|
Posted by B. Nice on June 6, 2006, 1:13 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Well knowing that it is impossible to state a one-for-all solution
here is some input on how to start getting along in a home windows
environment without running a personal firewall.
It is certainly not complete, but feel free to add Your tricks to the
list.
Note also that:
1. The right things to do in the end depends on Your environment,
habits and behaviour.
and
2. There is no such thing as full security on the internet. Your level
of security is something You come to a balance with, the key word
being trust.
Okay, here we go:
1. If possible put an NAT router/firewall device between Your
internet-connection and Your PC.
It does filter out a lot of network traffic that is just pure noise,
and it does provide a decent level of protection from "intrusion
attempts" from the outside.
If You are willing to invest a little money in security this is one of
the best ways to do it.
2. Disable unnescessary services
If directly connected to the internet, this part is *crucial*.
If behind a NAT router as suggested in point 1 however, this is less
important as long as Your router does not forward any traffic.
The ideal would be of course if You can end up having no open ports at
all. A PC configured like that can be directly connected to the
internet just as safely as if You were using a personal firewall - and
best of all, without all the noise from firewall pop-ups :-)
If You have a simple setup (like a stand-alone PC connected to the
internet, without any special requirements other than normal surfing
and mailing around) there are pretty straight-forward step-by-step
guides available that can help You close all open ports on Your
machine depending on the windows version You are running. Remember to
check that Your ports actually are closed (the guide will probably
tell You how to do that).
Otherwise search the internet for ways to close ports You don't need.
(It's a good idea to write down which services You disable and how You
do it. You might find that You need to reopen them again at a later
time). Figuring out which services can be deactivated can be rather
tricky. Search the net and seek help in relevant forums.
If for some reason You need to have services running (which should be
the exception in most home environments), make sure that the software
behind it is kept up to date (patched) which leeds us to the next
item...
3. Keep Your software pacthed.
This is true for windows itself as well as any other software You are
running.
4. Do not run programs You don't trust.
It may sound a little too simple, but it really is. Unless You have
the source code and understand how to interpret it, there is NO way
You can control what a programmer has decided to let a program do, so
it all comes back to trust. If You don't trust the programmer or the
program vendor, don't run it! The moment You run or install a program
You have accepted to take a risk. It is just like driving a car. You
know there is a risk, but You accept that risk in order to get quickly
to point B.
If downloading programs from the internet, do it only from sources You
trust.
5. When surfing the web with Internet Explorer use it's zone-concept.
IE has a quite decent concept which allows You to regard any web-site
You have not specifically acknowledged as being worthy of Your trust
as unsafe. You do that by making sure You set the security level of
the untrusted sites zone to the highest possible. That makes it quite
safe to surf around. You will, as a consequence however, bump into a
lot of sites that simply won't work properly under the high security
level because only the simplest web-techniques are allowed to be used.
As You go along You add the web-sites that You decide to trust into
the trusted zone that has a much more relaxed level of security
settings. An example: You will most likely not be able to do Your
home-banking on a website classified as untrusted. But hey, if You
don't trust Your bank's web-site why place Your money there in the
first place. So You add that website to the trusted zone and from that
on it works.
I must admit that adding trusted sites to IE is a cumbersome job. But
there are smart little apps available out there that will place
buttons on Your explorer from where You can quite easily add or remove
sites from zones.
In the beginning when You have only a few trusted sites, surfing can
be a pain, but eventually when You have added the sites You most
frequently visit it actually starts to pay off.
Tip: I like SpywareBlaster. Why? Because it takes advantage of this
build in facility by adding a list of known spy- and adware providing
sites into Your list of restricted sites. Check it out.
6. Before opening a mail that looks suspecious, think twice.
and when You are finished doing Your thinking, think once again. Don't
open suspicious mails and don't open attachments unless You are
confident what You do. Common sense is the most powerful firewall
available.
I will stop here for now, well knowing that there are many issues left
I have not covered.
I have only listed some tips on what to do, and generally not how to
do it. Feel free to ask for further help or search the web for the
info You need.
I know my tips aren't perfect, but I can say just as well as people in
here are saying that they have been running PFW for years and not
having problems that I have been surfing the net for years, WITHOUT
resident anti-virus protection - WITHOUT resident spyware-protection
and WITHOUT a Personal Firewall - without noticeable problems.
