A chain is as strong as its weakest link.
While I don't think all of us will follow everything that I am about to outline in terms of good "computer security practices", following as many of these as practical to you will help reduce chances of security breaches on this site and to your computer.
When a moderator's, administrator's, or even a regular register user's computer system has been breached, it presents the possibility of affecting this site as it becomes possible that the intruder might install a key logger program or steal cookie login information or the like. Hence "a chain is as strong as its weakest link".
As a fairly experienced system administrator, I have encountered common problems in people's computer setups that can lead to problems which allow "crackers" or black-hats to get in to your system and cause havoc. So please follow some of these computer guidelines to securing your system:
1.) Ensure that when you are connected to the internet, you are behind a firewall. If you have a NAT router (or a switch router, ie linksys internet router) you are safe. You can tell if your network IP address starts with 192.168.x.x or 10.x.x.x or 172.x.x.x. This prevents people from gaining direct connection to your computer freely. If you don't have one or are paranoid, you can always get ZoneAlarm, their free version. The Windows firewall WILL NOT CUT IT! It DOES NOT WORK PROPERLY!
2.) Please ensure you have updated Windows completely and all patches and updates are applied here: http://windowsupdate.microsoft.com
3.) Please ensure you have installed an Anti-Virus program. Like Norton or McAfee. (From experience Norton is the best, but it can be more expensive overall)
4.) Please ensure you do not have adware program that can exploit your system causing more holes, remove them with a program like Lava Soft's Ad-Aware.
5.) The most probematic mistake that I find with people with their comptuer setup is this: ADMINISTRATOR PASSWORDS AND ACCOUNTS! If you are running Windows 2000 or XP, DO NOT LOGIN AS THE ACCOUNT NAMED "ADMINISTRATOR"! Instead create another account with the same privileges! The reason is that the account named "Administrator" is the highest account and should not be used for every day use! Furthermore, the account password MUST be VERY difficult to guess! A lot of worms and viruses know the login name for the Windows Admin account, since it is the same in every system, so it tries to guess the password, and once it guesses it, it can install ANYTHING ON YOUR SYSTEM!
5a.) If you know how, you can minimize the vulnerability surface by renaming your administrator account to something else.
5b.) Set a very hard to guess password with letters, numbers, and symbols that is longer than 6 characters, write it down, and save it with your install disk.
5c.) If you computer automatically logs on the system, make it logon to a different account, or turn that off and logon each time manually.
6.) When using your computer, logon as a regular user (or power user, if you must) and use that. And when you need to install things or need higher access, Hold down the SHIFT key and right click on the icon, then select "Run As..." to enter an administrator's login from there. This will restrict that program to be given administrative power instead of any program that may be run through accidental clicking or worst, triggered when visiting a website or browsing e-mail.
7.) Ensure your passwords (no matter where) is at least 6 characters long, and consist of numbers and letters of upper and lower case.
7a.) Make sure all your passwords everywhere e-mail, webmail, hotmail, home computer, FTP, etc. are all that way.
7b.) Give yourself different passwords for different purposes. I.E.: I have passwords of different complexity, some are very easy and some are very difficult and long. If you must share a password with someone and it is not for something important, then have an easy one for that. Then for other important things like your e-mail for your ebay or paypal account, make it longer, more difficult to guess, and more complex.
7c.) Do not set the same password on everything. Because sometimes a software has a flaw, and its security may be breached. If that happens, your password may become revealed and then intruders can use that same password for all your things. That is why you have a seperate key for your car that is different from your house key.
8.) Be wary of those that ask you for your passwords. An administrator will NEVER EVER ask you for your password for any reason. Because the lead administrators have supreme access, and have no need to do so. If someone is asking for your password, (even if it is me) you can tell them to "go play hide and go f*** yourself". I would understand.
If you follow most of these, all is right with the world. (For "God is in his heaven" )
While I don't think all of us will follow everything that I am about to outline in terms of good "computer security practices", following as many of these as practical to you will help reduce chances of security breaches on this site and to your computer.
When a moderator's, administrator's, or even a regular register user's computer system has been breached, it presents the possibility of affecting this site as it becomes possible that the intruder might install a key logger program or steal cookie login information or the like. Hence "a chain is as strong as its weakest link".
As a fairly experienced system administrator, I have encountered common problems in people's computer setups that can lead to problems which allow "crackers" or black-hats to get in to your system and cause havoc. So please follow some of these computer guidelines to securing your system:
1.) Ensure that when you are connected to the internet, you are behind a firewall. If you have a NAT router (or a switch router, ie linksys internet router) you are safe. You can tell if your network IP address starts with 192.168.x.x or 10.x.x.x or 172.x.x.x. This prevents people from gaining direct connection to your computer freely. If you don't have one or are paranoid, you can always get ZoneAlarm, their free version. The Windows firewall WILL NOT CUT IT! It DOES NOT WORK PROPERLY!
2.) Please ensure you have updated Windows completely and all patches and updates are applied here: http://windowsupdate.microsoft.com
3.) Please ensure you have installed an Anti-Virus program. Like Norton or McAfee. (From experience Norton is the best, but it can be more expensive overall)
4.) Please ensure you do not have adware program that can exploit your system causing more holes, remove them with a program like Lava Soft's Ad-Aware.
5.) The most probematic mistake that I find with people with their comptuer setup is this: ADMINISTRATOR PASSWORDS AND ACCOUNTS! If you are running Windows 2000 or XP, DO NOT LOGIN AS THE ACCOUNT NAMED "ADMINISTRATOR"! Instead create another account with the same privileges! The reason is that the account named "Administrator" is the highest account and should not be used for every day use! Furthermore, the account password MUST be VERY difficult to guess! A lot of worms and viruses know the login name for the Windows Admin account, since it is the same in every system, so it tries to guess the password, and once it guesses it, it can install ANYTHING ON YOUR SYSTEM!
5a.) If you know how, you can minimize the vulnerability surface by renaming your administrator account to something else.
5b.) Set a very hard to guess password with letters, numbers, and symbols that is longer than 6 characters, write it down, and save it with your install disk.
5c.) If you computer automatically logs on the system, make it logon to a different account, or turn that off and logon each time manually.
6.) When using your computer, logon as a regular user (or power user, if you must) and use that. And when you need to install things or need higher access, Hold down the SHIFT key and right click on the icon, then select "Run As..." to enter an administrator's login from there. This will restrict that program to be given administrative power instead of any program that may be run through accidental clicking or worst, triggered when visiting a website or browsing e-mail.
7.) Ensure your passwords (no matter where) is at least 6 characters long, and consist of numbers and letters of upper and lower case.
7a.) Make sure all your passwords everywhere e-mail, webmail, hotmail, home computer, FTP, etc. are all that way.
7b.) Give yourself different passwords for different purposes. I.E.: I have passwords of different complexity, some are very easy and some are very difficult and long. If you must share a password with someone and it is not for something important, then have an easy one for that. Then for other important things like your e-mail for your ebay or paypal account, make it longer, more difficult to guess, and more complex.
7c.) Do not set the same password on everything. Because sometimes a software has a flaw, and its security may be breached. If that happens, your password may become revealed and then intruders can use that same password for all your things. That is why you have a seperate key for your car that is different from your house key.
8.) Be wary of those that ask you for your passwords. An administrator will NEVER EVER ask you for your password for any reason. Because the lead administrators have supreme access, and have no need to do so. If someone is asking for your password, (even if it is me) you can tell them to "go play hide and go f*** yourself". I would understand.
If you follow most of these, all is right with the world. (For "God is in his heaven" )
Comment