PGTS PGTS Pty. Ltd.   ACN: 007 008 568

point Site Navigation

point Other Blog Threads

  Valid HTML 4.01 Transitional

   Download Kubuntu Today


   The Power Of KDE + Ubuntu

PGTS Humble Blog

Thread: Internet Security/Malware/Spam

Author Image Gerry Patterson. The world's most humble blogger
Taking dinosaurs off this island is the worst idea in the long sad history of bad ideas -- Dr. Ian Malcolm [Jurassic Park: Lost World]

Seven Steps To Internet Security

Chronogical Blog Entries:

Date: Fri, 05 Sep 2008 23:53:18 +1000

A couple of years ago, a friend of mine, who shall remain nameless, sent me a sample of some spam, and asked me where it had come from. After a bit of investigation, I informed him that the spam had come from his own machine. This caused me considerable amusement, all at his expense. For quite a while I had been warning this person about "Internet Security". His workstation was so sick and wormy it spent most of its time as a "spam zombie". In one of these sessions, he effectively spammed himself! Although he didn't join in my merriment about this, he did pay a little more attention to the issue of Internet security.

Security has always been an issue for Internet usage. Until recently, this was swept under the carpet by major Software Houses such as Microsoft, and large financial institutions who want to offload their data entry to the end-user. Recently there have been some serious attempts to address these issues. Banks and large traders have tightened up on security and procedures and Microsoft have released Microsoft Vista.

Vista, however may not be such a big step forward for Internet security. Although there are many features introduced in Vista which improve corporate security, in particular the security of the Microsoft distribution model and the entertainment media distribution channels, it does not really address the issue of the individual end-user security. The reasons for this are many and varied. If you are interested there are many sites that explorer the issues of Vista security (or lack of). Vista also has the invidious reputation of the slowest operating system every written.

If you are searching for the means to improve your security, you can do it something yourself. There are basically two ways:

A lot of this is just common sense. I have enumerated seven simple steps that will improve Internet security for any user. As already stated, steps 1 to 3 are easy. If you are reasonably competent computer user and feel confident about installing software, you can do these yourself. These three steps are more or less the equivalent of making sure that the doors and windows in your domicile have locks and that you fasten those locks when it is unattended. Steps 4 to 6 are more like building a brick wall around your property, installing steel doors and shutters, a monitored surveillance system, and three dobermans in the yard.

It is tempting to use the analogy of household security, because of the similarities. There are bad guys (burglars), who look for vulnerable buildings and try the locks on the doors and windows. Same on the Internet. However the analogy doesn't quite hold. You can be a complete slacker about household security and never get done over, because the burglar just didn't come around at the time your house. On the Internet, there is a bad guy rattling the doors and windows every minute. If you are not secure and you are on the Internet your system will be compromised. You can bank on it! Or, in some cases, the bad guy will be banking on it (possibly with your bank account).

Most security breaches occur because of failure to implement steps 1 to 3.

Basic Security (can be performed by any competent user)

  1. Use a secure Open Source Browser. I recommend Firefox 3.0.1 or greater.

  2. Use a secure Open Source Mail User Agent. There are many of these. Evolution, Thunderbird, Kmail etc.

  3. Use a secure Open Source Operating System. I recommend Ubuntu Hardy Heron or greater. In fact if you download the latest distribution here, you can accomplish all of the above steps in one easy installation.

Additional Security (May require the assistance of an expert).

  1. Install a (hardware) firewall between your modem and your site network. This applies to the office and/or home system(s). I recommend using a small computer equipped with two network cards, running Ubuntu server and a firewall script. If you want to use wireless networking, connect the wireless router to the local side of the firewall and make sure that you use authentication for the all workstations connecting via wireless.

    This will probably require the assistance of an experienced IT professional. You should ask whoever does this, to build the system so that the firewall script starts automatically with the correct routing information when it is powered on. You should also ask for a backup copy of the system so that your firewall can be rebuilt easily in the event of a system failure. Once every six months or at least once a year you should arrange for a professional to check the system and bring it up to date with the latest Ubuntu patches.

  2. Create a separate account for every user on your internal network. If you have a small number of users, you can manage them manually (use NFS and make sure that the User ID is identical for each user on each machine). For larger networks you can use NIS and/or samba and/or LDAP.

  3. Make sure that only a few trusted users have administrator privileges. Update the software regularly. If you have a medium sized network you may want to schedule Ubuntu updates with crontab.

Other Blog Posts In This Thread:

Copyright     2008, Gerry Patterson. All Rights Reserved.