patmac
join:2007-01-10
| New To Broadband, Initial Security Question
Hi, I'm new to broadband ( converted from dial-up to VZ FiOS, thanks to all on the VZ FiOS forum for their help), and would like to know what I need in the way of security. The installation came with an Actiontec MI424WR router. I have AVG Pro, Spy-Bot Search and Destroy, Ad-Aware and SP2 on XP Home installed. I understand (am learning here) the router has a built-in firewall that offers some protection, as well as the Windows firewall in SP2. Are these plus, the above apps a good start, or is more needed? Thanks for your time.
patmac |
|
kim
Premium,MVM
join:2001-03-25
S. Ontario
 ·Cogeco Cable
1 edit | That looks like a decent start to me patmac  . Your Windows Firewall only provides one way protection though. I would advise you add a software firewall to your setup.
We are just about to start the Firewall Poll for 2007. You can look at 2006's Poll here:
»[Poll] What Firewall Do You Use? '06
--
Choose heaven for climate, hell for society. |
|
bluezanetti
Premium
join:2003-10-04
| reply to patmac
said by patmac :I understand (am learning here) the router has a built-in firewall that offers some protection, as well as the Windows firewall in SP2. Are these plus, the above apps a good start, or is more needed? Thanks for your time. No, you really don't need more than you already have. See Beginner in Security for recent additional comments.
Blue |
|
patmac
join:2007-01-10
| Thanks for the replies.
The underlying worry here is what the kids will do. The obvious concern is porn(we do monitor where they go), but some of the kid sites they go to for games etc, load a bunch of stuff, or try to. Also,I've seen some questionable links on reputable sites. I've been told to update from IE6 to IE7, then update my Java. I don't see Sun Java anywhere on my system(Dell Dimension 4550, about four years old), but Microsoft VM shows up under "Advanced" in IE tools. That's where the only mention of Java appears. Also, I saw mention in bluezanetti's link of being a "limited user", what's this? So I guess because of the kids I still do need another firewall, BoClean comes up alot here.
Again, thanks for your time,
patmac |
|
Hutch
My Throne is the Dunny
Premium
join:2000-10-14
Out House
1 edit | said by patmac : I've been told to update from IE6 to IE7, then update my Java. I don't see Sun Java anywhere on my system(Dell Dimension 4550, about four years old), but Microsoft VM shows up under "Advanced" in IE tools. That's where the only mention of Java appears. Also, I saw mention in bluezanetti's link of being a "limited user", what's this? So I guess because of the kids I still do need another firewall, BoClean comes up alot here. Again, thanks for your time, patmac You can download and install Sun Java From Here.
Heres some information on setting up User Accounts. And while over at Microsoft reading you may as well read How The Right User Account Can Help Your Computer Security. Hope this helps. |
|
La Luna
Surviving Ashraful
Premium
join:2001-07-12
Warwick, NY
clubs:
·Optimum Online
 ·Vonage
| reply to patmac
said by patmac :Thanks for the replies. The underlying worry here is what the kids will do. The obvious concern is porn(we do monitor where they go), but some of the kid sites they go to for games etc, load a bunch of stuff, or try to. Also,I've seen some questionable links on reputable sites. I've been told to update from IE6 to IE7, then update my Java. I don't see Sun Java anywhere on my system(Dell Dimension 4550, about four years old), but Microsoft VM shows up under "Advanced" in IE tools. That's where the only mention of Java appears. Also, I saw mention in bluezanetti's link of being a "limited user", what's this? So I guess because of the kids I still do need another firewall, BoClean comes up alot here. Again, thanks for your time, patmac BOClean is an excellent choice, and yes, with "kids" who are prone to doing silly things, you need a FW that will stop outbound connections also, just in case they inadvertently allow some nasty on your machine.
Only allowing them to run as limited users is a must.
--
~~Well, I think you're crazy, I think you're crazy, I think you're crazy, just like me...~~
|
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
 ·AT&T U-Verse
 ·AT&T Midwest
| reply to patmac
The underlying worry here is what the kids will do. Get into the habit of using a limited user account. Make sure that the Administrator account has a password (that may require booting into safe mode on XP-home). Do not give the kids admin access.
