Thursday, February 02, 2006
What does a security consultant do for self-defense?
First, there's a hardware firewall to intercept many attacks from the Internet.
By the time you get to my PC, the defenses include
I was still vulnerable, after all those precautions, to the recent WMF problem. Not even someone who does security for a living can keep a Windows box 100% secure.
For a more normal person who doesn't need to do as much online research as I do, I'd add one more recommendation. Limit your web connections to a few trusted partners.
|
By the time you get to my PC, the defenses include
- A software firewall to alert me about strange outgoing traffic
- Staying up to date on Windows patches
- A good anti-virus program
- Two separate anti-spyware programs, soon to be three
- A policy of doing all possible work in a non-Administrator account
- Backups
- A policy of never using Internet Explorer unless unavoidable
- Installing and using the Noscript extension for Firefox, which disables Javascript except when and where I allow it
- Installing and using the Trustbar extension to Firefox, which helps make phishing more visible
- A policy of deleting suspicious email without opening it
- Storing client data encrypted
- Using passwords randomly generated by machine
I was still vulnerable, after all those precautions, to the recent WMF problem. Not even someone who does security for a living can keep a Windows box 100% secure.
For a more normal person who doesn't need to do as much online research as I do, I'd add one more recommendation. Limit your web connections to a few trusted partners.
# posted by Frederick @ 3:55 PM Email to a friend:
Haloscan: they provide trackback