PC security - what are the real threats?
Red On, Green On
Thread Starter
Join Date: May 2004
Location: Between the woods and the water
Age: 24
Posts: 6,487
Likes: 0
Received 2 Likes
on
2 Posts
PC security - what are the real threats?
On another thread, wifi security was mentioned as a reason for opting for a hard-wired ethernet connection.
So the question is this:
In a home office/domestic setting, what are the real threats to PC security, and what's a rough weighting of those threats? Assume that the user has standard security enabled on an XP Pro machine, a WEP- encrypted, firewalled wifi router, and does not respond to phishing/419 emails.
So the question is this:
In a home office/domestic setting, what are the real threats to PC security, and what's a rough weighting of those threats? Assume that the user has standard security enabled on an XP Pro machine, a WEP- encrypted, firewalled wifi router, and does not respond to phishing/419 emails.
Join Date: Oct 2007
Location: Norfolk U.K.
Age: 68
Posts: 448
Likes: 0
Received 0 Likes
on
0 Posts
Don't rely on WEP, there are readily available programs which will "crack" this in a few minutes. Use WPA. I also have MAC code addressing, which should stop any non authorized computer from accessing my router. I was also told by a Computer magazine helpdesk NOT to rely on a routers firewall either, but use a software firewall in each P.C. This will give better protection against any rogue programmes that may be hiding, from gaining internet access without your knowledge.
Red On, Green On
Thread Starter
Join Date: May 2004
Location: Between the woods and the water
Age: 24
Posts: 6,487
Likes: 0
Received 2 Likes
on
2 Posts
In my own circumstances I'd be quite happy turning off encryption, but they are unusual - as my wifi does not have the power to reach the edge of the estate. Added to which, we live down a 600m long, bumpy, unmade-up lane that only leads to AA Towers, so anyone snooping will be highly visible.
Join Date: Oct 2007
Location: Norfolk U.K.
Age: 68
Posts: 448
Likes: 0
Received 0 Likes
on
0 Posts
I don't want to sound paranoid, but some people can be very determined. The subject came up on another forum I use, and this site was mentioned...
http://www.cantenna.com/
The freeware programme "Netstumbler" will also detect WiFi signals well beyond the useable range of the router, so I don't take any chances!!
I believe the law now holds the registered user of an ISP responsible for any illegal use of his/her internet connection, so do you really want to take the risk?
http://www.cantenna.com/
The freeware programme "Netstumbler" will also detect WiFi signals well beyond the useable range of the router, so I don't take any chances!!
I believe the law now holds the registered user of an ISP responsible for any illegal use of his/her internet connection, so do you really want to take the risk?
Red On, Green On
Thread Starter
Join Date: May 2004
Location: Between the woods and the water
Age: 24
Posts: 6,487
Likes: 0
Received 2 Likes
on
2 Posts
In all seriousness, it's not a risk I'm concerned about. The miscreant would have to sit in their car/ stand out in the open within sight of the house as the approach is along a winding lane through trees, which are very effective at stopping 2.4Ghz.
PersonalTitle to help support PPRuNe against legal bullying.
Join Date: Sep 2005
Location: France
Posts: 134
Likes: 0
Received 0 Likes
on
0 Posts
Don't be fooled.
Just cos you can't receive your WiFi signal on your laptop when you walk down the garden/drive/to the edge of the estate....don't mean your signal is not there and is not easily accessible.
The man with a good antenna and software that is good at picking out each signal from the background noise will still be able to access the data from way beyond your perceived range of coverage.
The reference for this info is this book
P.S. - I always ask people if they have a shredder at home when they talk about WiFi security at home, there is probably much more info which is more easily accessible in their bins. Maybe you all already have shredders, it's just a comment.
P.P.S. Don't buy the book in order to help you to find a home solution, it is very hard going and only of value to network professionals or those with network responsibilty (ok, ok, that means us too - we are responsible for our network at home, but you know what I mean).
The man with a good antenna and software that is good at picking out each signal from the background noise will still be able to access the data from way beyond your perceived range of coverage.