I ocassionally do scan my machines for viruses and other malware using
free online scanners available. They seldom find anything but a few
"suspicious" cookies.
Does that mean my machines are clean? - Impossible to tell, but at
least I am not stressing my not too fast CPU's with unnescessary
add-ons.
/B. Nice
|
|
Posted by Leythos on June 6, 2006, 7:18 pm
If you were Registered and logged in, you could reply and use other advanced thread options
b__nice@hotmail.com says...
> 1. If possible put an NAT router/firewall device between Your
> internet-connection and Your PC.
Portable Firewall - Ethernet for data, USB for Power:
http://www.gcn.com/print/24_13/35950-1.html
I have no personal experience with it, but it seems like a good idea to
use this when you're in the field/wild.
--
spam999free@rrohio.com
remove 999 in order to email me
|
|
Posted by B. Nice on June 7, 2006, 1:26 am
If you were Registered and logged in, you could reply and use other advanced thread options
>5. When surfing the web with Internet Explorer use it's zone-concept.
>
>IE has a quite decent concept which allows You to regard any web-site
>You have not specifically acknowledged as being worthy of Your trust
>as unsafe. You do that by making sure You set the security level of
>the untrusted sites zone to the highest possible.
Oops, typo error: The untrusted (or restricted sites) zone normally is
set at the highest already. What I meant was setting also the
"Internet Zone" to the highest level of security.
/B. Nice
|
|
Posted by Duane Arnold on June 7, 2006, 1:31 am
If you were Registered and logged in, you could reply and use other advanced thread options
> Well knowing that it is impossible to state a one-for-all solution
> here is some input on how to start getting along in a home windows
> environment without running a personal firewall.
>
http://labmice.techtarget.com/articles/winxpsecuritychecklist.htm
http://www.claymania.com/safe-hex.html
Duane :)
|
|
Posted by Volker Birk on June 7, 2006, 8:57 am
If you were Registered and logged in, you could reply and use other advanced thread options > 1. If possible put an NAT router/firewall device between Your
> internet-connection and Your PC.
> ...
> 2. Disable unnescessary services
Good idea.
> If behind a NAT router as suggested in point 1 however, this is less
> important as long as Your router does not forward any traffic.
Please consider, that filtering is indispensable to filter, too. NAT is
not enough, because it was not intended as a security feature, and
often can be circumvented.
> The ideal would be of course if You can end up having no open ports at
> all.
Yes. Not ideal, but very good.
> Otherwise search the internet for ways to close ports You don't need.
http://ntsvcfg.de/ntsvcfg_eng.html
http://www.dingens.org
> 3. Keep Your software pacthed.
Very good idea.
> 4. Do not run programs You don't trust.
ACK.
> If downloading programs from the internet, do it only from sources You
> trust.
ACK.
> 5. When surfing the web with Internet Explorer use it's zone-concept.
Don't use Internet Explorer, but any other browser.
> 6. Before opening a mail that looks suspecious, think twice.
And don't use Outlook or Outlook Express.
> I will stop here for now, well knowing that there are many issues left
> I have not covered.
Thank you for bringing good ideas to this group!
Yours,
VB.
--
"If you want to play with a piece of windows software that makes you
click all over the place, there's always minesweeper."
Kyle Stedman about "Personal Firewalls" in c.s.f
|
| Similar Threads | Posted | | Looking for firewall/proxy alternatives | August 25, 2005, 2:19 am |
| IPCop alternatives ? | April 12, 2005, 11:42 am |
| MS Live OneCare Security Scanner: Credible Alternatives? Please Help | February 26, 2008, 12:25 am |
| Norton Personal Firewall | July 21, 2004, 6:41 pm |
| Jetico Personal Firewall | August 10, 2004, 5:16 pm |
| Bug in Jetico Personal Firewall | November 29, 2004, 1:40 am |
| Sygate personal firewall | December 11, 2004, 5:28 am |
| Please help with Sygate Personal Firewall | February 20, 2005, 12:59 pm |
| Norton Personal Firewall | March 30, 2005, 4:24 pm |
| jetico personal firewall | April 21, 2005, 2:29 pm |
|
XML site map