I recommend the following basic security 'best practices'...
If you spend any time online, you need a security toolkit consisting of:
. anti-virus software
. anti-spyware AND anti-key-logging software
. spam blocker
. anti-phishing tools
. firewall (preferably a combination of both software and hardware firewall if you're on a high-speed connection.) Note: some anti-virus software packages include a firewall
Whichever products you use, keep them up to date - not monthly, but at least weekly, and preferably daily.
Use Windows Update to keep your operating system and Internet Explorer patched. On average, six updates to patch security bugs are released for Windows every month.
Keep informed of Security issues - keeping informed dramatically reduces your exposure to risks.
If you receive an email asking you to verify account details, don't use the link in the email. Visit the site by typing its address in your browser, then check for a link to update your details. If in doubt, contact the site directly by phone.
Avoid dangerous spots: chat rooms, peer-to-peer networks, crackz and warez, porn sites, hacker sites, anything illegal.
Stay alert. Check your browser's status bar; don't click on a pop-up window or dialog box without first reading it; watch for unusual browser behaviour, such as a window that quickly opens and closes, or an atypical response when you type a search string in the address box.
Don't open email from unknown sources. Keep preview panes switched off in your email client. Never click a link in a spam email.
Configure your email server to block or remove email that contains file attachments that are commonly used to spread viruses, such as .vbs, .bat, .exe, .pif and .scr files.
Train employees not to open attachments unless they are expecting them.
Keep your browser's security settings set to high.
Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. Choose an alphanumeric password that is at least seven characters long and uses a mix of uppercase and lowercase letters, numbers, and non-alphanumeric symbols such as (@#$%^&). This will help prevent unauthorized access to your computer.
Encryption should be used to protect sensitive information from "unauthorised eyes".
Only conduct Internet transactions that have secured processing.
Turn off and remove unneeded services. By default, many operating systems install auxiliary services that are not critical, such as an FTP server, telnet, and a Web server. These services can become avenues of attack. If they are removed, blended threats have less avenues of attack and you have fewer services to maintain through patch updates.
Do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Website can cause infection if certain browser vulnerabilities are not patched.
If a blended threat exploits one or more network services, disable, or block access to, those services until a patch is applied.
Have your computer system independently reviewed, addressing any security risks.
David Furlong is a qualified and experienced IT specialist and Technical Trainer. His list of credentials includes MCSE, MCSA, Dip IT, and he is one subject away from completing a Masters in Networking and Systems Administration. http://www.avg-antivirus.com.au
[tags]computer security attacks, anti-virus software, AVG anti-virus, internet privacy and security[/tags]
ไม่มีความคิดเห็น:
แสดงความคิดเห็น