Basic to Indepth Guide on Home Computer Security Guide

[ajaysinghnegi]

Countermeasures for Choosing a Good Password and Safeguarding Passwords

· Do not use a password that represents you personal information like nicknames, phone numbers, date of birth etc.



· Change the password once in a month or when you suspect someone knows the password.



· Do not use a password that was used earlier.



· Be careful while entering password when someone is sitting beside you.



· Never write a password on paper to store it. The brain is the best place to store it.



· Do not reveal your password to anyone, not even to the system administrator.




· Store the passwords on computer with the help of an encryption utility.



· Do not use the name of things located around you as passwords for your account.


Various Techniques Used by Hackers to Retrieve Passwords


· One way of stealing the password is standing behind an individual and over looks their password while they are typing it or search for the papers where they have written the password.


· Another way of stealing the password is through guesses. Hackers try all the possible combinations with the help of personal information of an individual.


· When there are large number of combinations of passwords, the hackers uses fast processors and some software tools to crack the password. This method of cracking password is known as “Brute force attack”.

· Hackers also try all the possible words in an dictionary to crack the password with the help of some software tools. This is called a “dictionary attack”.

Sample password:

IJ!5iS@g0odP4s5wD ---->This is a good password

administrator123 --->bad password


Password Policy

It’s a general practice of users to keep the same password for life long; rather users should change their passwords regularly.



Password should be complex and change regularly. Password policy setting controls the complexity of the password. To edit the password policy setting, go to Start menu\Settings\Control Panel\Administrative Tools\Local Security Setting\Account Policy\Password Policy\ set each and every option

• Enforce Password History


• Maximum Password Age


• Minimum Password Age


• Minimum Password Length


• Password Must Meet Complexity Requirement

[ajaysinghnegi]

Whenever the user is required to use a password, he should use a strong password that conforms to the following Countermeasures:

• At least seven characters in length (the longer the better)


• Includes upper and lower case letters, numerals, symbols


• Has at least one symbol character in the second through sixth position


• Has at least four different characters in given password (no repeats)


• Looks like a sequence of random letters and numbers


• Don’t use any part of logon name for the password


• Don’t use any actual word or name in ANY language


• Don’t use numbers in place of similar letters


• Don’t reuse any portion of old password


• Don’t use consecutive letters or numbers like "abcdefg" or "234567"


• Don’t use adjacent keys on the keyboard like "qwerty"


A good way to create a strong password is by using the first letters of a phase that user can easily remember.



Login settings

Windows NT, 2000 and XP come with many built in users and groups. These include the Administrator, Backup Operator, Guest, Power User and many more. The purpose of these groups is to enhance the abilities of a user without having to make that user an Administrator. However, due to the powers granted to these groups any user that is a member of one can become an Administrator. All unnecessary users must be disabled.


To disable unwanted accounts follow the steps as follows. Go to Start menu\Settings\Control Panel\Administrative Tools\Computers Management\Local Users and Groups\Users. Double click the account user want to disable and Check the box see Figure-15.

Account is disabled

http://img713.imageshack.us/i/figure20.png

Figure-16: Account is disabled


Audit Policy Settings

User can set the Audit Policy Setting to determine the security events to report the user or system activity. For example, the user can choose to audit failed logon attempts, which might indicate that someone is trying to log on with an invalid password (perhaps using a program to automate the attack). Or user might want to monitor the use of a particular sensitive file. The user can also choose to monitor changes to user accounts and passwords, changes to security policies, and use of privileges that might reveal that someone is trying to "administer" user’s computer—perhaps not with user’s best interests in mind.


Unlike the other logs that appear in Event Viewer, the Security log is disabled by default in Windows XP Professional and Windows 2000. No events are written to the Security log until the user enable auditing, which is done via Local Security Settings. (In Windows XP Home Edition, security auditing is enabled for certain events. Because Home Edition doesn't include Local Security Settings, user cannot change which events are audited unless he use a tool like Auditpol.exe, which is included in the Windows 2000 Resource Kit.) Even if the user sets up auditing for files, folders, or printers, the events he specified aren't recorded unless he also enables auditing by setting a high-level audit policy in
Local Security Settings.

[ajaysinghnegi]

To edit the Audit Policy Setting Start menu\Settings\Control Panel\Administrative Tools\Local Security Settings\local Policies\Audit Policy and check the boxes accordingly


The following table gives the Audit policy available in Windows Operating System with their respective descriptions.


Table-1: Audit Policies for Security Events



Policy Description
Audit account Account logon events occur when a user attempts to log on or log off
logon events across the network, authenticating to a local user account.



Audit account Account management events occur when a user account or security
management group is created, changed, or deleted; when a user account is
renamed, enabled, or disabled; or when a password is set or changed.



Audit directory Directory service access events occur when a user attempts to access
service access an Active Directory object. (If the computer is not part of a Windows
domain, these events won't occur.)



Audit object Logon events occur when a user attempts to log on or log off a
events workstation interactively.



Audit object Object access events occur when a user attempts to access a file,
access folder, printer, registry key, or other object that is set for auditing.



Audit policy Policy change events occur when a change is made to user rights
change assignment policies, audit policies, trust policies, or password
policies.



Audit privilege Privilege use events occur when a user exercises a user right (other
use Than logon, logoff, and network access rights, which trigger other
types of


Audit process Process tracking includes events such as program activation, handle
tracking duplication, indirect object access, and process exit. Although this
policy generates a large number of events to wade through, it can
provide useful information, such as which program a user used to
access an object.

Audit system System events occur when a user restarts or shuts down the computer
events or when an event affects the system security or the Security log.


