|
Security
at home and in the work place is ever a rising concern.
Now that Internet connections are on 24/7 and the bandwidth is increased
brute forcing, port scanning, and other techniques that used to be only the fear
of Big Business are the concerns of the IRC
Flamers, Heroes of Ever Quest, and the unlucky neighbor to the wannabe
hacker.
This
Guide has all the answers you need to Lock down, tighten up, and keep the
vagabonds out.
Ensure that you have
disabled the guest account
'Guest'
accounts allow anonymous access to a machine.
Leaving it available means that any one can quickly log on to your
machine or use services you might not know are even turned on.(telnet, RAS etc.)
You can disable the guest from "Control Panel -> Users and
Passwords" Then, click on the "Advanced" tab, and choose
"Advanced." You should
now be able to modify the Guest account in the "Users" folder.
The "Everyone" group is not the same thing as the guest account/group.
"Everyone" is the users who logged in with a non-anonymous account.
If you are a some one, you are a member "Everyone". Any thing a guest has access to is not secure.
This is why you should disable the guest account unless you have a
specific reason to need it (you don’t).
Make
sure you don’t modify the Everyone Group with out a really good reason.
You are an “everyone” so if you take away the rights of everyone you
take away your rights.
Rename the Administrator
Account
All
non-Administrator accounts are locked out after X number of failed password
attempts. But the administrator
accounts a user may try as many times as they like to hack the password.
To Slow a would be hacker down, rename your administrative account to
something else. Make it very easy to remember, like "Supervisor" or
something similar.
Don’t
make your Account the only Administrator. If
your account is the only admin and you blow up your login you are screwed.
So create an ID you will actually be logging in with everyday.
On your home PC, add this to the administrator's group.
Using smart passwords
and settings
I’m
always amazed at the dumb passwords people pick.
Their login name. Their husband/wife’s name.
Their phone extension. Use
some thing that is not a word, and has both letters and numbers.
1.
Not found in a dictionary.
2.
Not written on a post it stuck to your desk.
3.
Not blank
4.
Not less than 6 characters in length
5.
Not blank
If
you and the kids share a PC, or you share with co-workers, you should make sure
that all the users have separate user names and Passwords.
This will prevent you from reading each others mail, deleting some one
else’s thesis and all that muck. Windows
2000 is excellent at keeping you from tripping over each others files, programs,
and setting. This will only work if:
1.
You are responsible about who is an administrator.
2.
You each have a separate Username
As
an Admin you can require users to have passwords that are at least 6 characters
and alphanumeric by doing the following:
1) Open up MMC.
2) Add the Group Policy Snap-in, selecting local computer
3) Go to Windows settings > Security Settings > Account Policy
4) Change "Passwords must meet complexity requirements" to Enabled
From here you can also require users to change passwords every X number of days.
In most cases this is over kill. But
for the truly paranoid have at it.
Make an Uncrackable
Password
Tired
of Co-workers, Room Mates, and Lamers getting at your PC?
Wish you had an unbeatable, easy to remember password?
I have the solution. And the
great part is that it can be as easy as sticking out your tongue ;¬Þ
If you notice the nose and Tongue on the smiley you will realize those
aren’t keys on the key board. They
are Extended ASCII and are available by holding the alt key while typing the
number of the character you want. There
are 256 characters in the ASCII character set and those of you that still
remember DOS may have an understanding of how to get at them, but maybe you
didn’t know that they solve all your password nightmares, well at least under
Windows 2000, and Windows NT.
Many of
you are familiar of a cracker called L0phtCrack. This
malicious piece of software allows a hacker to copy your password files and then
brute-force cracks them at his leisure. But
L0pht is flawed. It only knows how
to crack 68 of the possible characters in a Password (alpha, Numeric, and a few
symbols). By including an extended
ASCII character you prevent Hackers from getting your password.
Why
this works:
Brute
force is slow, so crackers use only characters likely to be included in a
password. How many passwords do you know that in clued
@#$&^ or *? You might not have known those were even choices.
But with over 180 characters accessible from the alt + number
combination, you not only increase the number of possible characters in your
password, but you increase the amount of time that it would take to crack your
password.
Further
hints:
Because
of the way L0phtCrack works it can instantly tell if a username and password are
the same. (User name: billy,
password: billy). Avoid doing this.
Avoid
using repetitive characters in a password.
(Ozzy)
Conclusion: By Using just a single one of the above characters you are
safe until someone comes out with a better cracker.
Maybe that will happen but this will certainly make your passwords take
longer to crack.
For
a copy of L0pht swing by here.
Program security and
Antivirus
If
you are the type who downloads betas, warez, or other software from strange and
wonderous places this is a message for you.
If
you lay with dogs you are likely going to get fleas.
If
you are going to download software make sure it comes from a reputable source.
It is generally a good idea not to download files from newsgroups, warez
sites, or Wrapster.
While
Anti-virus can protect you from most common viruses and Trojans, it is generally
not a good idea to take chances. Update
your Anti-virus software regularly. Don’t
open anything with a .VBS extension. Don’t
open e-mail attachments that you don’t know what it is. And don’t intentionally leave viruses on your hard drive (
I know people who have all sorts of weird viruses just as a collection on there
hard drive, but then again I knew Glow
Boy the radio active boy scout
)
Keep up to date but
don’t be first.
Sometimes
the cure is worse than the disease. Be
cautious about blindly updating software. We
all remember NT4 sp6, and 6a. Or
many other we fixed these problems and made everything a lot worse patches.
So give the patches a bit of time before you put them on.
Conclusion
Ok
now that you have made sure your not going to lose that term paper you never
even started, and your Unreal Tournament Bindings are safe, get out there and
have fun knowing that you are safe, secure and cozy.
Doesn’t it make you all fuzzy in side?
| 