Securing Your Home Computer..

• Use a good bi-directional firewall that will monitor all incoming and outgoing traffic and will alert you for access permission if such traffic is detected. It should also have the ability to hide your presence from intruders by completely blocking access to the ports that are used for the transfer of information. Select the highest security level for your Internet zone and set all programs to prompt you for access - even those you use frequently. When in doubt, deny access of a program until you know for sure its identity.



• Use a virus scanner (anti-virus), keep the virus data files current (check for updates at least once a week), enable the Heuristics feature (for detection of virus-like activity of yet-to-be discovered viruses), and set it to scan all downloads and e-mail attachments - before they are opened. Let it quarantine and destroy anything suspicious. If it has settings for scanning ActiveX Controls and Java Classes for potentially harmful content, use that too. For even greater protection and a wider range of configuration options, combine the use of a virus scanner with a trojan scanner.



• Use a good spyware scanner that can detect ANY files that may be a risk to you and your PC. A spyware scanner should be able to tell you a list of files that communicate with other sources, and when you see this, you can descriminate or remove the ones that you don't believe should be communicating outside or even inside your network.



• Disable File and Printer Sharing in your network settings if you are using a computer that is not connected to a Local Area Network (LAN). This will shut all NetBIOS ports - those which are used for the sharing of files.

• Block incoming and outgoing access to ports 135, 137-139, and 145 with your firewall. Setting your Internet Zone Security level to "high" should do this. (The "medium" default security setting only blocks incoming access to NetBIOS ports and you can manually change that to include outgoing, but remember - any setting lower than "high" is not recommended for use in the Internet Zone.)



• Manually remove the bindings from the TCP/IP network protocol. For those who need to make adjustments to network configurations and are unfamiliar with making changes to system settings, you should consult a friend or professional who has knowledge and experience in this area.



• Although it is not something that is difficult to learn, you do need a basic understanding of network adapters and protocols in order to correctly remove the appropriate bindings needed to manually disable NetBIOS over TCP/IP. Be aware that your LAN must use some other network protocol besides TCP/IP in order to access file shares. Other protocols are not installed by default if you are using Windows XP and most Linux distros, so you will need to make some adjustments. For XP users install NetBEUI. For Linux users it can be quite a challenge - it is best to consult your administration manual for the precedure specific to your distro. DO NOT REMOVE TCP/IP altogether - you will not be able to connect to the Internet without it!



• Be very careful when using any P2P (peer-to-peer) network service for sharing/swapping files across the Internet. Be sure you are not exposing any drive folder other than the one designated for access by these services, and keep your virus scanner active at all times. Even better, also use a third-party File & Folder Access Protection program to lock access to all other areas of your hard drive during the time you open the P2P connection for a file sharing session.



• Know your IP. If you know the IP address of your Internet connection (and the IP ranges used by your local network), you will recognize when an outsider is trying to break in.



• Use a registry guard to protect your registry, startup directories, and startup files from malicious programs. Incoming trojans can go undetected. They will place a specific set of instructions in the registry or other system files and will activate the next time you shutdown/restart your computer. A 'rearguard' will alert you before the damage is done. It is also a useful tool for alerting you of changes when installing new software. A very good spyware scanner will also most likely perform these functions with ease.



• Never allow a downloaded application or any downloaded executable content to launch on its own, and be especially careful of downloading files that end in exe, bat, vbs, and com.



• Disable file transfers in IM (instant messaging) programs, as this feature, if configured incorrectly, can enable the sharing of more than you intend. AIM, .NET Messenger, and others let you disable file transfers from the Preferences or Options menus. If someone wants to send you an image or file, use e-mail to verify that the request is legitimate.



• Never accept and run an "ActiveX Control" or "Java Class" unless it comes signed and from a trusted site. It is best to force your browser to prompt you for permission. If you are using Internet Explorer, these settings are located under Control Panel - Internet Options - Security - Internet , Custom Level. Mozilla, Opera, and Netscape users are prompted by default.



• Disable "Install on Demand" if you are using Internet Explorer so your browser will be forced to prompt you if additional components are needed in order to display certain content. This setting is located under Control Panel - Internet Options - Advanced.



• Do NOT enable JavaScript for e-mail or e-mail attachments. While JavaScript may be fine for Internet browsing, it can be dangerous when enabled for e-mail. See JavaScript Info for more details and How to disable JavaScript in e-mail programs for step-by-step instructions.



• Disable HTML for e-mail or choose to view all messages as plain text if your e-mail client has such options - the better ones do; or use an e-mail content filter for Web Bugs and embedded content originating from a server other than the one belonging to the sender of the e-mail. Today's cleverly-coded e-mail worms can execute just by viewing HTML-formatted e-mail.



• Never allow your e-mail client to "View Attachment Inline" ...unless you are sure it arrived from a trusted sender.

Never open e-mail attachments from strangers. Period.

• ***This may even include those you you know, as they may be accidentally forwarding something on to you that is malicious in intent.



• Use encryption software for sending your most private e-mail messages. If you don't, keep in mind that what you are sending is the equivalent of a postcard. Also remember that encryption is for the message body only - it does not hide the subject line.



• Don't use e-mail to send confidential information such as credit card numbers or your Social Security number. Even if you use encryption, you cannot be certain that the recipient will protect this information once it is delivered and decrypted. It will only be as secure as the recipient and the recipient's system.



• Keep your OS and browser up-to-date, in addition to any service or application that has access to the Internet. Apply updates and patches as they are released. **Sometimes, going AGAINST the grain, or not following mainstream is a very good idea....being a minority WILL make you less vulnerable.



• Learn to identify which system services and applications are known to compromise security and do not allow them to have open access to the Internet. When in doubt, set everything to prompt you for permission.



• Be sure your browser is SSL-capable (Secure Socket Layer) and the encryption strength, or cypher strength, is not less than 128-bit.

Never submit a secure form on an insecure server.

• Avoid using easily recognizable passwords such as the names of family members or pets, birthdays, or anniversaries. Make them as cryptic as possible; and if you must write them down, do not store them on your computer or any other place where someone may have access to them. If you must use your browser's password manager, never use it to store important passwords such as those used for banking. Our advice would be to never use any password memory program.