From the
Internet Storm Center handlers:
One of
the first ways to start a security
discussion is with physical security. Yes,
I know this is a technical forum, but
really, is the system secure physically?
Make sure the location can be secured.
Utilize some type of locking mechanism to
keep the machine safe. This may be a cable
lock for a laptop computer or a lock on the
CPU case. This is a pretty basic rule, but
surprisingly many people forget this
essential component of cyber security. One
of the ways to increase your information
security effort is to combine your program
with the physical security department. Have
you met with them and pooled your
resources? Are you able to obtain audit
logs of physical access as easily as you are
able to pull up an event log?
Second,
remember to configure the administrator
password. Most likely the system will come
with no administrator password, or a default
password common to many systems. Before you
go ahead, think about a good password. A
good password is long and uses a diverse set
of characters, numbers and special
characters (~!@#$%^&*()_). One approach to
a good password is a pass-phrase. A
pass-phrase is a short, easy to remember
sentence. No worries, it’s easy. Just think
of a phrase that is on your mind like:
No hurricanes for Norfolk!
Your password could be: (Nh4ORF!)
See, the first N is capitalized, lower case
h for hurricanes, a numeral 4 = “for”, ORF
is the airport code for Norfolk and a special character
exclamation mark.
Here are some other ideas I like:
Use a food or product they like then modify
it. Like Roast Beef
Your password would be: (R0@s1b33f)
Use a thing, like a USB Device
Your password would be: usbdevice
(uSBd3^1ce)
It’s easy to come up with a complex though
easy to remember pass phrase. If you need
help remembering your password, just write
down a word (hint) that reminds you of the
phrase, NOT
the password. Next, don’t forget to write
down your administrator password and keep it
in a safe place (for example a safe, safety
deposit box or store it in a sealed envelope
with a friend or relative). It makes sense
to keep one copy of the password in your
safe and another copy off-site.
While we
are on the subject of the administrator account,
let’s discuss the idea of having two
accounts. While you may need an
administrator account to accomplish loading
software and making updates, do you really
need administrator access to write e-mail
and surf? No. So make yourself a regular
account without administrator access and use
it as your “normal day-to-day” account.
Only use your administrator account to
accomplish administrative duties.
XP
Tips from one of our Canadian readers:
-install latest patches, and enable Windows
Update
-disable file and print sharing, disable
DCOM
-turn off several Windows services
-use msconfig to disable more
stuff
-disable extension hiding and file sharing
in Explorer
-secure IE, then install and use Firefox &
noscript plugin
-install a firewall (PCTools Firewall Plus,
or Comodo)
-install antivirus, antispyware, and
Security Task Manager
-install a new hosts file (MVPS, accs-net,
yoyo) to block ads and malicious sites
-create and always use an unprivileged
account
-if my kids will be using the computer, then
I use Microsoft's SRP (Software Restriction
Policies)
Vista Tip from Boris:
- Don't turn off UAC (User Access
Control). It's annoying sure, but isn't
your data and your machine worth that
little bit of hassle.