The reference for this info is this book
P.S. - I always ask people if they have a shredder at home when they talk about WiFi security at home, there is probably much more info which is more easily accessible in their bins. Maybe you all already have shredders, it's just a comment.
P.P.S. Don't buy the book in order to help you to find a home solution, it is very hard going and only of value to network professionals or those with network responsibilty (ok, ok, that means us too - we are responsible for our network at home, but you know what I mean).
Spoon PPRuNerist & Mad Inistrator
In answer to the original question, Viruses and Trojans, in my opinion.
I think that wifi per se is over-rated as a threat. In order to break in to your PC, the miscreant has to defeat any and all security at the wifi level, then actually connect to a PC, defeating any and all account security as well as any local firewall security.
Of course, if there is no wifi security and no account security (or using a 16-bit Windows), then access is trivial. But then anyone who leaves a home network in that state is unlikely to have implemented any AV or AMW software either. And frankly deserves what hits them. Unfortunately, they are also unwittingly responsible for attacks on other systems, as their infected PC is used as a zombie.
I have said before that I believe that the time will come when there is a requirement to demonstrate a level of PC competency and have 3rd party insurance to be able to connect a PC to the internet - just like a driving license and car insurance.
SD
I think that wifi per se is over-rated as a threat. In order to break in to your PC, the miscreant has to defeat any and all security at the wifi level, then actually connect to a PC, defeating any and all account security as well as any local firewall security.
Of course, if there is no wifi security and no account security (or using a 16-bit Windows), then access is trivial. But then anyone who leaves a home network in that state is unlikely to have implemented any AV or AMW software either. And frankly deserves what hits them. Unfortunately, they are also unwittingly responsible for attacks on other systems, as their infected PC is used as a zombie.
I have said before that I believe that the time will come when there is a requirement to demonstrate a level of PC competency and have 3rd party insurance to be able to connect a PC to the internet - just like a driving license and car insurance.
SD
Join Date: Jun 2003
Location: EuroGA.org
Posts: 13,787
Likes: 0
Received 0 Likes
on
0 Posts
By far the greatest threat to PC security is a bored teenager who is fast on the keyboard (as they all are) and clicks on EVERY link on EVERY website without even seeing what it is (which most of them do).
The PC will be virus/trojan ridden in days no matter what precautions are taken.
Basically, you can't let kids onto a PC used for something serious (like online banking).
Don't ask me how I know
After that....
Disagree re software firewalls; most are useless. The NAT protection which every router has will protect you from outside attacks. Only YOU can protect yourself from inviting bad stuff into your PC though, by clicking on infected websites, receiving infected emails, etc.
I'd suggest
1) using a router, just just a modem
2) running up to date antivirus software
3) applying every Windoze patch as it becomes available
4) configuring email software to NOT automatically execute attachments
5) if possible, not using Micro$oft email software
WEP security is weak but who is your enemy? If it's Granny Smith, or some perv looking for a free connection while parked outside, it's good enough because they can get connected from the house opposite If it's the KGB then no... WPA/PSK is strong, with no published attacks that are anywhere near practical.
The PC will be virus/trojan ridden in days no matter what precautions are taken.
Basically, you can't let kids onto a PC used for something serious (like online banking).
Don't ask me how I know
After that....
Disagree re software firewalls; most are useless. The NAT protection which every router has will protect you from outside attacks. Only YOU can protect yourself from inviting bad stuff into your PC though, by clicking on infected websites, receiving infected emails, etc.
I'd suggest
1) using a router, just just a modem
2) running up to date antivirus software
3) applying every Windoze patch as it becomes available
4) configuring email software to NOT automatically execute attachments
5) if possible, not using Micro$oft email software
WEP security is weak but who is your enemy? If it's Granny Smith, or some perv looking for a free connection while parked outside, it's good enough because they can get connected from the house opposite
If it's the KGB then no... WPA/PSK is strong, with no published attacks that are anywhere near practical.
Join Date: Jul 2007
Location: Nr Salisbury UK
Posts: 97
Likes: 0
Received 0 Likes
on
0 Posts
I suppose you could say I'm in the IT security business. Lots of good advice here but my top tip? Encrypt your sensitive/valuable data, and then back it up, offline, on a regular basis!
