How safe am I really?

Discussion in 'Computer Security' started by Craig Millar, Aug 1, 2003.

  1. Craig Millar

    Craig Millar Guest

    Opinions please. My computer runs WinXP and I have Norton Internet Security
    2003. I feel that I am reasonably security conscious - always have the
    latest patches etc. I do get regular alerts from NIS, warning me of a
    detected intrusion, which concerns me - for each detected intrusion, what is
    the likelyhood of someone slightly more competent getting through. I get at
    least 10 alerts a day - should I be worried? NIS itself tells me not to take
    any action as it is monitoring the situation and it would obviously be
    pointless attempting to report each intrusion. Is there anything further
    that I can do (apart from moving to *nix) to protect myself?
    Craig
     
    Craig Millar, Aug 1, 2003
    #1
    1. Advertising

  2. Craig Millar

    mto Guest

    "Craig Millar" <> wrote in message
    news:...
    > Opinions please. My computer runs WinXP and I have Norton Internet

    Security
    > 2003. I feel that I am reasonably security conscious - always have the
    > latest patches etc. I do get regular alerts from NIS, warning me of a
    > detected intrusion, which concerns me - for each detected intrusion, what

    is
    > the likelyhood of someone slightly more competent getting through. I get

    at
    > least 10 alerts a day - should I be worried? NIS itself tells me not to

    take
    > any action as it is monitoring the situation and it would obviously be
    > pointless attempting to report each intrusion. Is there anything further
    > that I can do (apart from moving to *nix) to protect myself?
    > Craig


    If that is all you have done, not very. Probably most of the people that
    post to this group would recommend that you get rid of the Norton for
    starters. Lots would tell you to get rid of the XP even before the Norton.

    Best idea is to download the last month's postings and read through them
    then come back with specific questions you might have.
     
    mto, Aug 1, 2003
    #2
    1. Advertising

  3. Craig Millar

    Chuck Guest

    On Fri, 1 Aug 2003 01:43:35 +0100, "Craig Millar"
    <> wrote:

    >Opinions please. My computer runs WinXP and I have Norton Internet Security
    >2003. I feel that I am reasonably security conscious - always have the
    >latest patches etc. I do get regular alerts from NIS, warning me of a
    >detected intrusion, which concerns me - for each detected intrusion, what is
    >the likelyhood of someone slightly more competent getting through. I get at
    >least 10 alerts a day - should I be worried? NIS itself tells me not to take
    >any action as it is monitoring the situation and it would obviously be
    >pointless attempting to report each intrusion. Is there anything further
    >that I can do (apart from moving to *nix) to protect myself?
    >Craig
    >


    It wouldn't be a bad idea for you to get a NAT router. Also,
    Symantec (Norton) doesn't detect all intrusion attempts. You don't
    mention any spyware protection.

    A layered defense is a good idea.
    - Hardware (NAT router)
    - Software (Firewall, Virus detector, Spyware detector)

    A software firewall is vulnerable to various exploits. A NAT router
    (like the Linksys BEFSR41 or BEFSX41 - http://www.linksys.com/) is
    cheap, easy to setup, and reliable. The BEFSR41 can be had for around
    $50. A router will block most exploits from ever reaching the
    firewall, reducing the alerts from NIS. This will take some load off
    your processor, making your system run better.

    Here are some articles to start with:
    http://www.cablesense.com/
    http://www.homenethelp.com/home-network.asp
    http://www.practicallynetworked.com/

    NAT routers are not just for multi-computer networks. Single
    computers are much better protected too.

    Both AdAware (http://www.lavasoft.nu/software/adaware/) and Spybot
    (http://spybot.eon.net.au/) are free. Each complements the other. in
    detecting - and removing - adware, spyware, and nasties of all kinds.
    Get them both - and use them - regularly. HijackThis
    (http://www.tomcoyote.org/hjt/) is a third detector - also free - one
    which requires expert output analysis
    (http://www.spywareinfo.com/forums/index.php?act=ST&f=24&t=5187&s=98baa649719fa69c07e9374fc346bce6).
    I personally use all three - regularly.