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 1.5.0.9 |
|
bluezanetti
Premium
join:2003-10-04
| reply to patmac
said by patmac :Thanks for the replies. The underlying worry here is what the kids will do. The obvious concern is porn(we do monitor where they go) For this specific concern, my personal preference is something along the lines of router based content filtering, for example a Zyxel ZyWall 2 Plus with Content Filtering Silver iCard (1 Year). It is not completely foolproof, but it's the most robust general solution I've found.
Blue |
|
Indy Sabre
Sabre Rider From Indianapolis
join:2003-10-02 | reply to patmac
I would recommend you add Spywareblaster, install it in your admin account and then enable all protection in each limited user account.
»home.insightbb.com/~h.sam/index.htm |
|
DownTheShore
Maddie Knows Poopie
Premium
join:2003-12-02
Beautiful NJ
clubs:
| reply to patmac
If you're using Spybot, make sure you use the Immunize function after every time you update it. Also, you might want to enable Spybot's Hosts file (it's located under the Spybot "Tools" menu). Others who use host files can probably give you more information about the benefits of using one.
In addition to my AV, FW & BOClean, I also use SuperANTISpyware and I have been very happy with it. You can find more info about it here.
--
Life is simply one damned thing after another. |
|
EGeezer
Go Bobcats
Premium
join:2002-08-04
Country!
·Callcentric
·RoadRunner Cable
·AT&T CallVantage
4 edits | reply to patmac
Security implementation - a process, not a product
As you can see, you're already getting disparate solutions and product recommendations. I guarantee that if you search this forum, you'll see more "you need this", "You don't need this" etc etc. that directly conflict with each other, as well as spats between posters on what's "best". To help you sort things out, my recommendation is to do some things you've already done, at least in part.
Determine your environment.
Who are your users?
How technical are they(include yourself too  )
What are their browsing habits
How "trustworthy" are they in terms of following safe surfing/computing?
Determine what's on your computer and what it's used for.
Do you do banking/financial online transactions?
Do you use financial software that has sensitive data associated with it?
Do you use it for a home business, or employer business? If so, check with your employer for possible requirements, suggestions or no-cost tools to which you may be licensed or required to use.
Do you use it for games, online collaborations of some kind? If so, consider what you may need to have them function and still maintain the security you need for other purposes.
Put your priorities in place.
Security
Functionality
Ease of use
Ease of configuration/administration
performance
cost (money and time)
A read through »Security »How to Secure (and Keep Secure) My (New) Computer(s): A Layered Approach: as well as the product preference polls at BBR will provide you with insight and narrow down your choices.
Wireless - If you have it, also consider wireless security. See »Wireless Security for an overview. Since wireless is basically putting an ethernet port to your network on the street, in your neighbor's home, in the car passing by or parked up the street, wireless security is advisable. Shutting off unauthorised access through that port is straight forward, but the specific steps depend on the wireless AP and wireless clients you have.
Portable devices
If you have PDAs, mobile phones or other portable devices that you connect to the system(s), research the security considerations for them. This is rarely mentioned, but with more such devices in use and the birth of exploits for them, it's worth considering.
Selection
From there, evaluate your now narrowed-down choices. Following the above study will have eliminated many. choices pick the utilities, tools(antivirus, antispyware, firewall, OS and browser choices and settings, processes and policies(rules of usage, access etc) based on your requirements and priorities.
My own observations and tools
One tool that you may find useful that isn't often mentioned is the Windows shared computer toolkit for XP. See »www.microsoft.com/downloads/deta···ylang=en
Personally, I use a router/firewall to protect the perimeter and PC based firewalls on each PCs.
The PC based firewalls provides protection from other PCs on the LAN should they become infected and try to spread malware on the LAN. It also provides outbound protection for new/altered applications on the PC.
The perimeter firewall provides offloading of perimeter packet inspection and filtering, and a second level of protection in case the software firewall crashes or shuts down during updates to it.
I also use current AV/AT/AS utilities and/or plugins, and user accounts that are appropriate for guests and normal non-admin usage. With the kids, the shared computer kit may be useful inasmuch as they won't have access to many administrative and configuration functions, and the PC can be "reset" if they screw it up. Alternatively, system restore can be used, but takes a bit more intervention on the administrator's part.
