Science and Technology : Book: Computer Security For the Home and Small Office

anAfrican

Well-Known Member
MEMBER
Feb 1, 2005
3,480
712
StreetNationEarth: Seattle
Occupation
The Meek !Shall! Inherit the Earth.
I was looking for links to tools that would be helpful, and ran across this book. I thought it might be better to post a bit more info than just the links within the site. While at the site, I tossed a request up to my local library to get a copy. I'll also put it on my "must get" book list. I am not intending that this be an advertisement for the guy's book, but it's getting kinda hard to not do something like that without stretching this country's draconian copyright/IP/linking laws too far out of shape. Apologies to any that feel apologies are due.

http://basicsec.org/

http://basicsec.org/intro.html
Finally, a complete guide to system hardening, online anonymity, encryption, and data hygiene for Windows and Linux, written in plain language for everyday computer users. The book offers easy-to-follow, yet truly comprehensive, tutorials for protecting your privacy, preventing system attacks, and, most importantly, avoiding difficulties from buggy programs and software laced with hidden functions and secret networking capabilities.

Thomas C. Greene serves as Associate Editor of The Register, the leading independent IT news daily, based in London, where he has been an editor and columnist for over six years. From his office in Washington, DC, Tom covers cybercrime, computer and network security, and Washington politics and legislation related to information technology.

http://basicsec.org/tools.html A slew of links to useful tools and information.

http://basicsec.org/toc.html Table of Contents with a sample chapter

http://basicsec.org/update.html
[The author] contribute to this page [..] occasionally, whenever there is news that might be of use, or of interest, to readers. Please consult the errata page for blunders and omissions.

Contents:
Windows XP SP2
Mozilla Firefox
Phishing
Ximian Evolution for Windows
Database Hell
A Risky 'Feature' in Mozilla
Data Hygiene Problems with Freenet
Last updated: 15 May 2005

Windows XP Service Pack 2 (SP2)
Many readers have asked if this major security update, released in August of 2004, affects or duplicates any of the system hardening procedures in the book. After testing SP2 thoroughly on clean installs of XP Home and XP Pro, I can say that it has no effect. It represents a significant step toward tightening the underlying Windows code, but, unfortunately, it involves no improvements in Windows' default system configurations. Virtually all of SP2's changes are "under the hood," so to speak, intended to mitigate problems such as stack and buffer overflows and the like.

SP2 does not prevent Windows from enabling the same vast collection of unnecessary and often insecure networking services and components by default; it does not address the myriad default configuration blunders and scripting vulnerabilities plauguing Internet Explorer and Outlook Express; it does not address Windows' long-term problems with data hygiene; and, while the native MS packet filter is finally enabled by default, it still lacks a capacity for egress filtering, which renders it as useless for detecting adware and spyware as its predecessor. A third-party packet filter capable of egress filtering is still a basic necessity for all Windows users.

Additionally, Windows Indexing Service, DCOM, Client for Microsoft Networks, File and Print Sharing, and the QoS Packet Scheduler are still installed and/or enabled by default. NetBIOS over TCP/IP is enabled, as are Remote Assistance and Remote Registry. Finally, user permissions remain a disaster, as SP2 still encourages the system owner to run their machine from the Administrator account. Sadly, there is not a single hardening procedure (detailed in Chapters 2 and 4) that SP2 has made unnecessary.
 

Consciousness Raising Online!

Allow the N Word - yes or no?

  • yes

    Votes: 2 14.3%
  • no

    Votes: 6 42.9%
  • not sure

    Votes: 6 42.9%

Latest profile posts

Charles Thompson wrote on Enki's profile.
Good evening
"And I'm feeling good."-Nina Simone
Destee wrote on Angela22's profile.
Hi Sweetie Pie Honey Bunch!!!! ... :dance4: ... Welcome Home! So good to have your sweet Spirit in the house! ... YAAAAAAY USSSSS! ... :yaay: :yaay: :swings: ... :heart:
Angela22 wrote on Enki's profile.
I hope all is well with you. Much love.:love:
Destee wrote on Charles Thompson's profile.
Hi Chuck ... is that you?!!! ... YAAAAAAAAAAAAAAY!! ... :yaay: ... I sure hope so! I have thought of you often! If it is not you, sorry for writing on your profile page @Charles Thompson and Welcome! ... :wave:
Top