Introduction
How can you protect yourself?

This section recommends the following practices to home users

Use strong passwords

Passwords are often the only protection used on a system. A user ID is only a name and does not verify identification, but the password associated with the user ID works as an identifier. Therefore, passwords are the keys to your network, and you should protect them as such. Firewalls and intrusion detection systems mean nothing if your passwords are compromised.

A strong password is one that cannot be found in any dictionary – English or foreign. It also means a password that is not easily guessed. Longer passwords are harder to guess or crack than short passwords are.

Following is a list that can be used to set strong passwords:

Root and administrative level passwords are the keys to the kingdom for an intruder. System administrators with root privileges – that is, with no access restrictions and the ability to make any sort of changes – should therefore have the hardest passwords and the most stringent rules about changing and reusing them. It is recommended to follow these guidelines:

Likewise, if a general user suspects that a password has been stolen or compromised, that user should change the password immediately and notify those in authority at the company.

Always use virus protection software

Anti-virus software is not always 100 percent effective but it is better than no protection at all. Most common viruses are not obvious to the user, so if a user does not have any antivirus, he probably does not know that his computer is infected.

Anti-virus software consists of two parts: the scanning engine and the signature files. It is necessary to regularly update both the scanning engine and the signature files on a regular basis or the anti-virus software will lose its effectiveness. The software program usually has an update command, or can be checked at the vendor's Web site for updates.

The scanning engine tells the software how and where to scan, and the signature files are essentially a database of known viruses and their actions. The scanning engine compares files on your computer to the known viruses in the signature files. The signature file contains the patterns of known viruses. Anti-virus software is prone to false positives, but that is a small inconvenience for the protection it affords you.

When new viruses are found, anti-virus software vendors issue updates to their signature files to include the new strain. Occasionally, the scanning engine itself needs updating, too. If one part of the program is updated and the other part is obsolete, it will simply not work properly.

In order to achieve maximum protection, it is necessary to install the anti-virus software on individual workstations as well as on all the servers and other computers on the network. That is the only way to detect viruses at all entry points. All removable media, such as USB pen drives, CDs, ... should be scanned before used on a system. If the anti-virus software is installed on the Internet gateway servers, the software can catch viruses coming in from outside connections.

Always change default configurations

Installing a system right out of the box and leaving it with the default configuration is probably one of the most common mistakes that people make when setting up a network. Default configurations often have default administrative accounts and passwords that hackers the world over know. This applies to routers, hubs, switches, operating systems, e-mail systems, and other server applications, such as databases and Web servers.

In addition to having known passwords on computers, default configurations contain multiple security holes that should be patched. Before putting any computer online, the default account names and the passwords should be changed and all security patches should be applied. A little bit more time spent on a computer at this point can save a lot of grief later.

Figure 3 shows an example of default passwords in some routers.

Fig. 3 – Example of default router passwords

Use a firewall

The use of some type of firewall product is strongly recommended. Intruders are constantly scanning home user systems for known vulnerabilities. Network firewalls (whether software or hardware-based) can provide some degree of protection against these attacks. However, no firewall can detect or stop all attacks, so it is not sufficient to install a firewall and then ignore all other security measures.

Do not open unknown email attachments

Before opening any email attachments, you must make sure you know the source of the data. It is not enough that the mail originated from a recognized address. The Melissa virus spread precisely because it originated from a familiar address. Malicious code might be distributed in amusing or enticing programs.

When opening an attached file, it is important to observe the following procedure:

  1. make sure the virus definitions are up-to-date
  2. save the file on the hard disk
  3. scan the file using an antivirus software
  4. open the file

For additional protection, you can disconnect your computer's network connection before opening the file.

Following these steps will reduce, but not wholly eliminate, the chance that any malicious code contained in the attachment might spread from your computer to others.

Do not run programs of unknown origin

Never run a program unless you know it to be authored by a person or company that you trust. Also, do not send programs of unknown origin to friends or coworkers simply because they are fun – they may contain a Trojan horse program.

Keep all applications, including the operating system, patched

Vendors usually release patches for their software when a vulnerability has been discovered. Most product documentation offers a method to get updates and patches.

Some applications will automatically check for available updates, otherwise it is absolutely necessary to check periodically for updates.

Turn off your computer or disconnect from the network when not in use

Turn off your computer or disconnect its network interface when you are not using it. An intruder cannot attack your computer if it is powered off or otherwise completely disconnected from the network.

Make regular backups of critical data and create boot disk

Keep a copy of important files on removable media. Use software backup tools if available, and store the backup disks somewhere away from the computer. Moreover, to assist in the recovery from a security breach or hard disk failure, it is very convenient to create a boot disk on a CD that will help when recovering a computer after such an event has occurred. Obviously, this CD should be created before you have a security event.