SnowRidge
Elite Member
<font color="green"> 1) Do not rely on a software firewall such as BlackIce Defender or similar. They can be good backups in addition, but your first line of defense should be a good hardware firewall/NAT router. Linksys or DLink are good names (The linksys BEFSR41 is probably my best recommendation). Stay away from the Belkins (sometimes sold at Walmart). Don't let the phone companies installer give you a DSL modem connected by USB. Make sure it is an ethernet connected modem so you can use your hardware firewall with it. </font>
Netgear is fine too. Absolutely stay away from USB modems.
<font color="green"> 2) Do away with Internet Explorer or any frontend based on IE that masquerades as an alternative browser. Use IE ONLY to go to Windows Update and get your security updates and software patches. Go with Firefox or Opera. Also, do not use Outlook Express or Outlook for the same reasons as above. There are currently security problems for these packages that are over 8 months old and still there is NO fix for the problem. ***Edit: Thunderbird or Eudora are good email software replacements. </font>
Yes, yes, yes. For the Windoze world, you can add "The Bat." Whatever email client you use, make sure that HTML is turned <font color="red"> Off </font> for inbound emails. You should turn it off for outbound too.
<font color="green"> 3) Tell your installer that you want your PC configured with only standard configurations. Tell them you do NOT wanted any branded configurations. If the installer tries to put any CD's or diskettes in your PC, slap him upside the head. </font>
Better yet, configure it yourself, if you can.
<font color="green"> 4) Make SURE your PC is up to date and protected by the router/firewall and also up to date antivirus software BEFORE connecting it to the network. Current statistics show an unpatched PC connected via a broadband connections takes on average only 3 minutes to be compromised by malicious software. </font>
It's a bit difficult to update firewall software without being connected, but absolutely go with a hardware router/NAT from the get-go.
<font color="green"> 5) Don't rely on your firewall to protect you. Firewalls ONLY protect against brute force attacks. You can still VERY easily be compromised by passive attacks coming in through trusted sources such as email and requiring you to click on something. Once your machine is compromised by the passive attack, the firewall does no good, because your PC connects outbound to the attacker. There is no inbound attack for the firewall to stop. </font>
But a good "state aware" or "stateful" firewall can help by monitoring for and blocking improper outbound connections.
Netgear is fine too. Absolutely stay away from USB modems.
<font color="green"> 2) Do away with Internet Explorer or any frontend based on IE that masquerades as an alternative browser. Use IE ONLY to go to Windows Update and get your security updates and software patches. Go with Firefox or Opera. Also, do not use Outlook Express or Outlook for the same reasons as above. There are currently security problems for these packages that are over 8 months old and still there is NO fix for the problem. ***Edit: Thunderbird or Eudora are good email software replacements. </font>
Yes, yes, yes. For the Windoze world, you can add "The Bat." Whatever email client you use, make sure that HTML is turned <font color="red"> Off </font> for inbound emails. You should turn it off for outbound too.
<font color="green"> 3) Tell your installer that you want your PC configured with only standard configurations. Tell them you do NOT wanted any branded configurations. If the installer tries to put any CD's or diskettes in your PC, slap him upside the head. </font>
Better yet, configure it yourself, if you can.
<font color="green"> 4) Make SURE your PC is up to date and protected by the router/firewall and also up to date antivirus software BEFORE connecting it to the network. Current statistics show an unpatched PC connected via a broadband connections takes on average only 3 minutes to be compromised by malicious software. </font>
It's a bit difficult to update firewall software without being connected, but absolutely go with a hardware router/NAT from the get-go.
<font color="green"> 5) Don't rely on your firewall to protect you. Firewalls ONLY protect against brute force attacks. You can still VERY easily be compromised by passive attacks coming in through trusted sources such as email and requiring you to click on something. Once your machine is compromised by the passive attack, the firewall does no good, because your PC connects outbound to the attacker. There is no inbound attack for the firewall to stop. </font>
But a good "state aware" or "stateful" firewall can help by monitoring for and blocking improper outbound connections.
