EGeezer
Summertime -
Premium
join:2002-08-04
Country!
 ·Callcentric
 ·RoadRunner Cable
·AT&T CallVantage
4 edits | reply to patmac
Security implementation - a process, not a product
As you can see, you're already getting disparate solutions and product recommendations. I guarantee that if you search this forum, you'll see more "you need this", "You don't need this" etc etc. that directly conflict with each other, as well as spats between posters on what's "best". To help you sort things out, my recommendation is to do some things you've already done, at least in part.
Determine your environment.
Who are your users?
How technical are they(include yourself too  )
What are their browsing habits
How "trustworthy" are they in terms of following safe surfing/computing?
Determine what's on your computer and what it's used for.
Do you do banking/financial online transactions?
Do you use financial software that has sensitive data associated with it?
Do you use it for a home business, or employer business? If so, check with your employer for possible requirements, suggestions or no-cost tools to which you may be licensed or required to use.
Do you use it for games, online collaborations of some kind? If so, consider what you may need to have them function and still maintain the security you need for other purposes.
Put your priorities in place.
Security
Functionality
Ease of use
Ease of configuration/administration
performance
cost (money and time)
A read through »Security »How to Secure (and Keep Secure) My (New) Computer(s): A Layered Approach: as well as the product preference polls at BBR will provide you with insight and narrow down your choices.
Wireless - If you have it, also consider wireless security. See »Wireless Security for an overview. Since wireless is basically putting an ethernet port to your network on the street, in your neighbor's home, in the car passing by or parked up the street, wireless security is advisable. Shutting off unauthorised access through that port is straight forward, but the specific steps depend on the wireless AP and wireless clients you have.
Portable devices
If you have PDAs, mobile phones or other portable devices that you connect to the system(s), research the security considerations for them. This is rarely mentioned, but with more such devices in use and the birth of exploits for them, it's worth considering.
Selection
From there, evaluate your now narrowed-down choices. Following the above study will have eliminated many. choices pick the utilities, tools(antivirus, antispyware, firewall, OS and browser choices and settings, processes and policies(rules of usage, access etc) based on your requirements and priorities.
My own observations and tools
One tool that you may find useful that isn't often mentioned is the Windows shared computer toolkit for XP. See »www.microsoft.com/downloads/deta···ylang=en
Personally, I use a router/firewall to protect the perimeter and PC based firewalls on each PCs.
The PC based firewalls provides protection from other PCs on the LAN should they become infected and try to spread malware on the LAN. It also provides outbound protection for new/altered applications on the PC.
The perimeter firewall provides offloading of perimeter packet inspection and filtering, and a second level of protection in case the software firewall crashes or shuts down during updates to it.
I also use current AV/AT/AS utilities and/or plugins, and user accounts that are appropriate for guests and normal non-admin usage. With the kids, the shared computer kit may be useful inasmuch as they won't have access to many administrative and configuration functions, and the PC can be "reset" if they screw it up. Alternatively, system restore can be used, but takes a bit more intervention on the administrator's part.
Browser and OS security settings, plugins etc on a per user profile and globally also play an important part of my security.
My usage and product update policies and practices are also valuable to me.
I have no kids or doofus users (credit to jvmorris  for that term), so use System restore as my configuration restoration, as well as doing periodic critical data and system backups.
I have some system(s) that require more than average security, so those are secured differently.
Summary
The above process may look daunting, but once you start through it, you'll find it a time saving process that's the alternative to shooting at a security target you haven't identified. Note that I did not specify any specific third party brands. There are lots of good products and your choices will stand out once you've done your study.
HTH
EG
--
We are what we repeatedly do. Excellence, therefore, is not an act but a habit.
Aristotle |
