Practice Safe Surfing - My Humble Tips
Use a router
A plain of the shelf (under $50) router with built-in firewall will do. If not all, most wired or wireless routers have built-in NAT technology and firewalling, so it's a good hardware boxed solution, not software installed on a PC that's prone to lose autonomy.
Change the password to access the router. If it's a wireless router, use WPA2 and use a very large passphrase (change it every few weeks).
On your (wireless) router:
- Change the password to access the router
- Disable DHCP
- Disable SSID broadcast
- Use WPA2 and use a large passphrase (change it every few weeks)
- Set each of your computers to a static IP address
- Enter and allow only the minimum static IP addresses of each of your computers
- Enter and enable only the MAC addresses of each of your computers
- Disable remote administration on the router
On your computers:
- Set each of your computers to a static IP address.
If you follow all of these precautions (each step contributes to overall security, especially point 4 (use a large passphrase!)), even seasoned hackers won't break through into your wireless network.
SSID broadcast suppression and MAC filtering add no security to a wireless network (both are trivially bypassed by anyone with any knowledge) but the tools are there, so why not use them. Even if it's only effective against "drive-by interception" of your bandwidth.
For a unique large passphrase go here:
Use Windows Firewall instead of installing a third-party personal firewall
For the average homeuser, the Windows Firewall in XP and Vista does a fantastic job at its core mission and is really all you need. The windows firewall deals with inbound protection and therefore does not give you a false sense of security. Best of all, it doesn't implement lots of nonsense like pretending that outbound traffic needs to be monitored.
A third-party personal firewall is no substitute for solid security policy (realize that if malware is trying to make a connection to the Internet and your PF informs you of the fact, it’s already too late). The four-layer defense of the router, Windows Firewall, and antivirus and antispyware tools make your computer reasonably secure for routine use.
Harden the system - disable unneeded services
Read the tutorial on "Configuring NT-services much more secure" so you don't offer unnecessary services, or use Seconfig XP, a free tool to close most exploited Windows security holes.
Leave UAC enabled, run as a user (not administrator)
You should leave User Account Control (UAC) enabled because it helps protect you from spyware and viruses. You will also lose all the security benefits if you turn it off. Why you shouldn't run as administrator: when you are an admin, every program you run has unlimited access to your computer. If malicious or other undesirable code finds its way to one of those programs, it also gains unlimited access.
Install software you trust
Don't fall for bogus antivirus downloads!
Always keep OS and software patched and updated at all times
The majority of computers that are compromised are done so through the exploitation of a security vulnerability that could have been eliminated with an already released security patch. Almost every major worm or virus outbreak could have been prevented had users applied security patches. The easiest way to do this is to check the software vendor or developer's website on a regular basis or use tools to do it for you.
Use Firefox instead of Internet Explorer
Consider using Mozilla Firefox instead of Internet Explorer because Firefox is much less susceptible to spyware than Internet Explorer. Firefox for one does not natively support ActiveX, a mechanism many spyware and adware programs use to infect a browser, and it's open-source which allows for security holes being patched faster. If you don't like Firefox, try K-Meleon or Opera.
Protect yourself against phishing sites and fraudulent web content with OpenDNS
When you try to load a phishing web site, OpenDNS blocks the site for you and notify you of the site's malicious intent. OpenDNS takes the guesswork out of identifying fraudulent sites.
Protect yourself against web exploits etc. with NoScript
This Firefox add-on will protect you against XSS and Clickjacking attacks.
Install a respectable anti-virus, and keep it up to date
Any respectable antivirus product from a trustworthy source will do (Bitdefender, F-Secure, Kaspersky, Microsoft Security Essentials, NOD32, Sophos etc.), just keep away from rogue security software and fake antivirus products.
Consider using alternative e-mail software
Instead of Outlook Express or Windows Mail, install an e-mail program which works text-only. Or at least one that does not permit running of active contents and loading linked pictures and other resources from the Internet. These more secure, fine products may be may be worth a consideration:
Scan your PC once a week with anti-malware
Again, don't fall for bogus antivirus or antimalware downloads. Below are a few respectable products that can do the job and they are all free.
Clean up once a week with CCleaner
CCleaner is a free system optimization, privacy and cleaning tool. It removes unused files from your system and it cleans traces of your online activities such as your Internet history.
Take care and use common sense
There's probably no need to explain the obvious again, but for those who are relatively unfamiliar or new to the online world and its dangers, I'd suggest to:
- Never open email attachments even if they're from someone you know
- Never send messages back, reply or use the "unsubscribe" feature of spam emails
- Pay attention to files with multiple extensions
- Keep your system up-to-date
- Regularly back-up your data