Home page logo

basics logo Security Basics mailing list archives

Re: Protecting Home Machines
From: Vishal <dhrakol () myrealbox com>
Date: Thu, 20 Nov 2003 21:45:40 -0500

Hi Cherian

Thursday, November 20, 2003, 2:22:57 PM, you wrote:

CMP> I reinstalled the OS on the machine following a complete reformat,

Did you apply all necessary security patches? That should be your number one
step after reinstalling. An antivirus does not address the root cause of the
compromise, which is that the machine was unpatched and therefore vulnerable.
It should be installed as a second step.

I believe Nachi also exploits the same RPC vulnerability that Blaster did.
Both problems could have been avoided by keeping the machine up to date.

CMP> He swears that he had not downloaded anything nor tried any removable
CMP> media on this machine.

How about email?

CMP> The question is, "What do I do to prevent such occurrences which have
CMP> increased of late."

Some simple firsts:
1. Most important - apply all security patches.
2. Turn off unnecessary services.
3. Install a personal firewall. Read the documentation on it and configure it
properly, or consult an expert. Though not the panacea they are sometimes
touted to be, firewalls can help in making your machine less attractive to
crackers by disclosing less.
4. Install an updated antivirus.
5. Try and avoid using Outlook or Outlook Express. Or at least turn off Active
6. Take regular backups. Do not store them on the same machine. This step,
though oft-neglected, is crucial if your client wishes to maintain continuity
of any kind in his work.

When applying these measures, your focus should be on what is most important
to the client. Protect those resources first.





  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]