Jump to content

How Do You Secure Your Home Pc?


Guest Deleted_Account

Recommended Posts

Information leakage is everywere, it's almost impossible to avoid it.

The best I can do is to centralize all the confidential data in a very secure host (linux based of course) and use 2 other spare xp PCs for gaming, non-critical web browsing etc etc... (I don't mind if I get viruses on those 2 PCs)

Keepassx database stores all the passwords and an encrypted truecrypt volume store the personal data. One single master password unlocks the keepassx db and in turn all the other stuff. Every now and then I print on paper the keepassx password db in base64.

Bad luck for who tries to steal your database, sure it will take them a very long time to crack the security.

So keeping you personal information locked down and centralized is not a bad idea.

Link to comment
Share on other sites

  • Replies 63
  • Created
  • Last Reply

Top Posters In This Topic

Darren did a segment back then on Untangle and to be honest, I kinda liked it a lot, and seems to provide a lot more features than any other linux based firewalls.

It's a resource hog

/thread jack

I just run Linux so I don't have to worry about anything, lol

Link to comment
Share on other sites

Guest Deleted_Account
It's a resource hog

/thread jack

I just run Linux so I don't have to worry about anything, lol

Well that's not true at all. Even though Linux is inheriently more secure then windows and even though 89% of exploits can only work on the same LAN and even though the ones that can be used over the internet are around 11% and most exploits not being critical (14%), there are allot of things to be worried about none the less. Chances are you wont be attacked but there is a chance. There is always a chance. As for Linux Use UFW or another firewall and you should be fine (Stealth all ports) or even deal with ip tables yourself and install ClamAV. Of course I am supposing you already did/do this, but none-the-less any OS without A/V and/or FireWall is vulnerable regardless of wheither its Linux/OSX/Windows/Unix/BSD/Etc.

Link to comment
Share on other sites

  • 1 year later...

On my linux systems (these are just home machines):

-disable ssh to prevent brute force attacks

-disable remote desktop

-enable ufw

-use a strong root password and don't use the root account

-enable automatic security updates

On my windows systems which I manage for myself and family:

-microsoft security essentials to proactively block malware

-malwarebytes for on demand scanning

-windows firewall

-automatic windows updates & manual checks

-prey in case of theft

-every now and then run ninite to auto update flash/java/browser

Router:

-strong admin password

-WPA or better encryption which a non dictionary key

-hardware firewall enabled

Link to comment
Share on other sites

Windows: TrueCrypt with Hidden OS option, various containers for different stuff. DefenseWall, Sandboxie, KeePass, LastPass.

Alternate on other boxes, Comodo in Proactive Security mode, or Online Armor with Avast! 6.

Linux: Sacrificial Windows OS that logs on automatically. Behind that, Ubuntu 11.10 on encrypted LVM. /boot on a an SD Card (anti Evil Maid). SD Card in wallet when not in use. Hardened with some tutorials from essayboard.com (Installment 2) GUFW for the firewall. ClamAV, rkhunter, and chkroot. Thinking about trying out Avast! for Linux.

I'm new to Linux.

PD

Link to comment
Share on other sites

1) The best computer security approach would be, maintaining everything up to date. (software, OS, antivirus)

2) Don't surf unsafe websites, and don't open attachments coming from unknown/untrusted sources.

3) Let be honest, Windows 7 is by far one of the best OS Microsoft has ever designed to date. Windows 7 is NOT the perfect OS but it's much more secure than its predecessors and if you are still using XP, do yourself a favor ditch it, and install Windows 7.

4) DO NOT log in as administrator, log in using a non-privileged account or an account with limited access to system resources.

5) Install and maintain your antivirus up to date.

6) I would limit the installation of any third party software, to reduce the chances of exploits or virus infections. Instead use a VM and create a snapshot of it and always revert back when finished using it.

7) Maintain a good password policy, change it once a month if you can and use a password manager such as KeePass to keep it secure and locked away.

8) Use complex and log passwords and DO NOT disclose them to anyone, as well as DO NOT use the same password for every account or website you use.

9) When logging into Banking websites, use Avast SafeZone, to isolate your web browser from the system itself. Very handy, if your system is infected with a Keylogger or Trojan keylogger

10) Install a network IPS and IDS

11) Do not respond to emails, that asks for personal information updating. Get rid of it and block the sender.

12) Install Device lock, to prevent casual users from stealing your information, when away from your computer.

13) Encrypt your entire hard drive with TrueCrypt, and make use of Hidden containers.

Link to comment
Share on other sites

I recently did this tutorial to harden an Ubuntu machine. I found it to be impractical for everyday use, and like previous poster said mostly targeted towards protection from inside the LAN. http://ubuntuforums.org/showthread.php?t=1002167

It's hard to protect against human naiveness though, because even after hardening a machine to the max they're still vulnerable to things like java based attacks, .pdf, .doc type social engineering attacks. There are also several other factors out of control that are difficult if not impossible to protect against (like if the DNS server at your ISP is compromised, or ARP/MITM attacks on the WAN, or a million other things).

Link to comment
Share on other sites

I recently did this tutorial to harden an Ubuntu machine. I found it to be impractical for everyday use, and like previous poster said mostly targeted towards protection from inside the LAN. http://ubuntuforums.org/showthread.php?t=1002167

It's hard to protect against human naiveness though, because even after hardening a machine to the max they're still vulnerable to things like java based attacks, .pdf, .doc type social engineering attacks. There are also several other factors out of control that are difficult if not impossible to protect against (like if the DNS server at your ISP is compromised, or ARP/MITM attacks on the WAN, or a million other things).

DNS servers have always been vulnerable and very difficult to protect against spoofing attacks, but now there is a solution for it, DNSSEC. On the other hand, DynDNS has released an utility that, protects its end users against MITM attacks performed on DNS, by encrypting all DNS queries.

Also its not hard to protect against MITM attacks, with the proper hardware and software any network administrator can harden the security of the network. But lack of budget and training can sometimes impede these changes from happening.

Link to comment
Share on other sites

  • 2 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...