There’s been rampant hacking of user information, and celebrity photos as of late it makes users think and worry about security of our computers, servers and data. With this write up we will try to get us up to speed and provide some tips and some guidelines to get better security and peace of mind, although by no means is this an in depth and “end all be all” of network and data security, although it is a good start and will give us a head start into at least securing our data, computers and servers.
Secure the Computer with a Firewall
It is imperative that the computer or server is secured to prevent direct attacks to the device, and there are a few ways to accomplish this. Whether the computer runs on a desktop operating system of Windows, Linux such as Ubuntu, or Mac OSX or later, the computer hardware can be secured by installing a software based firewall. Software based because it is an application or program that is installed to the computer. There are many firewall applications for the different operating systems available, but their basic functions should all be pretty much the same – they restrict access by blocking traffic to incoming or outgoing ports, or by restricting access based on certain criteria or policies. For windows 8 and 8, there’s a built in firewall application, as well as a few free and paid ones, such as Comodo and UnThreat to name a few. For Linux, there is APF, CSF, as well as the built in Iptables. Mac OS also has built in firewall functionality as well as third party. We will not get into the detail of specific firewalls, but basically give an overview of what needs to be configured (refer to the specific firewall’s user manual in order to achieve these configurations).
Basically we need to block all incoming ports (we can also block outgoing ports for more security) and enable only those that we are certain that we will be using. In the case of a webserver, the http port 80 and https 8443 ports are needed so we enable those ports. If we need DNS server functionality, we also enable the DNS port 53. For mailing, we turn on port 25 for smtp (outgoing mail), as well as 110 (POP3), 143 (IMAP), 993 (IMAP SSL), and even 587 (alternative smtp port). For a full list of common tcp/upd ports that are required by your applications, you have to refer to their respective user manual, but for the common default ports for particular applications, you can check http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers.
Remember to only enable the ports that you will need, and disable all other ports. If you are securing a desktop computer, chances are you need to close down all the incoming ports as you do not want anyone connecting to your desktop.
For Linux Machines Install BFD
IF the computer is a Linux based machine, install Brute Force Detection (BFD) from R-fx Networks (https://www.rfxn.com/projects/brute-force-detection/). This will ban IP addresses that have tried to connect multiple times with incorrect logins to the computer, and prevents brute force methods of trying to crack user/password logins. You can even configure the script to send you an email once it has detected a brute force hack attempt. Read through their website on instructions on how to install and configure the script. Also, BFD works best with APF or Advance Firewall Policy, also from R-fx Networks. Visit their website for more details.
Install an Antivirus
Make sure to install an antivirus application to make sure you do not get infected with nasty malware that can compromise your passwords and sensitive computer data. There are a lot of firewall applications that are free, as well as paid ones. Although which one is better, we cannot recommend and this article will not dive into which antivirus to use. When an antivirus is installed, also make sure that the virus definitions are up to date, as an antivirus with outdated definitions is pretty much vulnerable to new viruses to keep showing up. And also make it a point to scan the computer hard drive at least once a week to make sure that no files are infected.
Check Logs and Event Viewer Regularly
This is more for server administrators than regular desktop users. Make it a habit to check for computer logs to monitor the computer performance and detect any suspicious activity. For Linux, the logs are normally located in /var/logs. You can also create a cron job to send you daily email with log summaries. For windows machines, you can look at event viewer to monitor the health of the computer server. In event viewer, there are different log types: application log which are events that are logged by the programs, security logs are events like successful login attempt or unsuccessful login attempt, and system logs that are events logged by system components. By monitoring events and logs, you can keep your computer running in top shape and prevent rogue applications from taking over your machine.
Lockdown Your Router
You can secure your computer all you want, but if your network is not secure then you are still vulnerable. The best way to secure your network from the entry point is by locking down your router. Make sure login to the router’s administrator portal is only allowed internally, meaning you should only access your router’s configuration from inside your LAN, not from outside.
Also, only enable DMZ (demilitarized zone) when really needed. DMZ routes all incoming traffic to the computer in the DMZ, so this exposes your computer to the public if enabled.
Just like in your computer, make sure to enable the firewall of the router if it has one. Make sure to disable all incoming traffic from the router level, as this is your first line of defense. Unless you are hosting servers in your network that are needed to be accessible, you should disable most, if not all, incoming ports.
Use Proper Judgment
This can be the most overlooked cause of infections and hacks from unauthorized users. Make sure to use proper judgment when browsing the internet or when installing applications. Do not just go installing applications from anyone, especially those that are attached to emails. If the application is not from a trusted source, chances are it has a virus and best to stay away. The same goes when browsing sites, do not just go opening links and installing plugins that the website tells you, a lot of times these sites have malware that can infect your computer. Make sure your antivirus is running as it can detect most malwares, which provide you that security when an external application tries to install itself. Also enable popup blocker, which is built into most modern web browsers.
In closing, the more you keep your own network and computers secured, the lesser chance you have of getting infected with malicious software and viruses. And the better chance you have of keeping your data and secured files off the hands of unwanted eyes. Best of all, think before you click. Don’t just blatantly follow links and open emails, if they sound fishy, look fishy, chances are they are fishy and best to stay away.