Tuesday, 20 November 2012


1 Never install software that you don't go looking for and research yourself. Anything that pops up unexpectedly is probably not to be trusted. Always download from a good source, stay within the Linux repositories unless you are sure the software and site is genuine. Running scripts from forums may not be safe.

2 Install and enable a firewall, most distro's will be running iptables. If you need a firewall just run "sudo apt-get install ufw". when installed, run "sudo ufw enable". You will get confirmation back saying "Firewall is active and enabled on system startup"

If you prefer an interface, install gufw after the above, this will give you a graphical user interface that will show up in your programmes list instead of using a terminal.

3 Don't trust emails/messages unless you are sure who they are from, long lost relations won't contact you asking for money or directing you to a link or download. If you need to check an account it's much safer to check your Paypal or similar account yourself rather than following a link

4 Take a second to check the URL, it's easy to set up a site that has a similar name to the one that you want that you may not notice instead of going to the genuine one eg. faoebook.com instead of facebook.com.

5 Keep everything updated, most of your updates will be to patch security flaws that have been found, keeping everything that's installed up to date is a must.

6 Use good passwords. Something random using symbols, numbers, lower and upper case will improve your chances of someone guessing or brute forcing a password,with a minimum of 10 characters, it should look obscure like this one &7GliP~s#W397bVq^f (don't use this one). Never use the same password for different sites or apps.

7 Make use of two factor authentication, security is sometimes a trade off with convenience, take a little time to go though settings, and use a separate verification code that is sent to your phone as well as your strong password.

8 Don't use the same email for things you buy and your social sites/blogs. Don't use an obvious answer to your password reset question like your true maiden name, use a password type answer so it can't be guessed, the password reset scenario is a real security problem that users should be allowed to opt out of, the recent Skype password reset problem is a prime example.

9 Router security. Some makes of router only use a few select passwords, it's a good idea to change the router name/service set identifier (SSID) and password. Wi-Fi protected setup (WPS) is no longer safe and should be switched off and WPA/2 enabled. Unless you play online games, universal plug and play (UPnP) should also be switched off if you don't need to use it as this will open extra ports. search your router settings as each make varies on how to do this.

10 Some browser plug ins will be a good help, Firefox has a couple that I like, "No script", this stops scripts running until you physically allow them to. "Ghostery" is an eye opener, tracking you who is tracking you, also very configurable, allowing you to block whatever you choose to.

11 Use a user account that has no admin rights (no sudo) for everyday tasks, only use root user when needed such as installing software or updating.
removing admin/sudo rights will better protect against the exploitation of up to 90% of vulnerabilities in some cases.

For my Windows friends

Keep your antivirus up to date, a good free one is Microsoft's own Microsoft security essentials for "real time". download from here

Malewarebytes is quite effective as a stand alone scanner. download from here

Zonealarm is a good free firewall, although it doesn't seem to work on Windows 8 yet. works on W8 now with good results after a leak test. download from here

Also run the Microsoft built in scanner. select start, run then enter MRT in the box. this will run

the malicious removal tool.

Look out for extra unwanted installs in Windows programmes, extra software boxes are usually checked by default.


No comments:

Post a Comment

Router security part 3 (Quad9)

You know how DNS works from part 2, so now it how to change your DNS. my favourite 2 providers: 1 Open DNS family friendly. great fo...