    Any security questions can be quickly researched at
    http://www.spywareinfo.com/forums/index.php?s=043ceb910874018408baaa4971bc8b0b
    That is a very active - and professional - forum. Also the forums at
    BroadbandReports (http://www.dslreports.com/forums) will keep you up
    to date about what's happening in Internet Security.

    Your browser may be a security risk in itself. Here are a couple
    browser test sites.
    http://www.jasons-toolbox.com/BrowserSecurity/
    http://bcheck.scanit.be/bcheck/index.php
    https://testzone.secunia.com/browser_checker/

    Stay informed. What you don't know can hurt you.


    Chuck Croll

    Spam sucks - PLEASE get rid of the spam before emailing me!
    Trusted Computing? Right! http://www.againsttcpa.com/
    WHAT IS THE CBDTPA? http://www.stoppoliceware.org/
     
    Chuck, Aug 1, 2003
    #3
  4. Craig Millar

    Craig Millar Guest

    Thanks to all who responded. I do have a wireless modem/NAT router, but I
    still appear to be receiving alerts from NIS - which I can't figure, because
    my NAT setup pupports to be blocking any incoming services from the
    internet, are people breaching it so easily, or is there something wrong
    with the setup? I am currently dual booting XP/Linux - I am not ready to
    leave M$ just yet due application support - so that is not an option
    unfortunately. Thanks for your time, I shall do some further research.
    Craig

    "Chuck" <> wrote in message
    news:...
    > On Fri, 1 Aug 2003 01:43:35 +0100, "Craig Millar"
    > <> wrote:
    >
    > >Opinions please. My computer runs WinXP and I have Norton Internet

    Security
    > >2003. I feel that I am reasonably security conscious - always have the
    > >latest patches etc. I do get regular alerts from NIS, warning me of a
    > >detected intrusion, which concerns me - for each detected intrusion, what

    is
    > >the likelyhood of someone slightly more competent getting through. I get

    at
    > >least 10 alerts a day - should I be worried? NIS itself tells me not to

    take
    > >any action as it is monitoring the situation and it would obviously be
    > >pointless attempting to report each intrusion. Is there anything further
    > >that I can do (apart from moving to *nix) to protect myself?
    > >Craig
    > >

    >
    > It wouldn't be a bad idea for you to get a NAT router. Also,
    > Symantec (Norton) doesn't detect all intrusion attempts. You don't
    > mention any spyware protection.
    >
    > A layered defense is a good idea.
    > - Hardware (NAT router)
    > - Software (Firewall, Virus detector, Spyware detector)
    >
    > A software firewall is vulnerable to various exploits. A NAT router
    > (like the Linksys BEFSR41 or BEFSX41 - http://www.linksys.com/) is
    > cheap, easy to setup, and reliable. The BEFSR41 can be had for around
    > $50. A router will block most exploits from ever reaching the
    > firewall, reducing the alerts from NIS. This will take some load off
    > your processor, making your system run better.
    >
    > Here are some articles to start with:
    > http://www.cablesense.com/
    > http://www.homenethelp.com/home-network.asp
    > http://www.practicallynetworked.com/
    >
    > NAT routers are not just for multi-computer networks. Single
    > computers are much better protected too.
    >
    > Both AdAware (http://www.lavasoft.nu/software/adaware/) and Spybot
    > (http://spybot.eon.net.au/) are free. Each complements the other. in
    > detecting - and removing - adware, spyware, and nasties of all kinds.
    > Get them both - and use them - regularly. HijackThis
    > (http://www.tomcoyote.org/hjt/) is a third detector - also free - one
    > which requires expert output analysis
    >

