Tips for a Safe Personal Computing
This article I got it years ago in my post and I have decided to publish it:
I am often asked what can the average Internet user to improve their security. My first response is usually: "Nothing, it is very bad."
But that's not true, and the reality is more complex. It's got very badly if it does nothing to protect themselves, but there are many things that can be done to improve its online security.
General:
Turn off your computer when not in use, especially if you have a permanent connection to the Internet.
Security on laptops:
Keep your laptop with you whenever you get home, treat it as if it were your wallet or your purse. Remove your portable data files regularly unnecessary. The same goes for PDAs. People tend to store more personal data, including passwords and PINs in their PDAs in their laptops.
Backups:
Let them regularly, either on disc, tape or CD-ROM. There is much that can not defend themselves, a recent backup at least lets you recover from the attack. Store at least one set of backups away from your computer (a safe is a good place) and at least one game with the team. Do not forget to destroy the old copies. The best way to destroy CD-Rs is put in a microwave at full power for five seconds. You can also split in half or cut them to pieces.
OS:
If possible, do not use Microsoft Windows. Buy a Macintosh or use Linux. If you must use Windows, turn on automatic updates to receive security patches automatically. And delete the files "command.com" and "cmd.exe."
Applications:
Limit the number of applications on your computer. If you do not need, do not install it. If you will not need more, uninstall it. Try any of the office suites of free alternatives to Microsoft Office. Regularly check the availability of updates for the applications you use and install. Keeping your applications patched is important, but do not lose sleep on this.
Navigation:
Do not use Microsoft Internet Explorer. Period. Limit the use of cookies and applets to those few sites that will provide services you need. Set your browser to regularly delete cookies. Do not assume that without a website is who they say they are, unless you have typed the address yourself. Make sure the address bar shows the exact address, not something more or less similar.
Website:
SSL encryption provides no assurance that trade is reliable or that their customer data base is secure.
Piénseselo twice before to make arrangements with a website. Limit the amount of personal and financial data to provide not give any information unless they see some value in that. If you do not want to give personal information, lie. Never point to receive marketing information. If the website allows the option of not store your information for later use, check. Use a credit card for their online purchases, not a debit card.
Passwords:
You can not memorize good passwords, so no bother. For high-security sites, such as banks, create long random passwords and apúnteselas. Save them as save their money, for example, metals in their portfolio, and so on.
Never reuse a password for something important (it is okay to have a single password for low-security sites, such as access to the archives of a newspaper). Assume that all PINs can be easily broken and plan accordingly.
Never type a password important, such as a bank account in an unencrypted Web page with SSL. If your bank allows you to do that, quéjese. And when you say that there is no problem with this, not creating them: they are wrong.
E-mail:
Turn off HTML mail. Do not automatically assume that any e-mail comes from putting in his field for the sender.
Delete spam without reading it. Do not open messages with file attachments unless you know what they contain; bórrelos immediately. Do not open cartoons, videos and similar files such as "good to throw some laughs" that well-send friends; again, delete it immediately.
Never click on e-mail unless you are sure, in its place, copy and paste the link in your browser. Do not use Outlook or Outlook Express. If you must use Microsoft Office active protection against macro viruses in Office 2000 set the security level to "high" and not rely on any files you receive, unless you require. If you use Windows, disable the option "not to display file extensions for known file types"; allows masking Trojans as other files. Uninstall Windows Scripting Host if you can manage without him. If you can not, at least change the file associations, so that script files are not automatically sent to the Scripting Host if you double-click on them.
Antivirus and antispyware programs:
Use them, either in combination or as two independent programs. Download and install the updates at least once a week and always to be aware of new virus by the news. Some antivirus automatically check if there are updates. Turn this feature and put a "daily basis".
Firewall:
Spent 50 euros on a firewall with NAT, is very likely to work well enough in its default configuration. In his laptop using personal firewall software. If you can hide your IP address. There is no reason to allow connections to anyone.
Encryption:
Install a cryptor mail and files (such as PGP). Encrypt all your mail or your entire hard disk is very unrealistic, but some are too sensitive messages to be sent in clear. Similarly, some files from your hard drive are too sensitive to leave unencrypted.
--
None of the steps I have described are bomb-proof. If the secret police was interested in your data or your communications, no measure of this list will stop them. But all these precautions are good preventive measures and ensure that your computer is a more complicated than the neighbor's computer. And even if you only takes a few basic steps, it is very unlikely to have problems.
I can not avoid having to use Microsoft Windows and Office, but I use Opera for browsing and Eudora for e-mail. I use Windows Update to get the patches automatically install other patches when I learn that there are. My antivirus is updated regularly. I keep my computer relatively clean and delete applications that do not need. I am diligent about making backups of my data and put away my connection to the data files you no longer need.
I am distrustful until grazing the paranoia about mail attachments and websites. I delete cookies and spyware. I look at the URL to make sure I know where I am and I do not trust unsolicited emails. I do not worry too much of the passwords unsafe, but I try to have good passwords for those accounts with the money. I do not use online banking yet. My firewall is not configured to allow any connection. And turn off the computer when not in use.
That's it, basically. In fact, it is not so difficult. The most expensive is on to develop some intuition about the e-mail and websites. But only requires experience.
Via | Bruce Schneier
Popularity: 1% [?]
Trackback URI | Comments RSS
