| |
02-16-2009, 12:02 PM
| ||||
| ||||
 Security 101-6: Layered Security That said, the USER presents the weak link regardless of how many layers are in place. Why? Because every time you click on a link to visit a page or open an email attachment, you have no idea what is actually received by your computer. [digg=http://www.tech-101.com/system-security/topic198.html][/digg] First recommendation for cable and dsl users is to always place a router between your modem and the system. This creates a NAT (Network Address Translation) LAYER to stop alll direct attacks from the Internet. Basically, your system can not be probed and unless you add port forwarding, none of the services on your system can be attacked. The addition of the router also enables SPI (Stateful Packet Inspection; when available on your router) to drop all out of protocol sequence packets (to protect your services from buffer overruns and other errors). A good host firewall is the second layer. The XP/Pro (SP2 or higher) has a default firewall which is (barely) better than nothing. It only controls inbound traffic which would allow a trojan keylogger to phone home with your bank user/password  Get a 3rd party firewall and it will control both in/outbound traffic  Comodo and Sunbelt are recommended. The third layer is access control (ie black and whitelist systems) to ensure you don't access known infected sites. ActiveX is controlled using Spywareblaster, and bad websites using a host file The fourth layer is your A/V product. Make sure you configure it to scan incoming email! The fifth layer is running day-2-day using an LUA account rather than an admin account. The reference also links to the Vista UAC implementation. If this userid gets compromised, it will not be a system wide contamination and the system will still be bootable regardless LASTLY: Stay off the online poker, p2p file sharing and porno sites; they are easily compromised [digg=http://www.tech-101.com/system-security/topic198.html][/digg] [edit] Next: mac-os-x/topic439.html Security 101 table of contents contributed by jobeard [last edit] May 15, 2009[/edit]
__________________ J. O. Beard; you + tech-101.com => synergism. Secure your system now Last edited by jobeard; 09-22-2009 at 08:36 PM. Reason: pgpBB migration        |
 |
| Tags |
| layered security, security 101 |
| Thread Tools | Search this Thread |
| Display Modes | |
| |
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Security 101 | jobeard | System Security | 1 | 04-25-2010 05:37 PM |
| another Forum re Web Security | jobeard | Tech-101 Chit Chat | 3 | 10-28-2009 06:28 PM |
| Layered Network Security | jobeard | Network Security | 0 | 02-28-2009 11:02 AM |
| Security 101-3c. IM, P2P Control | jobeard | Network Security | 0 | 01-06-2009 06:14 PM |
| Security 101-1b. Local Login Security | jobeard | System Security | 0 | 01-05-2009 05:44 PM |
Copyright © 2009 Tech-101.com. All rights reserved.
Linear Mode
