security site

well Dr Doom if this any indication of how the new format is going to be pesented you and of course Arie, get an A++++
all the security and related sites all under "one roof "
is there any way or will that page be at the top of the security page all the time
pbyk

 

right on Arie and glad to see you got her up and runnin
ken

 

Danke schoen and welcome back.

My view is that if a computer is not secure, any other consideration can become meaningless with a mouse-click, as an uninvited digital lifeform wreaks havoc.

Security will be strongly stressed here, inasmuch as it's the one thing that one almost never hears about when shopping for a computer. That boxed system can be taken home, wired up, put online and be an expensive doorstop in a few days because no one ever told the buyer the basics.

If the OEMs would put a pamphlet in their shipments that described the dangers of the Web, life would be far easier for techs and far more difficult for the attackers.

OTOH, when I'm still getting occasional Code Red/Nimda hits from compromised servers, I wonder if anyone cares about security.

But, that's why we're here.

 

So I take it you'd recommend against using a DSL connection w/o a firewall?

 

As mentioned above most people who purchase computers do not have a clue what is in store for them once they hook to the net. Even if they take the basics classes on how to run windows and use the net most do not know to setup and update AV nor know what a firewall is less what it can do for them. Most that come to you all are in trouble already and I am sure are glad you are here! I know I was when I started on my journey through the forums! As far as firewalls I use Norton and also have a router.
Most do not. I currently suggest Zone Alarm its good, still free and covers quite well! What about the other little critters that play havoc Spyware for instance or VBS script changing homepages or worse, tell me how many new users know those. What you guys have here is good. People need you and will for a long time.
For every Idiot that spends thier time creating malicious programs there are three of you guys that will help others fix the problem. Sounds like good odds to me!
Keep up the good work!
Dave

 

davey7549, you mention spyware and the like. I've found AdAware (www.lavasoftusa.com) to be a great little spyware scanner. It works alot like your standard AV program but it looks for spyware instead of virus'. Best part, it's FREE just like ZoneAlarm.

 

Tnx much for the reminder on Ad-Aware. I have it on this machine and I still neglected to include it. That omission will be corrected shortly.
[hr][/hr]

Absolutely! The combination of a high-speed connection and (in the vast majority of cases) a fixed IP number make DSL/Cable connections ideal for the twits. All they need is a response from a computer at a given IP number, and they'll be able to send thousands of port probes in a matter of a few minutes. The fixed IP# also allows them to return day after day trying new exploits. The brats can't take "NO!" for an answer.

A good firewall not only blocks the probes, but also blocks any machine response to them. In effect, the computer is in what the GRC site calls "stealth mode ", providing no indication that there's a computer at that IP address.

Even on my 28.8K POTS connection, I get several hits every day, although it's not as often as it was last year at the height of the Code Red/Nimda idiocy.

I wouldn't go online with this modem connection without my firewall running, let alone with a DSL or cable link-up.

 

DD - a question for you.

I am running several PCs from home on DSL thru a Linksys router/switch and using NAT. Therefore, the DHCP assigned addresses for my computers are in that wonderful 192.168.x.x group and shouldn't be seen from outside as I understand it.

Any sort of additional firewalling via software on the PCs just causes horrible issues within my tiny LAN.

I would think that the NAT would take care of many of the problems and the firewall in the linksys firmware would pretty much deal with the rest (assuming I didn't so something stupid with the parameters).

Agree?? Disagree?? Additional Suggestions??

 

I'm not all that familiar with it, having just this one old reliable HP.

Here's an article on the issue.

NAT, firewall, proxy or what?

One thing the page notes is that with a network configured in the manner shown in the diagram, the NAT will not protect the gateway machine.

Here's an alternative connection using the router in front of everything else.

Dedicated NAT/Firewall box

In this case, the hardware-based NAT in Linksys routers (or whichever ones have that feature) protects the entire LAN.


Here's something that might be worth looking into for added security, if you're as paranoid as I am.

Zone Labs - Linksysy - Internet Security Center

 

Thanks DD.

I am configured with the router taking feed from my broadband ISP. Should be in good shape then.

I really love the little box. No more messing with other protocols to keep a small home LAN working. Also, I got a 4 port router/switch even though I only have 2 PCs because a couple of my kids bring a laptop when they visit and this way they can plug in, boot up, and be good to go for internet services. They can also easily connect to the printer and scanner. 100Mb to each of the PCs ain't so shabby either.

I've never liked any of the software ICS solutions. I had a little 10Mb hub before the router so had to have firewalls on both PCs and use that "N" protocol to keep em talking with each other. Worked but not elegant and I just love elegant.