WATPA: CERT: Home Network Security

About this list Date view Thread view Subject view Author view Attachment view

From: Norman J. Jacknis (norm@jacknis.com)
Date: Mon Jul 16 2001 - 19:35:51 EDT

This article from the CERT (computer security team) is a useful follow up to our last meeting and a subject for one of our fall meetings.

Regards,
Norm

---------------------------------------------------------

http://www.cert.org/tech_tips/home_networks.html

CERTŪ Coordination Center

Home Network Security

This document gives home users an overview of the security risks and countermeasures associated with Internet connectivity, especially in the context of "always-on" or broadband access services (such as cable modems and DSL). However, much of the content is also relevant to traditional dial-up users (users who connect to the Internet using a modem).
  
     Introduction

   I.Computer security
       A.What is computer security?
       B.Why should I care about computer security?
       C.Who would want to break into my computer at home?
       D.How easy is it to break into my computer?
  II.Technology
       A.What does "broadband" mean?
       B.What is cable modem access?
       C.What is DSL access?
       D.How are broadband services different from traditional dial-up services?
       E.How is broadband access different from the network I use at work?
       F.What is a protocol?
       G.What is IP?
       H.What is an IP address?
        I.What are static and dynamic addressing?
       J.What is NAT?
       K.What are TCP and UDP ports?
       L.What is a firewall?
      M.What does antivirus software do?
  III.Computer security risks to home users
       A.What is at risk?
       B.Intentional misuse of your computer
            1.Trojan horse programs
            2.Back door and remote administration programs
            3.Denial of Service
            4.Being an intermediary for another attack
            5.Unprotected Windows shares
            6.Mobile code (Java, JavaScript, and ActiveX)
            7.Cross-site scripting
            8.E-mail spoofing
            9.E-mail-borne viruses
           10.Hidden file extensions
           11.Chat clients
           12.Packet sniffing
       C.Accidents and other risks
            1.Disk failure
            2.Power failure and surges
            3.Physical theft
 IV.Actions home users can take to protect their computer systems
       1.Consult your system support personnel if you work from home
       2.Use virus protection software
       3.Use a firewall
       4.Don't open unknown e-mail attachments
       5.Don't run programs of unknown origin
       6.Disable hidden filename extensions
       7.Keep all applications (including your operating system) patched
       8.Turn off your computer or disconnect from the network when not in use
       9.Disable Java, JavaScript, and ActiveX if possible
      10.Disable scripting features in e-mail programs
      11.Make regular backups of critical data
      12.Make a boot disk in case your computer is damaged or compromised

     Appendix: References and additional information

About this list Date view Thread view Subject view Author view Attachment view

This archive was generated by hypermail 2.1.2 : Fri May 31 2002 - 23:55:02 EDT