When I first entered the security profession in 1996, there were risks associated with not being informed or technically protected from the dangers circulating in email and on the Internet. The only significant change is that things have worsened and the dangers are far more deceptive even for experienced users.
Below is a list of technical safeguards and best practices for the coming year. This list isn't complete and some folks won't agree with all items on the list. Still, following most of these protective principles below can help keep you and your family safer the coming year. The key is to educate yourself on the security risks circulating and ways to avoid these dangers through best practices or technical safeguards.
Best Practices - Internet Safety for 2008RECOMMENDED SOFTWARE
* Anti-Virus (keep it active and updated)
* Firewall (bi-direction preferred)
* Spam Filter
* XP users move to IE 7 for better security
* Hosts file (advanced users)
* Anonymizer (advanced users)GENERAL SAFETY TIPS
* Backup any files you don't want to loose to CD, DVD, or flash drives
* Apply Windows and Office Updates as soon as possible - Turn Automatic Updates on (use Microsoft update for both environments)
* Update all Software products periodically on your system
* Run virus scan scans periodically (weekly)
* Run anti-spyware scans periodically
* Clean up your recycle bin, temp areas, etc.
* Use UAC in Vista and prompt warnings in other Operating Systems
* Authenticate and register your version of Windows (including WGA checks)
* Read the EULAs in any software being installed
* Create a protected account (aka limited account in Vista or XP)
* Avoid entering sensitive information or performing e-commerce on a shared public PC in a cafe, hotel lobby, or library
* Avoid P2P File sharing sites for "free" music or videos
* Ensure you are using a trusted website and secure servers for e-commerce
* Use complex passwords of 8 characters or more (at least 1 letter and 1 number, plus 1 upper/lower case -- and special characters if desired)
* Change your passwords periodically
* Protect your privacy - Never share your SSN, bank account, credit card, or other sensitive personal information in emails or enter them on websites (unless you are doing so purposefully on a secure server) RECOMMENDED EMAIL SAFETY TIPS
* Avoid email attachments where possible
* Avoid clicking on any URLs in email (even to opt out of spam)
* Use plain text mode in email if possible
* Avoid links and files shared in Instant Messaging software
* Never open email from someone you don't know (line up all spam in your in-box and delete it)
* Avoid taking actions or clickin on URLs in official looking email from banks, government, etc. (verify by phone or on the primary website)
* Avoid e-cards which are not from a specific person (and check with the sender if you are unsure)
* Never install updates or free security software from an email attachment or URLRECOMMENDED BROWSER SAFETY TIPS
* Avoid clicking on banner ads where possible
* Avoid visiting untrusted and inappropriate websites
* Be careful of Internet search results as malware authors are seeding malicious websites with malware
* Complementary browsers (e.g., Firefox, Opera) have good security track records, phishing filters, and other safety measures (e.g., NoScript) that can be used in addition to IE 7 with no conflicts. You can use these as a tool to cross-check questionable sites.
* Completely clean your browser cache regularly of all temporary files, history, cookies, passwords, etc.
* Enhance your browser from automatic processing to prompt warnings where possible (advanced security settings in IE)MALWARE CLEANING TIPS
* Your computer may be infected with malware when performance deteriorates, browser pop-ups appear, home pages change, firewall warnings are issued, etc.
* When cleaning malware infections get technical assistance from a technically savvy friend preferably who can visit at your home or experts at a security website
* Find out the name of the malware you are infected with (as you must clean uniquely based on how you are infected)
offers a list of free online and command line scanners from many AV vendors
* Free Standalone cleaners may be available to remove some difficult malware agents
* Use SAFE MODE to remove difficult malware
* Change your passwords after an infection in case a backdoor agent transmitted it SECURITY AWARENESS AND EDUCATION
* Gain better general knowledge on security through articles, blogs, and security websites
* Stay informed - Follow the latest security developments on what to avoid or how to protect yourself against dangers
* Look for updates in any software you are running and install them promptly, so that you are always on the latest version
* Avoid email hoaxes circulating where you are asked to "pass on a special warning"
* Remember that there are "no free gifts" or "special bargains" for you from strangers on the Internet
* Setup separate user accounts for your children and use Vista's Parental controls
* Educate your children, family members, and friends
* Use a "Lessons Learned" approach when you make mistakes to avoid them in the futureBelow are an older set of best practices authored in my prior company almost 7 years ago. While the dangers are more hidden and technically innovative, security protection is all about staying informed and keeping key technical safeguards in place. Security is about risk management and an ounce of prevention is always worth a pound of cure. Most of these concepts below still apply even though technology has changed substantially since then:Best Security Practices (written during 2001)http://www.geoapps.com/harry_waldron_best_practices.htm