A lot of this is Windows-only, but the concepts are broadly applicable to all platforms.
A couple of points that needs to be clarified. When he's talking about using an antivirus program such as Norton, there is a problem. Lots of computers today come with Norton or McAfee AV, the problem is that these are limited 90-day trial editions. Most people don't buy the full editions when that trial period expires, and then the program stops updating. At that point your system is wide-open. There was a recent thread on Slashdot asking what was the worst computer cleanup that you'd ever experienced, more than one person replied that it was on new computers where people had failed to renew their AV.
And that's why I suggest using AVG Free. First off, it's free. Zero cost. Second, it updates daily. So you have pretty good protection against brand-new viruses.
I shall include other notes as italicized comments after Mitnick's points.
http://www.wired.com/news/technology/0,72116-0.html
Protecting yourself is very challenging in the hostile environment of the internet. Imagine a global environment where an unscrupulous person from the other side of the planet can probe your computer for weaknesses, and exploit them to gain access to your most sensitive secrets.
They can even use your computer to store data like stolen credit-card numbers or child pornography, or to attack another innocent home user or business from your system.
Here's my Top 10 list of steps you should take to protect your information and your computing resources from the bad boys and girls of cyberspace.
* Back up everything! You are not invulnerable. Catastrophic data loss can happen to you -- one worm or Trojan is all it takes. (Buy yourself a DVD burner and just copy files onto DVD+R media. Go ahead and buy a dual-layer burner as they're pretty cheap, but don't bother with dual-layer media as the cost-per-megabyte just isn't worth it compared to single-layer media.)
* Choose passwords that are reasonably hard to guess -- don't just append a few numbers to a no-brainer. Always change default passwords. (I cannot emphasize the latter point strongly enough.)
* Use an antivirus product like AVG or Norton, and set it to update daily. (See introductory notes.)
* Update your OS religiously and be vigilant in applying all security patches released by the software manufacturer.
* Avoid hacker-bait apps like Internet Explorer and disable automatic scripting on your e-mail client. (Also, DO NOT install third-party tool bars! They are rife with malware packages. If you must have a third-party tool bar for your browser, use Yahoo's or Google's, shun all others. And you'll have fewer vulnerabilities using the Firefox browser anyway.)
* Use encryption software like PGP (pretty good privacy) when sending sensitive e-mail. You can also use it to protect your entire hard drive.
* Install a spyware detection app -- or even several. Programs that can be set to run frequently, like SpyCop, are ideal. (I highly recommend Spybot S&D which has recently added a lot of support for worms and trojans. They also include a program called Tea Timer which prevents changes to your registery unless you allow them. Best of all: it's free.)
* Use a personal firewall. Configure it to prevent other computers, networks and sites from connecting to you, and specify which programs are allowed to connect to the net automatically. (I recommend Zone Alarm Pro. A free version is available at their site, but I'd say go for the Pro.)
* Disable any system services you're not using, especially apps that could give others remote access to your computer (like Remote Desktop, RealVNC and NetBIOS). (This is tricky, there are a lot of services running and it's possible to disable important things. Maybe I'll address this in more detail later.)
* Secure your wireless networks. At home, enable WPA (Wi-Fi protected access) with a password of at least 20 characters. Configure your laptop to connect in Infrastructure mode only, and don't add networks unless they use WPA. (A few things to do with your wireless. First, change the default SSID. Second, change your administrator password. Third, configure your SSID to not broadcast, that way only people to whom you tell your SSID can connect to your wireless. WPA is the best security readily available for wireless at this time, adding MAC filtering is a good enhancement. The problem with MAC filtering is that if "Bob" comes over and needs to use your wireless, you have to modify your router's security to add his address, a bit of a PITB.)
A couple of points that needs to be clarified. When he's talking about using an antivirus program such as Norton, there is a problem. Lots of computers today come with Norton or McAfee AV, the problem is that these are limited 90-day trial editions. Most people don't buy the full editions when that trial period expires, and then the program stops updating. At that point your system is wide-open. There was a recent thread on Slashdot asking what was the worst computer cleanup that you'd ever experienced, more than one person replied that it was on new computers where people had failed to renew their AV.
And that's why I suggest using AVG Free. First off, it's free. Zero cost. Second, it updates daily. So you have pretty good protection against brand-new viruses.
I shall include other notes as italicized comments after Mitnick's points.
http://www.wired.com/news/technology/0,72116-0.html
Protecting yourself is very challenging in the hostile environment of the internet. Imagine a global environment where an unscrupulous person from the other side of the planet can probe your computer for weaknesses, and exploit them to gain access to your most sensitive secrets.
They can even use your computer to store data like stolen credit-card numbers or child pornography, or to attack another innocent home user or business from your system.
Here's my Top 10 list of steps you should take to protect your information and your computing resources from the bad boys and girls of cyberspace.
* Back up everything! You are not invulnerable. Catastrophic data loss can happen to you -- one worm or Trojan is all it takes. (Buy yourself a DVD burner and just copy files onto DVD+R media. Go ahead and buy a dual-layer burner as they're pretty cheap, but don't bother with dual-layer media as the cost-per-megabyte just isn't worth it compared to single-layer media.)
* Choose passwords that are reasonably hard to guess -- don't just append a few numbers to a no-brainer. Always change default passwords. (I cannot emphasize the latter point strongly enough.)
* Use an antivirus product like AVG or Norton, and set it to update daily. (See introductory notes.)
* Update your OS religiously and be vigilant in applying all security patches released by the software manufacturer.
* Avoid hacker-bait apps like Internet Explorer and disable automatic scripting on your e-mail client. (Also, DO NOT install third-party tool bars! They are rife with malware packages. If you must have a third-party tool bar for your browser, use Yahoo's or Google's, shun all others. And you'll have fewer vulnerabilities using the Firefox browser anyway.)
* Use encryption software like PGP (pretty good privacy) when sending sensitive e-mail. You can also use it to protect your entire hard drive.
* Install a spyware detection app -- or even several. Programs that can be set to run frequently, like SpyCop, are ideal. (I highly recommend Spybot S&D which has recently added a lot of support for worms and trojans. They also include a program called Tea Timer which prevents changes to your registery unless you allow them. Best of all: it's free.)
* Use a personal firewall. Configure it to prevent other computers, networks and sites from connecting to you, and specify which programs are allowed to connect to the net automatically. (I recommend Zone Alarm Pro. A free version is available at their site, but I'd say go for the Pro.)
* Disable any system services you're not using, especially apps that could give others remote access to your computer (like Remote Desktop, RealVNC and NetBIOS). (This is tricky, there are a lot of services running and it's possible to disable important things. Maybe I'll address this in more detail later.)
* Secure your wireless networks. At home, enable WPA (Wi-Fi protected access) with a password of at least 20 characters. Configure your laptop to connect in Infrastructure mode only, and don't add networks unless they use WPA. (A few things to do with your wireless. First, change the default SSID. Second, change your administrator password. Third, configure your SSID to not broadcast, that way only people to whom you tell your SSID can connect to your wireless. WPA is the best security readily available for wireless at this time, adding MAC filtering is a good enhancement. The problem with MAC filtering is that if "Bob" comes over and needs to use your wireless, you have to modify your router's security to add his address, a bit of a PITB.)