I know a lot about the subject of computers and computer security. As such I have decided to put togeather a little help for those of you out there that may need a small push in the right direction. I hope everyone enjoys this!


Step 1 : Passwords

Your passwords are your first line of defense. Like a lock on your front door there are there to keep honest people honest. It is easy to bypass and should not be relied on as your only security.

How to pick a good password.

• All system-level passwords (e.g., root, enable, NT admin, application administration accounts, etc.) should be changed on at least a quarterly basis.
  
• All user-level passwords (e.g., email, web, desktop computer, etc.) should be changed at least every six months. The recommended change interval is every four months.
  
• User accounts that have system-level privileges granted through group memberships or programs such as "sudo" should have a unique password from all other accounts held by you.
  
• Passwords must not be inserted into email messages or other forms of electronic communication.
  
• All user-level and system-level passwords should conform to the guidelines described below.

• The password contains less than eight characters
  
• The password is a word found in a dictionary (English or foreign)
  
• The password is a common usage word such as:
  
• Names of family, pets, friends, co-workers, fantasy characters, etc. Computer terms and names, commands, sites, companies, hardware, software.
  
• Birthdays and other personal information such as addresses and phone numbers.
  
• Word or number patterns like aaabbb, qwerty, zyxwvuts, 123321, etc.
  
• Any of the above spelled backwards.
  
• Any of the above preceded or followed by a digit (e.g., secret1, 1secret)
  

• Contain both upper and lower case characters (e.g., a-z, A-Z)
  
• Have digits and punctuation characters as well as letters e.g., 0-9, !@#$%^&*()_+|~-=\`{}[]:";'<>?,./)
  
• Are at least eight alphanumeric characters long.
  
• Are not a word in any language, slang, dialect, jargon, etc.
  
• Are not based on personal information, names of family, etc.
  
• Passwords should never be written down or stored on-line. Try to create passwords that can be easily remembered. One way to do this is create a password based on a song title, affirmation, or other phrase. For example, the phrase might be: "This May Be One Way To Remember" and the password could be: "TmB1w2R!" or "Tmb1W>r~" or some other variation.
  

Here is a list of "dont's":

• Don't reveal a password over the phone to ANYONE
  
• Don't reveal a password in an email message
  
• Don't talk about a password in front of others
  
• Don't hint at the format of a password (e.g., "my family name")
  
• Don't reveal a password on questionnaires or security forms
  
• Don't share a password with family members
  
• Don't write passwords down!
  

• No local user accounts are configured on the firewall.
  
• The password on the firewall must be kept in a secure encrypted form.
  
• Disallow the following:
  
• IP directed broadcasts
  
• Incoming packets at the firewall sourced with invalid addresses such as RFC1918 address
  
• TCP small services
  The TCP small servers are:
  
• Echo: Echoes back whatever you type by using the telnet x.x.x.x echo command.
  
• Chargen: Generates a stream of ASCII data. The command to use is telnet x.x.x.x chargen.
  
• Discard: Throws away whatever you type. The command to use is telnet x.x.x.x discard
  
• Daytime: Returns system date and time, if correct. It is correct if you are running Network Time Protocol (NTP) or have set the date and time manually from the exec level. The command to use is telnet x.x.x.x daytime.
  
• Replace x.x.x.x with the address of your router.
  
  
• UDP small services
  The UDP small servers are:
  
• Echo: Echoes the payload of the datagram you send.
  
• Discard: Silently pitches the datagram you send.
  
• Chargen: Pitches the datagram you send and responds with a 72 character string of ASCII characters terminated with a CR+LF.
  
• All source routing
  

• Services and applications that will not be used should be disabled where practical.
  
• Access to services should be logged and/or protected through access-control methods such as TCP Wrappers, if possible.
  
• The most recent security patches should be installed on the system as soon as practical.
  
• Trust relationships between systems are a security risk, and their use should be avoided. Do not use a trust relationship when some other method of communication will do.
  
• Always use standard security principles of least required access to perform a function.
  
• Do not use root/Administrator when a non-privileged account will do.
  
• If a methodology for secure channel connection is available (i.e., technically feasible), privileged access must be performed over secure channels, (e.g., encrypted network connections using SSH, SSL or IPSec).
  

Monitoring
All security-related events on your system should be logged! Security-related events include, but are not limited to:
Port-scan attacks
Evidence of unauthorized access to privileged accounts
Anomalous occurrences that are not related to specific applications on your system.

Step 5: Encryption

Any data which you do not wish some one else to read, should be encrypted.
Proven, standard algorithms such as DES, Blowfish, RSA, RC5 and IDEA should be used as the basis for encryption technologies. These algorithms represent the actual cipher used for an approved application. For example, Network Associates Pretty Good Privacy (PGP) uses a combination of IDEA and RSA or Diffie-Hillman, while Secure Socket Layer (SSL) uses RSA encryption. Symmetric cryptosystem key lengths should be at least 256 bits. Asymmetric crypto-system keys must be of a length that yields equivalent strength (2048 bit).
I suggest that you lookinto getting PGP or GPG for standard file encryption and use it to encrypt any and all sensitive data!

Windows users can also encrypt hard drive partitions using PGP disk from

http://www.pgpi.org/products/pgpdisk/

Linux users can use ether the Crypto API or encrypted container files.

The Linux Crypto API can be downloaded from kernel.org at

http://www.kernel.org/pub/linux/kernel/people/hvr/util-linux-cryptoapi/

Step 6: Anonymous E-mail

(more information on this can be found by searching google.com or in the news group alt.privacy.anon-server)

Mixmaster E-mail

(From the Mixmaster Site)
Mixmaster is the type II remailer protocol and the most popular implementation of it.
Remailers provide protection against traffic analysis and allow sending email anonymously or pseudonymously. Mixmaster consists of both client and server installations and is designed to run on several operation systems including but not limited to *BSD, Linux and Microsoft Windows.


Nym Servers

A nym account is like a forwarding email address except that it offers
the additional feature of anonymity. Not even the nym server operator
knows who you are! You set up an account with one of the nym
servers by sending a config message. In it you provide a newly created PGP public key for your chosen nym (say, This e-mail address is being protected from spam bots, you need JavaScript enabled to view it )'; document.write( '' ); document.write( addy_text43708 ); document.write( '<\/a>' ); //-->\n This e-mail address is being protected from spam bots, you need JavaScript enabled to view it , some configuration options (like +signsend, -fingerkey, +nobcc, etc...) and finally a reply block so the nym server can send any replies back to you through a chain of remailers of your own choosing.

Email (will not be published)

Name

Title

Comment
 remaining characters

Post