Browser and OS security settings, plugins etc on a per user profile and globally also play an important part of my security.
My usage and product update policies and practices are also valuable to me.
I have no kids or doofus users (credit to jvmorris for that term), so use System restore as my configuration restoration, as well as doing periodic critical data and system backups.
I have some system(s) that require more than average security, so those are secured differently.
Summary
The above process may look daunting, but once you start through it, you'll find it a time saving process that's the alternative to shooting at a security target you haven't identified. Note that I did not specify any specific third party brands. There are lots of good products and your choices will stand out once you've done your study.
HTH
EG
--
We are what we repeatedly do. Excellence, therefore, is not an act but a habit.
Aristotle |
|
AB
Premium
join:2006-04-04
Leesburg, VA
| reply to patmac
Re: New To Broadband, Initial Security Question
As far as Java, I'd recommend that after installing the Sun-Java version, you go into 'Set Program Access and Defaults' and un-check the MS VM box. Better to uninstall it altogether, but at least don't use it. It's no longer updated, and while security hot-shots can use it safely, normal users cannot. The Sun-Java machine is not exactly air-tight, but at least it gets updated regularly with bug and security fixes.
Speaking of which, no need for 'jsched.exe' (the updater) to be running, and you can un-check the 'Automatically Check for Updates' box in the Java control panel. The auto updater doesn't work.
You will, of course, want to visit the Java site occasionally to check for updated versions. |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL | The auto updater doesn't work. It has been working for me.
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 1.5.0.9 |
|
AB
Premium
join:2006-04-04
Leesburg, VA
| said by nwrickert :The auto updater doesn't work. It has been working for me. You know, I had heard the rumor that it was fixed nowadays. How about that?
Still, I personally see no need to run a service 24/7 that I only have use for once every couple of months or so. |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL | For me, it only runs when I am logged in as an Administrator. Since that's relatively infrequent, the occasional checking is about what is needed.
--
AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 1.5.0.9 |
|
Indy Sabre
Sabre Rider From Indianapolis
join:2003-10-02
| reply to patmac
You have already gotten a lot of good advice. One thing I didn't see mentioned was imaging. With imaging you can image your complete hard drive or OS partition so that if something messes you up you can restore to a previous (working) point in time.
Search for the Acronis TI 7 free offer in the software forum if you are interested learning more about it and trying it out. |
|
AB
Premium
join:2006-04-04
Leesburg, VA
| said by Indy Sabre :. . Search for the Acronis TI 7 free offer in the software forum if you are interested learning more about it and trying it out. I noticed howie posted something in the last day or two that indicated they're no longer making it available for free. Good things don't last forever, I guess. |
|
Mele20
Premium
join:2001-06-05
Hilo, HI
| reply to AB
MS JVM IS still being updated for security problems. There was a patch not long ago for it. It is not being updated in other respects though if that is that is what you meant. But security wise it is being kept up to date until Dec 31 2007 and can be safely used by anyone until that time. It is easier to use and works better than Sun Java. |
|
AB
Premium
join:2006-04-04
Leesburg, VA
| Correct you are. However:
"Customers are encouraged to take proactive measures to stay informed about obsolete software and move away from the MSJVM in a timely fashion.
Obsolete software, whether in the form of unsupported products, old service packs, or even expired certificates, is an issue every customer needs to be concerned with.
Customers are encouraged to stay informed about obsolete software and to transition from the MSJVM in a timely fashion."
»www.microsoft.com/mscorp/java/
Seems plain enough to me.
There are digitally coded music CD's available for me to purchase & listen to.
But I suppose I could always dig up an 8-track player & tapes, and listen to those, if that's what I wanted to do.
It isn't.  |
|
patmac
join:2007-01-10
| Wow, thanks for all the input. I've been working the last three days and have alot to digest here! Generically speaking, what should I attack first; Browser update/upgrade/change? Firewall? User Account settings? Java switch from MSVM to Sun?
Again, thanks for your valuable time,
patmac |
|