    (http://www.spywareinfo.com/forums/index.php?act=ST&f=24&t=5187&s=98baa64971
    9fa69c07e9374fc346bce6).
    > I personally use all three - regularly.
    >
    > Any security questions can be quickly researched at
    >

    http://www.spywareinfo.com/forums/index.php?s=043ceb910874018408baaa4971bc8b
    0b
    > That is a very active - and professional - forum. Also the forums at
    > BroadbandReports (http://www.dslreports.com/forums) will keep you up
    > to date about what's happening in Internet Security.
    >
    > Your browser may be a security risk in itself. Here are a couple
    > browser test sites.
    > http://www.jasons-toolbox.com/BrowserSecurity/
    > http://bcheck.scanit.be/bcheck/index.php
    > https://testzone.secunia.com/browser_checker/
    >
    > Stay informed. What you don't know can hurt you.
    >
    >
    > Chuck Croll
    >
    > Spam sucks - PLEASE get rid of the spam before emailing me!
    > Trusted Computing? Right! http://www.againsttcpa.com/
    > WHAT IS THE CBDTPA? http://www.stoppoliceware.org/
    >
     
    Craig Millar, Aug 1, 2003
    #4
  5. Craig Millar

    Anthony PDC Guest

    On Fri, 01 Aug 2003 18:40:11 +0200, Jim Watt <>
    wrote:



    >1. top posting is regarded as bad style


    SNIPPED

    I don't know why some people get off on this sort of rather pompous,
    ex-cathedra pronouncement on subjective issues like this. It betrays a
    certain sort of cabalist temperament in some seasoned Usenet posters
    IMHO.
     
    Anthony PDC, Aug 2, 2003
    #5
  6. In article <>, Anthony PDC
    <antdeclan_at_hotmail.com> says...
    > On Fri, 01 Aug 2003 18:40:11 +0200, Jim Watt <>
    > wrote:
    >
    >
    >
    > >1. top posting is regarded as bad style

    >
    > SNIPPED
    >
    > I don't know why some people get off on this sort of rather pompous,
    > ex-cathedra pronouncement on subjective issues like this. It betrays a
    > certain sort of cabalist temperament in some seasoned Usenet posters
    > IMHO.
    >
    >
    >
    >



    no, it's good usenet etiquette to bottom post, which allows the flow of
    the thread to be easily read by new people just coming into the
    conversation.




    --
    Colonel Flagg
    http://www.internetwarzone.org/

    Privacy at a click:
    http://www.cotse.net

    Wanna ask a question in Usenet?
    http://www.tuxedo.org/~esr/faqs/smart-questions.html

    Everything about Usenet answered:
    http://www.internetwarzone.org/answers.html

    America WILL NOT forget 9-11-01
     
    Colonel Flagg, Aug 2, 2003
    #6
  7. Craig Millar

    Anthony PDC Guest

    On Fri, 1 Aug 2003 22:42:16 -0400, Colonel Flagg
    <> wrote:

    >no, it's good usenet etiquette to bottom post, which allows the flow of
    >the thread to be easily read by new people just coming into the
    >conversation.


    >In article <>, Anthony PDC
    ><antdeclan_at_hotmail.com> says...
    >> On Fri, 01 Aug 2003 18:40:11 +0200, Jim Watt <>
    >> wrote:
    >>
    >>
    >>
    >> >1. top posting is regarded as bad style

    >>
    >> SNIPPED
    >>
    >> I don't know why some people get off on this sort of rather pompous,
    >> ex-cathedra pronouncement on subjective issues like this. It betrays a
    >> certain sort of cabalist temperament in some seasoned Usenet posters
    >> IMHO.




    You are of course welcome to your opinion. But there are many
    differing views on this (see the other week's New York Times
    "Circuits" article). Whatever one's view, must it be stated as if from
    some lofty height? Perhaps a link to help newbies might be appropriate
    so they can at least see why they have been scolded so? I confess,
    it's a long time since I used Agent and Usenet, so I'm probably
    committing all kinds of calumnies as I type, which (no doubt) will be
    instantly spotted and invite reproachful comments from said "seasoned
    users".

    Regards,

    Anthony
     
    Anthony PDC, Aug 2, 2003
    #7
  8. Craig Millar

    Jim Watt Guest

    On Fri, 01 Aug 2003 21:28:55 -0400, Anthony PDC
    <antdeclan_at_hotmail.com> wrote:

    >The top-posting issue is very subjective, and as such shouldn't be
    >criticised in such ex-cathedra pronouncements.