Local Security Settings has some additional policies that affect auditing, but they're not in the Audit Policy folder. Instead, look to the Security Settings\Local Policies\ Security Options folder for these policies:


• Audit: Audit the user of Backup and Restore privilege. Enable this policy if the user wants to know when someone uses a backup program to back up or restore files. To make this policy effective, user must also enable Audit Privilege Use in the Audit Policy folder.


• Audit: Shut down system immediately if unable to log security audits.

[ajaysinghnegi]

• Audit: Audit the access of global system objects. This policy affects auditing of obscure objects (mutexes and semaphores, for example) that aren't used in most home and small business networks; users can safely ignore it.


The user should only enable the audit policies which he requires to monitor. As it is a time-consuming process and can waste a lot of resources. When the auditing is enabled, the system must write an event record to the Security log for each audit check the system performs. This activity can degrade the computer’s performance. There is absolutely no need to enable them all, it’s purely on the requirement of the user, like Audit Directory Service Access is not required for the home user who is not connected to any Windows Active Directory network.


In addition, indiscriminate auditing adds to log many events that might be of little value to the user, thereby making the real security issues more difficult to find. And because the Security log has a fixed size, filling it with unimportant events could displace other, more significant events.


Here are some suggestions for what user should consider auditing:


• Audit failed logon attempts, which might indicate that someone is trying to log on with various invalid passwords.



• If the user is concerned about someone using a stolen password to log on, audit successful logon events.



• To detect use of sensitive files (such as a payroll data file, for example) by unauthorized users, audit successful read and write access as well as failed attempts to use the file by suspected users or groups.


• If the user use his computer as a Web server, he will want to know whether an attacker has defaced his Web pages. By auditing write access to the files that make up the Web pages, user will know whether his site has been vandalized.


• To detect virus activity, audit successful write access to program files (files with .exe, .com, and .dll file name extensions).


• If the user is concerned that someone is misusing administrative privileges, audit successful incidents of privilege use, account management, policy changes, and system events.


Event Viewer

A component a user can use to view and manage event logs, gather information about hardware and software problems, and monitor security events. It maintains logs of three kinds: application, system, and security.


Checkout for the security logs in event viewer regularly.


To open Event Viewer follow steps given below:

Start menu\Setting\Control Panel\Administrative Tools\ Event Viewer

http://img20.imageshack.us/i/figure21.png

Figure-17: Event Viewer

[abhaythehero]

(Originally posted by eberly in orkut community)

What is an IP-address?

An IP-address is a number, which get used as a unique identification for your computer on the net. With other words, no one has the same IP as you, and it is the IP address which makes that you have internet.

There are exceptions though if you're on a big net, for example and School network or behind a Proxy server, then all the user share the same IP-address.. This is something you should think of, if you use a Proxy server to stay anonymous.

Is it dangerous if someone get a hold of my IP?

No. In fact, it's almost impossible to avoid that someone you're communicating with on the internet gets your IP.. It's just an address which identifies your computer, and not you as a person. If anyone get your IP, can they find out which country you live in, and which ISP (Internet Service Provider) you have. They can not find out who you are, nor take control over your machine.

How can I find the one who owns the IP xxx.xxx.xxx.xxx?

Technically you can't, all you can do is th do a WHOIS search, whcih means it gather information about the ISP itself. You could always find a download that trace IP addresses, but you will only get to the ISP, and see the map over the Country where the ISP is. If you somehow want to WHOIS someone then I suggest you use a WHOIS tool based on Web applications. The programs doesn't really give exact data. Links for WHOIS'ing are posted at the bottom of the article.

Can the Police trace me based on my IP?

Yes. If the Court has given the police orders to gather the ISP's traffic data,Then can they trace you. The ISP has data which shows which IP's you've had and which time you had them.. These logs are not given out to the police or whatever without order from court (following Norwegian laws), there are many laws about how these logs needs to be taken care of by the ISP.

You won't get the data before you've actually been convicted for something you've done on the net.

How can I avoid that someone get my IP?

You could always use a proxy server. A proxy takes data from you, and then sends the data to whatever is going to have the data. The bad part is that you have to trust the proxy, Since the proxy can actually show your original IP, andor it can listen or save the data you're transferring

IF you're gonna use a Proxy server, will you be able to see the IP to the Proxy server. This IP will be the same for everyone that uses the Proxy server.

Is it important to avoid people from seeing my IP?

NO! You have absolutely nothing to be afraid of. The best you can do for your security is to have your Operating System patched, and use safe Services connected to the internet, if you run a web server from your computer etc. They will have a hard time getting access to your computer with your IP, so don't be scared.

Private IP's!

There is 4 private IP-areas:

* 10.0.0.0 - 10.255.255.255
* 172.16.0.0 - 172.31.255.255
* 192.168.0.0 - 192.168.255.255

in addition is there 169.254.0.0-169.254.255.255 for automatic giving of IP-addresses, where not DHCP or any other automatic allocation exists.

Private IP's are special because they can be found in different places, as distinct from public (normal) IP's which have to be unique.

It's likely that you have Private IP-address, if you're connected to the internet with an ADSL-router..

Private IP's doesn't get routed by routers, and therefore is it only good to use in the same physical net, or with ruterar which is setup to explicitly route it.

WHOIS-Services
http://www.afrinic.net/ - AfriNIC - Africa
http://www.apnic.net/ - APNIC - Asian/Pacific
http://www.arin.net/ - ARIN - North America
http://lacnic.net/en/ - LACNIC - Latin- og South-America
http://www.ripe.net/ - RIPE - Europe

You have to try them all to get results for the IP you want to WHOIS, because you can't be sure which continent the ISP is!

[r00t]

security policies cant do anything until user or client are not carefull...