Security on the net

• © by PsyCore 2005
• Revised: 2008
• Version 1.01.2008
• Reference operating system: Windows XP / Vista

1. General Security
2. Hardware protection
   1. Hardware firewalls
3. Software protection
   1. Personal firewall
   2. Antivirus programme
   3. Anti-spyware programmes
   4. Operating system update
4. Appendix

---

Generally speaking, security is not a basic condition of the PC. It is your own responsibility to make / keep your PC secure. Passwords, for example, should NEVER be stored as plain text on the hard drive. It is therefore better to use a password manager that can handle several encryption algorithms. I recommend AES (Advanced Encryption Standard) with 256-bit key length or Blowfish with 448-bit length.

Further information on Blowfish and AES:

• http://de.wikipedia.org/wiki/Blowfish
• http://de.wikipedia.org/wiki/Advanced_Encryption_Standard

DefCon-1 Password Manager:

http://www.hellhost.de/defcon1/cms/index.php?option=com_content&task=view&id=16&Itemid=32

It is also advisable to encrypt sensitive data using container software. A good freeware solution is truecrypt. Available at http://www.truecrypt.org/

In order to be able to deal with the topic of firewalls in the next section, I will first present general ports that should definitely be closed and those that must be opened or forwarded for special applications.

• the NetBIOS TCP port range 135-139 should be blocked
• DCOM TCP port 445 is also a major target for attacks
• for mIRC the following TCP ports should be open: 1024-1030, 6060
• for emule you can find the ports for forwarden on the homepage www.emule.net

Programmes that should generally be denied access to the Internet are

• c:\windows\system32\ftp.exe (it is best to carry out a complete search as this file may exist more than once)
• c:\windows\system32\rcp.exe (the same applies here)

• The guest account should be deactivated (Start/Control Panel/User Accounts)
• NetBIOS via TCP/IP should be deactivated (ATTENTION: If it is a Windows network, do not do this, as the connected PCs will then no longer be able to find each other, instructions are available on the net)
• Firewalls and anti-virus programmes should ALWAYS be switched on. A PC on which the firewall is only switched off for 5 minutes for testing purposes is potentially at risk

Hardware firewalls are available in different versions - I will introduce the most common variant:

“DSL routers normally take over the routing functionality and can block access from the Internet to the local network (port filter functionality). With the help of NAT, it is possible to operate several computers on one DSL modem. Such products usually do not include a content filter.” ¹⁾

“A personal firewall (PFW, also known as a desktop firewall) is software that filters the incoming and outgoing data traffic of a PC on the computer itself. This is intended to protect the computer, but its effect is controversial. While the newsgroup de.comp.security.firewall doubts the effectiveness of personal firewalls, the German Federal Office for Information Security (BSI) has listed the personal firewall as a recommended protective measure for Internet users.” ²⁾

A very good firewall from Comodo is available here (freeware).

http://www.netzwelt.de/software/4570-comodo-firewall-pro.html

“An antivirus programme (also known as a virus scanner or virus protection) is software that is designed to detect, block and, if necessary, eliminate known computer viruses, computer worms and Trojan horses.” ³⁾

Here you can rely on Avast Home Edition. A freeware solution with good results and low resource consumption.

http://www.avast.de/index.php/Downloads/Desktop-Losungen/

“Spyware is usually defined as software that sends the user's personal data to the manufacturer of the software (the so-called call home) or to third parties without the user's knowledge or consent. Spyware is often used to offer products free of charge.

In most cases, spyware programs are used to analyse surfing behaviour on the Internet in order to use this data commercially or to display targeted advertising banners or pop-ups tailored to the user's interests. The companies hope that this will increase the effectiveness of these advertising methods.

To avoid trouble with lawyers, many computer programs with anti-spyware functions label these software components as “potentially unwanted software” (PUS).

In contrast to viruses, spyware is also programmed by companies that commission entire development departments to programme spyware. This spyware therefore also has a very high technical level. For example, spyware protects itself against deletion by running several processes at the same time, which open a new one as soon as they finish and copy themselves. On the hard disk, for example, they withdraw the administrator's write and therefore delete authorisation, etc.

Another problem is that spyware can create additional security holes in a system, against which there are no software updates.” ⁴⁾

A freeware solution is available here:

http://www.safer-networking.org/de/spybotsd/index.html

Unfortunately, even the best security software is completely useless if you do not regularly update your operating system to the latest version. Updates are possible via http://update.microsoft.com possible.

A little more convenient (especially without sending the Windows XP key) is a script published by PC Welt (www.pc-welt.de). It is called pcwPatchLoader. The operation is quite simple.

Further sources of information:

http://www.bsi.de/