[CiberPAC-net] Safeguard Tips Via FBI-NIPC

"Simple Computing Safeguards"
for Small Business & Home Computer Users

[CiberPAC-net] Safeguards via FBI-NIPC

Sources: www.infragard.net/library.htm
www.nipc.gov/publications/nipcpub/computertips.htm - _blank

Visit www.nipc.gov to learn about
password protection practices

Use strong (non-shared) authentication.
Choose pass-phrases that are more difficult or impossible to guess.
Assign different keys for each account.

	authentication
	Verifying the identity of a user logging onto a computer system or verifying integrity of a transmitted message. See password, digital signature, IP spoofing and biometrics.

Make regular backups of critical data.
Create backups at least once DAILY.
Larger organizations create WEEKLY full backups
with DAILY incremental backups every day.

At least MONTHLY, verify off-site backup media’s integrity and usability.

Use effective software protection from malware.
A - Have it correctly installed on your workstation,
B - Check for new virus signature updates DAILY . . .
C - Scan critical files either incrementally or periodically – File servers, Mail servers & ALL input devices.

	malware
	(Malicious WARE) Software designed to destroy, aggravate and otherwise make life unhappy or frustrating ! See virus, macro virus, Word macro virus, Worms and Trojan horse.

Do NOT open email attachments from strangers,
regardless of how enticing its Subject Line or attachment seems !

Be suspicious of any unexpected email attachment
from someone you DO know . . . It may have been sent
WITHOUT that person’s knowledge from an infected machine.

Do NOT keep computers online when inactive!
Log-off from workstations, but keep available for anti-virus signature file updates.

For Small Offices or Home Office (SOHO), either shut them off
-OR- physically disconnect them from Internet connections.

Use a firewall as a gateway between your computing resources
and any Internet connections.
Firewalls may be deployed as hardware or software safeguards for defense-in-depth solutions.

Such safeguards are essential when computers are always online using popular DSL and cable modem connections. However they are equally valuable safeguards for those using dial-up Internet connections.

Gateway

-1- A computer performing protocol conversion between different types of networks
or applications. For example, a gateway converts a TCP/IP packet to a NetWare IPX
packet and vice versa or from AppleTalk to DECnet, from SNA to AppleTalk and so on.

Gateways function at layer 4 and above in the OSI model. They perform complete
conversions from one protocol to another rather than only supporting one protocol
from within another, such as IP tunneling. Routers can sometimes implement
gateway functions.

An electronic mail, or messaging, gateway converts messages
between two different messaging protocols.

See LAN and IP gateway.

-2- A computer acting as a go-between for two or more networks using the same protocols.
In this case, the gateway functions as an entry/exit point to the network. Transport protocol
conversion may not be required, but some form of processing is typically performed.

See proxy server. It is an application that breaks the connection between sender and receiver. All input is forwarded out a different port, closing a straight path between two networks and preventing a cracker from obtaining internal addresses and details of a private network. E-Poll on Corporate Firewalls: Getting Personal

. . . DSL and Computer Security Issues [Don’t Stop Looking @ Vulnerabilities ! ]

Review About.com Computing Safely 101

Regularly verify and quickly install security patches from qualified software vendors . . .

For HELP with first & last safeguard listed . . . visit www.securemicrosoft.com

See prior article by Stan Stahl, Ph.D @ Auerbach Publications on Thursday, August 23, 2001 . . .

While Code Red has infected over 350,000 computers during the last several days,
neither it nor viruses like Sircam will be end of civilization as we know it.
Nevertheless, the threat from worms, viruses, and other 'bad guys' (malware) is real.

But, like a freeway traffic jam, it's only 'really' real when you're among those stuck in it.
While it is effectively impossible to completely eliminate the risk of loss from these
nefarious agents of doom, here are seven (7) things you can do to mitigate the risk.
_______________________________________________________________

Click here for NDU KnowledgeNet Glossary . . .

Also scan NCMS Trusted Access & www.humanfirewall.com

To learn more about . . .
Tips, Tricks and Traps to AVOID

Internet Security & Microsoft's PSA+

By:mark.j @ 10:28:AM - - SendNews [HERE] / BT eSecurity [HERE]

Following the recent problems with Internet worms
such as Code Red . . . Microsoft offered up a
'Personal Security Advisor' (MPSA) system:

Microsoft Personal Security Advisor (MPSA-Demo)
is an easy to use web application that will help you secure your
Windows NT™ 4.0 or Windows 2000™ personal computer system.

MPSA will scan your system and build a customized report on items such as – missing security patches, weak passwords, Internet Explorer and Outlook Express security settings, and Office macro protection settings.

For each weakness identified on your computer, MPSA provides easy to understand information on the security issue at hand, how to fix it, and links to additional information about the issue.

Once you correct a reported deficiency, you can run the scan again and see the results of the change. Running MPSA on a regular basis will help ensure that your system stays up to date and secure.

The online system/tool can also be found HERE
and is a very relevant tool for those of you on broadband connections.

If you don't run a fully functional firewall
then this should be a requirement for always-on connections.

We'd also like to point out the following system
for those on any other operating system:

https://grc.com/x/ne.dll?bh0bkyd2
[Gibson Research Corp. Shields Up!]

It's somewhat less complex and should be ideal
for Windows 9x/ME™ and Linux etc. users trying
to find security holes / gaps in their systems that need to be plugged.

Every reader to this site would be well informed
to try either or both.

Source: www.ispreview.co.uk/archives.shtml [29 Aug 2001]

File-ID: ACCTTS-CiberPAC-Tips.htm
Rev: 11/28/01 6:30 AM CST