    The newsgroup is about security, discuss that or **** off.


    --
    Jim Watt http://www.gibnet.com
     
    Jim Watt, Aug 2, 2003
    #8
  9. Craig Millar

    Leythos Guest

    In article <>, Anthony PDC
    <antdeclan_at_hotmail.com> says...
    > On Fri, 01 Aug 2003 18:40:11 +0200, Jim Watt <>
    > wrote:
    > >1. top posting is regarded as bad style

    >
    > SNIPPED
    >
    > I don't know why some people get off on this sort of rather pompous,
    > ex-cathedra pronouncement on subjective issues like this. It betrays a
    > certain sort of cabalist temperament in some seasoned Usenet posters
    > IMHO.


    "Top Posting" has always been in bad style, but some people, like in
    clothing, don't care about standards or style.

    Top posting is about the same as running the last half of an article on
    the front page of the news paper and the first half on page two... it
    just doesn't flow well.

    When you want to append a comment to something it should go at then end.
    You should also [SNIP] the parts that are not relevant to your reply to
    shorten the article and take up less bandwidth.

    --
    --

    (Remove 999 to reply to me)
     
    Leythos, Aug 2, 2003
    #9
  10. Craig,

    Inline, below . . .

    "Craig Millar" <> wrote in message
    news:...
    > Opinions please. My computer runs WinXP and I have Norton Internet

    Security
    > 2003. I feel that I am reasonably security conscious - always have the
    > latest patches etc. .


    If you are running NIS 2003, do you have Security Level set to HIGH and
    Reporting Level set to MINIMAL? Have you disabled "Automatic Firewall Rule
    Creation" (wherever that is actually located in NIS 2003)? Have you ENABLED
    Auto-Protect in NAV (a component of NIS 2003)? Does the NAV console
    indicate that e-mail scanning is ENABLED? Do you regularly run Norton's
    LiveUpdate and install the updates?

    I rather suspect that what's making you feel insecure is the Alert Tracker
    (the little half-globe, probably sitting somewhere on the right side of your
    display). If so, just "Hide Alert Tracker". The firewall still FUNCTIONS
    in precisely the same way; you just won't get alarmed by all those (largely
    unnecessary) pop-out warnings (notifications) when you receive an
    unsolicited inbound communication.

    ALL of the associated events will still be present in the event logs, should
    you be inquisitive about them. Some will show in the Firewall Event log;
    some others may only appear in the Security Alerts log.. I believe there's
    also (in 2003) an Intrusion Alert log.

    > . . . . I do get regular alerts from NIS, warning me of a
    > detected intrusion, which concerns me - for each detected intrusion, what

    is
    > the likelyhood of someone slightly more competent getting through.


    If NIS 2003 notes it, absolutely none. What you (may) have to worry about
    are the things that NIS/NAV doesn't detect. What are these?

    Intrusion Detection -- While NIS 2003 has a greatly enhanced Intrusion
    Detection capability (based on the Raptor engine that Symantec acquired),
    it's still not quite as advanced as what you could find in a dedicated IDS
    system. BlackICE, for example (which can be used safely in conjunction with
    NIS) examines incoming packets for approximately ten times as many
    pottentially dangerous unsolicited inbound signature packets as does NIS.

    Anti-virus/Anti-Trojan -- While NIS 2003 (specifically the NAV 2003
    component) does, in fact, check for something in excess of 400 Trojans
    (unfortunately, only the more common ones), a dedicated, memory-resident,
    anti-Trojan utility (also regularly updated) will notice the presence of
    approximately ten times as many Trojans. And, by the same token, 90% of
    these are rarely found 'in the wild'. Furthermore, NIS 2003 provides only
    rudimentary protection against spyware (see Ad-Aware or something similar)
    or key-loggers (see SpyCop or something similar).

    What you PERMIT -- This can be something as simple as your web browser or
    something as esoteric as running a web server.

    In the first instance, when you PERMIT your web browser to have Internet
    access, the firewall effectively allows it to download anything that you
    request from a website. The firewall isn't going to protect you from such
    exploits and vulnerabilities. You MUST apply all security updates that are
    available for your browser and then ensure that you've tightened up its
    security settings as appropriate.

