vista’s (better) firewall and add to this by using a router that hides your local hardware.
Turn off the above but use a third party firewall which adds outbound protection as well. There are lots out there, but 2 free ones I’d be happy to use are Jetico and Comodo.
Finally you can add in a third party firewall box - anything from the big commercial boys would be fine or better still convert an old PC to use Smoothwall.
2. Install, use and update Anti Virus software.
For my money I presently use and recommend Eset’s Nod32 but AVG or Avast’s free home offerings also do a good job.
3. Install and run - weekly - an anti-malware / spyware package.
This is a huge area and potentially the one filled with the most risk. Unfortunately if you just go and google for an anti-spyware app you are as likely to find one that is spyware as one that removes said spyware.
The ones I like and use (yes, all of them) are:
Prevx
Lavasoft
Spybot S&D
Tweaks
4. Ensure you have installed the latest patches for your operating system (OS).
I tend to be a tad on the paranoid side for installing updates and one of the things I do is to disable windows automatic updates. Not totally though as I get it to alert me. I then investigate the patch, service pack, whatever and see if others have had problems. Then after a few weeks have gone by I’ll tentively update after having backed up my data.
5. Use firefox browser.
I guess Safari, Opera or any other non IE based browser is ok too but I do my best to avoid IE wherever I can. If you insist on using IE then please at least set the security level to high.
The other thing I do above all is to use a sandbox. Two I have used are GreenBorder and Sandboxie. Of the two GreenBorder is easier to use but is currently not available for purchase or download as Google have purchased them - my guess is that it will come out for free aspart of the Google Apps setup. However, Sandboxie is the free one of the two and works well.
So if you insist on visiting not so salubrious sites, or known spyware hangouts then let me suggest you use a sandbox from which to do your surfing and testing of any downloads. If your virtual environment doesn’t get infected after a week or so of use then you can feel safe in transferring whatever to your PC.
Software
7. Use a securer eMail client
The latest advice here is to use something like Google Mail via firefox but to add the ‘CustomiseGoogle‘ addon and set the always use https to access it. If you want a local client then run away from Outlook and its offspring Outlook Express and instead use Mozilla Thunderbird - you can even set it up to grab you Google Mail and leave the majority of the spam on Googles servers.
8. If you do use a local eMail client then be sure to:
install and use a third party spam filter
be very careful about opening attachments - even if you know the sender it is always best to double check if they send you something unannounced
in a similar vein - don’t click on random URL’s in an eMail especially if it purports to have come from your bank. Go and manually type in the known URL.
ensure you anti-virus is scanning your eMail
9. Passwords
Whilst not a tweak or software per se it is all part of securing your PC.
I don’t intend to repeat the excellent advice on what constitutes a good password but I will tell you my process. I install and use Roboform or a free alternative is KeePass. With both of these apps you can create unique entries and passwords for each and every website or piece of software you need to log in to. You don’t have to worry about remembering any of these as the two I’ve mentioned both have an autofill function.
The final act in setting these up is to use one ultra tough master password to secure your database with. Both allow you to set time limits on the database access before you have to re-enter the master password. And all you have to recall each time is the master password.
Additionally both of these apps will happily reside on a USB key.
Also obviously, or maybe not from my experience, one should never ever write a password down.
10. Backup.
Whilst in itself not a security feature, it is vital to have a decent backup regime that allows you to restore corrupted databases of passwords. etc.
Hardware
11. Secure your Wi-Fi.
Please don’t use WEP - instead workout what is the securest form of encryption you have and use that. Currently it is WPA2 with either a pre-shared key or access to an authentication server (this can be done easily and relatively cheap for a small network with organisations such as Witopia).
Despite what you might hear - turning on MAC Filtering and SSID hiding does not increase your security. What it may do is persuade any would be hacker that you have taken steps to configure your wi-fi encryption, but without WPA2 MAC filter and SSID hiding are useless.
Lastly, if using a laptop on a public wi-fi then ensure your communications are encrypted. Again WiTopia can help here or alternatively something like Keypoint Access from RedCannon or the SiNiC Card which is (in their blurb) a ‘hardware enforced endpoint’. Cool.
12. Secure your hardware
All of the above is useless if you haven’t secured your hardware in some form. Either locked behind your front door or in the use of anti-theft devices for your laptop.
—-
There it is then. Not 100% comprehensive, but a good start to securing your new or newly rebuilt PC.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment