Happy Trails Computer Club

home > security > overview > multi-layer > level-2 
Level-2 Defense
This plan offers good protection for the average user. It's also adequate for broadband connections.

If you're online for long periods, if you use a broadband connection, or if you shop online, download files, chat, instant message, play games, etc., you need more than a basic defense. The anti-malware software in this plan (element 13 below) adds some degree of privacy protection as well. You might want to digress to this introductory article to get a view of how the online world has become the Wild Wooly West and how your defenses should change.

The plan below is only a checklist. The links in each item lead to the essential details for putting the plan in action. Don't try to do it all at once. Take it one step at a time, and check each item off as you go.
  1. Install a firewall. If you're using Internet Connection Firewall (ICF) consider installing a better one: ICF is reasonably good, but even Microsoft has a list of alternatives. If you're running Windows XP, Disable ICF first to avoid conflict with the other firewall. Update: Update: Microsoft intends to provide a much better version of ICF in the second half of 2004.
  2. Install an antivirus program if you don't already have one: Don't rely on it as anything but a backstop though.
  3. Update your virus signature files at least once a week. And don't forget to update them when you return from that two week cruise. The latest crop of viruses will be there waiting for you.
  4. Install software to combat other kinds of malware -- Trojans, spyware -- things of that ilk: Or at least scan your system regularly online. Anti-malware software will give you full-time protection for your computer, and to some extent, your privacy. If you want sound protection against Trojans, you'll also need robust anti-Trojan software.
  5. Gain a better understanding of the hazards online and how defenses work.
    1. Learn about the nature of malacious computer code.
    2. Learn how attacks work.
    3. Learn about the defense tools that are available. 
  6. Be wary of scams, fraud and hoaxes online: There's a higher percentage of con-artists online than in real life, because it's so easy to hide online. Virtually all spam contains a scam of some kind.
  7.  Limit what you put at risk: Never keep critical personal information on your computer -- information like sensitive passwords, account numbers or your social security number -- and never send it online without strong encryption. Use good password protection practices as well. If you want to do things like online banking pick a higher level defense plan.
  8. Backup everything you can't replace or would hate to lose: Digital pictures -- the book you're writing -- recipes -- genealogy records -- whatever. [system backup]

Get detailed information on items 2 thru 5 at the SANS Institute.

  1. Use settings for Windows that will provide a solid security foundation: Windows is "too smart for its own good." There are too many hidden junk processes running in the background. That sets up gaping security holes. It's fairly easy to close them.
  2. Use settings for Internet Explorer (or other browser) that avoid the perils of Web sites: Even if you have a policy to avoid risky Web sites, more dirty tricks are finding their way onto legitimate Web sites. The dirty tricks are often triggered when you click a banner ad or pop-up message.
  3. Use settings for Outlook Express (or other email client) that avoid the perils of HTML messages: That way, you can safely examine each message before you actually open it. Don't rely on an anti-virus program -- use that as your safety net.
  4. Patch (update) Windows, Internet Explorer and Outlook Express (or any alternate programs) when new security holes are discovered. This element requires diligence and patience, and it entails some risk. [update notices] There is an alternative, which I'll reluctantly explain as well.
  1. Examine all email messages before you process them further: Your own wits and common sense are your best peripheral defense against bogus email. Discard any messages that look at all suspicious -- even messages from someone you know.
  2. Never open an email attachment unless you're 99.999% sure it's OK: Be suspicious of any attachment you were not expecting -- even if it's from someone you know. Check with the sender first before you open it and even then be cautious. Be doubly suspicious of forwarded attachments, or attachments from someone you don't know. You can improve your online security by 10 to 1 if you're always careful with email attachments.
  3. Never download any files unless you know you can trust the source: Unfortunately, that advice includes pictures and music. The precautions on the "Safe File Handling" page should be part of your prudence too.
  4. Don't visit to risky Web sites -- gothic, warez, crackz, gamer, cheat code, tres equis and sites of that ilk: And be doubly suspicious of any unsolicited Web page -- pop up windows -- unexpected requests to "log on again," etc.
  5. Don't use instant messaging or IRC (Internet Relay Chat), or download files from P2P file-sharing networks, such as KaZaa or Morpheus. [details]
"The best way to be safe is to never feel secure" -- Benjamin Franklin
club stuff
   lost? > index
attack vectors
   web sites
   #  2  3
safe settings
   email client
safe practices
   file handling
defense tools
defense tests