    In the second instance, the situation is even worse: If you are running ANY
    sort of web server exposed to the Internet (and PERMITted) by the firewall)
    to receive unsolicited inbound communications, it is ESSENTIAL that you keep
    such servers updated (especially security updates) and then tighten the up
    the server/service to the maximum extent permissible with your needs. Now,
    if you ARE running any servers, having a dedicated IDS system (like BlackICE
    or something similar) is crucial in minimizing (but not eliminating) your
    vulnerability to exploitation.

    Third instance, a lot of people don't realize that IM, Chat, and P2P
    programs (like KaZaA) are effectively Internet servers, unless properly
    configured (and also blocked explicitly by the firewall, as a second line of
    defense).

    I presume, furthermore, that you're bright enough not to randomly open
    unsolicited e-mail or NNTP attachments and that you stay away from obvious
    blackhat, warez, and porn sites when using your web browser. (These kinds
    of known websites and these unexpected e-mail attachments are probably the
    most popular means of 'gifting' you with something you most assuredly don't
    want.)

    I also assume that you are taking advantage of the Win XP/NIS 2003
    capability to synchronize User accounts between both the software firewall
    and Win XP -- and furthermore that you don't allow anyone ELSE to log on to
    your machine using YOUR account (especially if you tend to run using a Win
    XP Admin account when on the Internet). Use a strong password for your own
    account; force other users to use a more restricted account (non-Admin
    capabilities).

    See the recent thread at DSLR Security Forum on this subject for more
    information:
    http://www.dslreports.com/forum/remark,7550549~root=security,1~mode=flat .
    The whole thread is worth your time, but I was (as you might have guessed)
    thinking primarily of my own response there.

    > . . . . I get at least 10 alerts a day - should I be worried?


    TEN??!! That's it? (Hell, I've got a very security-aware ISP and I'd be
    HAPPY if I only saw ten of these alerts per day!)

    > NIS itself tells me not to take
    > any action as it is monitoring the situation and it would obviously be
    > pointless attempting to report each intrusion.


    Well, it's not really 'pointless'. Indeed, Symantec now provides its own
    reporting service (Deepsight Analyzer), and then there's www.dshield.org and
    www.mynetwatchman.com .

    > Is there anything further
    > that I can do (apart from moving to *nix) to protect myself?


    Going to *nix is not necessarily going to do anything more for you. Indeed,
    given the fact that you even ask this question, it's likely that you could
    easily find yourself even more exposed. The only advantage in going to *NIX
    is that there are fewer viruses, Trojans, and worms out there -- but, if you
    can't cope with NIS on Windows, I rather doubt that you could set up the
    requisite protection on *NIX.

    More to the point, you subsequently mentioned in this thread that you are
    running a wireless LAN. I suggest that you work your way through the
    references at DSLR Security Forum on this topic, which you can find at
    http://www.dslreports.com/forum/remark,7562017~root=security,1~mode=flat .
    Indeed, this may be your biggest security issue.

    --
    Regards,
    Joseph V. Morris
     
    Joseph V. Morris, Aug 2, 2003
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. English Patient
    Replies:
    3
    Views:
    1,934
    Old Gringo
    Oct 4, 2004
  2. Soapy
    Replies:
    1
    Views:
    704
    The Magnificent Bastard
    Aug 16, 2004
  3. Soapy
    Replies:
    1
    Views:
    770
    Steve Leyland
    Aug 16, 2004
  4. JC Der Koenig

    Re: Is the Atkins Diet really safe?

    JC Der Koenig, Feb 6, 2005, in forum: Digital Photography
    Replies:
    2
    Views:
    280
    The Wogster
    Feb 6, 2005
  5. Linda Lou

    Re: Is the Atkins Diet really safe?

    Linda Lou, Feb 6, 2005, in forum: Digital Photography
    Replies:
    4
    Views:
    289
    Big Bill
    Feb 7, 2005
Loading...

Share This Page