Let’s begin with a look at protecting your PC from direct attacks: that is, when an unauthorized cracker
(which I define as a hacker who has succumbed to the Dark Side of the
Force) sits down at your keyboard and tries to gain access to your
system. Sure, it may be unlikely that a malicious user would gain
physical access to the computer in your home or office, but it’s not
impossible.
Crackers
specialize in breaking into systems (“cracking” system security, hence
the name), and at any given time, hundreds, perhaps even thousands, of
crackers roam cyberspace looking for potential targets. If you’re
online right now, the restless and far-seeing eyes of the crackers are
bound to find you eventually.
Sounds
unlikely, you say? You wish. Crackers are armed with programs that
automatically search through millions of IP addresses (the addresses
that uniquely identify any computer or device connected to the
Internet). Crackers specifically look for computers that aren’t secure,
and if they find one, they’ll pounce on it and crack their way into the
system.
Again, if all
this sounds unlikely or that it would take them forever to find you,
think again. Tests have shown that new and completely unprotected
systems routinely get cracked within 20 minutes of connecting to the
Internet!
First, Some Basic Precautions
So how do your thwart the world’s crackers? I often joke that it’s easy if you follow a simple four-prong plan:
Don’t connect to the Internet. Ever.
Don’t install programs on your computer. No, not even that one.
Don’t let anyone else work with, touch, glance at, talk about, or come with 20 feet of your computer.
Burglar-proof your home or office.
The
point here is that if you use your computer (and live your life) in an
even remotely normal way, you open up your machine to security risks.
That’s a bleak assessment, for sure, but fortunately it doesn’t take a
lot of effort on your part to turn your computer into a maximum
security area. The security techniques in this chapter (and the next
half dozen chapters) will get to that goal, but first make sure you’ve
nailed down the basics:
Leave User Account Control turned on— Yes, I know UAC is a hassle, but it’s way
better in Windows 7 because it doesn’t get in your face nearly as
often. UAC is the best thing that’s happened to Windows security in a
long time, and it’s a fact of life that your computer is much more
secure when UAC has got your back.
Be paranoid—
The belief that everyone’s out to get you may be a sign of trouble in
the real world, but it’s just common sense in the computer world.
Assume someone will sit down at your desk when you’re not around;
assume someone will try to log on to your computer when you leave for
the night; assume all uninvited email attachments are viruses; assume
unknown websites are malicious; assume any offer that sounds too good
to be true probably is.
Keep to yourself—
We all share lots of personal info online these days, but there’s
sharing and then there’s asking-for-trouble sharing. Don’t tell anybody
any of your passwords. Don’t put your email address online unless it’s
disguised in some way (for example, by writing it as username at yourdomain dot com).
Don’t give out sensitive personal data such as your social security
number, bank account number, or even your address and phone number
(unless making a purchase with a reputable vendor). Only give your
credit card data to online vendors that you trust implicitly or, even
better, get a secure PayPal account and use that instead.
Test the firewall—
A firewall’s not much good if it leaves your computer vulnerable to
attack, so you should test the firewall to make sure it’s doing its
job.
Take advantage of your router’s firewall, too—
Why have one line of defense when in all probability you can have two!
If your network has a router and that router connects to the Internet,
then it, too, has an IP address that crackers can scan for
vulnerabilities, particularly holes that expose your network. To
prevent this, most routers come with built-in hardware firewalls that
provide robust security. Access your router’s setup pages, locate the
firewall settings (see Figure 1 for an example), and then make sure the firewall is turned on.
Note
To
access the router setup pages, open a web browser, type the router
address, and then press Enter. See your device documentation for the
correct URL, but for most routers the address is either http://192.168.1.1 or http://192.168.0.1. In most cases, you have to log in with a username and password, so, again, see your documentation.
Update, update, update— Many
crackers take advantage of known Windows vulnerabilities to compromise
a system. To avoid this, keep your PC updated with the latest patches,
fixes, and service packs, many of which are designed to plug security
leaks.
Assume the worst— Back up your data regularly, keep your receipts, keep all email correspondence, and read the fine print.
Locking Your Computer
These two features are great, but they each have one small
flaw: They rely on the assumption that after you’ve entered a
legitimate username and password to log on to your Windows user
account, only you
will use your computer. This means that after you log on, you become a
“trusted” user and you have full access to your files, even if they’re
protected by permissions and encryption.
This
is certainly reasonable on the surface. After all, you wouldn’t want to
have to enter your account credentials every time you want to open,
edit, create, or delete a document. So while you’re logged on and at
your desk, you get full access to your stuff.
But
what happens when you leave your desk? If you remain logged on to
Windows, any other person who sits down at your computer can take
advantage of your trusted-user status to view and work with secure
files (including copying them to a USB flash drive inserted by the
snoop). This is what I mean by permissions and encryption having a
flaw, and it’s a potentially significant security hole in large offices
where it wouldn’t be hard for someone to pull up your chair while
you’re stuck in yet another meeting.
One
way to prevent this would be to turn off your computer every time you
leave your desk. That way, any would-be snoop would have to get past
your login to get to your files. This, obviously, is wildly impractical
and inefficient.
Caution
I’m
assuming that because you have files worthy of being protected by
permissions or encryption, you haven’t set up Windows to automatically
log on.
Is
there a better solution? You bet: You can lock your system before
leaving your desk. Anyone who tries to use your computer must enter
your password to access the Windows desktop.