This Kismet tutorial provides a basic framework for using Kismet drones.
Kismet is an 802.11 wireless network detector, sniffer, and intrusion
detection system. Kismet will work with any wireless card which
supports raw monitoring mode, and can sniff 802.11b, 802.11a, 802.11g,
and 802.11n traffic (devices and drivers permitting).

Kismet also sports a plugin architecture allowing for additional
non-802.11 protocols to be decoded.

Kismet identifies networks by passively collecting packets and detecting
networks, which allows it to detect (and given time, expose the names
of) hidden networks and the presence of non-beaconing networks via data
traffic.

Kismet Drones are designed to turn Kismet into a distributed IDS system.
Drones support all of the capture methods Kismet normally supports,
including multiple capture devices per drone. Drones capture wireless
data and forward to a Kismet server over a secondary connection (ie,
wired Ethernet). Drones do not do any decoding of packets and have
minimal hardware requirements.

A Kismet server connects to the drones and will provide a single Kismet
UI display, packet dump, and alert generation point. Capture sources on
remote Kismet drones are forwarded to the Kismet server and appear as
independent capture devices which can be configured for channel hopping,
locking, etc.

Using the tun/tap export function, the central Kismet server can export
the packets from all attached drones to a virtual network interface for
use with external IDS/packet capture systems (such as Snort).

To start using Drones, launch the kismet_drone process on a remote
system (editing the kismet_drone.conf file to control what hosts are
allowed to connect) or turn on drone capabilities in the Kismet server
(by enabling the drone config options in kismet_server.conf). When
running a kismet_server instance as a drone, local logging will act as
usual and Kismet clients can be connected to the server as normal; When
running kismet_drone, Kismet clients cannot connect directly to it, and
it will not log, a Kismet server instance must be started to provide
packet decoding, logging, and Kismet UI connectivity.

What is So Fascinating About a Wireless Security Camera System?

By Singgih Tri Widodo

From the installation and use, lies in the simplicity and beauty that has a wireless security camera system. With this camera you can send pictures or videos directly to the recipient that the cord is connected to your computer or television. This is a wise way to watch someone who you think is suspect or your goods.

You do not need to buy goods with a very high price for it, and then you get someone else to arrange it. It is not necessary. For that, you should need is some good camera and handy with a computer software and stable, it makes you more calm and comfortable.

Wireless camera – Take a picture

You have the freedom to choose different types of cameras you want to build your own surveillance. You can have 4 to 30 cameras, you want at will. If you want to do off-site supervision, you need to put the camera in certain places. For example pages, swimming pool, main entrance, backyard, etc..

A good outdoor camera should be weather resistant, and must also have night vision. While which indoor surveillance cameras, was far too difficult for a computer or using a simple camera eye to eye. This camera is easily disguised so as not to be seen and caught.

Tips for buying a camera

I suggest before you make a purchase, make sure you check the camera so that the signal coverage to ensure you receive a picture can clearly. It may need a powerful transmitter.

To create a data input, choose the camera to perform voice or movement, and he will activated own end at the appointed hour through the scheme

Recipients / Receiver

Wireless camera basically sending videos and pictures through walls which can achieve distances up to 300 feet 10 miles. By your camera, you will only need can to get a DVR receiver that is used to retrieve the signal is transferred through the camera. The recipient is the most important part of your camera system, without it you can not do anything and can not receive video images you capture which.

This hardware is easy once you plug in the computer or television or wherever you want to install to see it. Usually the camera is equipped with DVR card is which their own and it can directly broadcast to the Internet. But you can buy the device separately at your nearest store shops.

Memory

Data you have on your camera you should keep it safe. You must put the camera in a different place, which surely will make the full leap camera memory. You must buy a separate memory was of about 1 TB hard drive or you need to hire another online server to store your video data. And of course you should regularly monitor your data.

Software

You must have the software to monitor the camera. Maybe you can using a Mac, Windows, Linux, or others. This can help you to monitor, transfer, and store your data. You can see it on the laptop, or phone, or even equivalent to a simple desktop.

For more information see Wireless Security Camera System

Singgih Tri Widodo comes from Kalimantan Timur, Indonesia. has written several articles on Motorcycle and Camera. You may want to check out other guide on Motorcycle Link tips, and Camera Link guide!

Where Are The Linux Workplaces?
By David Heffelfinger

When I was in college, lower level CS course assignments were done in DOS PC’s networked through Novell Netware. Once a student got to take higher level courses, he/she was given an account into one of the department’s SunOS Unix servers. Most students from basic courses suffered from “Unix envy”, the Sun boxes were perceived as being much more powerful than the humble PC’s. As a I entered the workplace, I brought my college perception that Unix workstations are more powerful than PC’s with me.

In my first couple of jobs after college I was given a Unix workstation to work with, first an HP UX workstation, then a SunOS box, and I couldn’t have been happier about it. After I transferred to a new department in that same job, I was given my first Windows NT workstation ever, I was disappointed not to have my own Unix workstation anymore.

Ever since, I’ve had nothing but Windows workstations given to me in every Job I’ve had. And I’ve had quite a few, since I’ve been doing contract work for a few years now. Now don’t get me wrong, I am not advocating that every company switch all of their employees to Linux, but I’ve wondered why IT departments have been so slow to adopt it. IT workers do minimal, if any, office work, therefore the lack of Microsoft Office availability is not a major concern, for whatever documents or spreadsheets an IT worker might have to create, OpenOffice.org is more than enough.

Most big companies have adopted Java as their official programming language, at least as far as server side development is concerned. In many cases, Java applications are deployed to Unix servers, however most developers are given Windows workstations to work with. Wouldn’t it make sense to give the developers an environment as similar as possible as the production environment?

I earn my paycheck writing Java EE applications, and I’m lucky enough that my current client allows me to work using my Linux laptop, but many places don’t allow just any device to be plugged into their network.

Besides the obvious savings in license fees, Linux offers other advantages like lack of viruses and worms, and better security overall. Linux does not lack media exposure, we’ve all seen the IBM commercials, and it is frequently mentioned in IT magazines. Why hasn’t it been adopted more widely? I don’t have the answer to that question, I’m going to have to speculate.

One reason could be the perception that Linux is difficult to use. This might have been the case a few years ago, but today, with a modern desktop environment like GNOME or KDE, Unix knowledge is not really needed to use a Linux workstation, operation is basically point and click, not much different from a Windows or OS X box.

Another reason might be a concern of Linux might not interoperate well with the rest of the company’s (Microsoft based) IT infrastructure. With tools like Samba, OpenOffice.org and Evolution (with the Ximian connector), this shouldn’t be a concern.

Another reason could be the perception that Linux does not support enough hardware. This is somewhat true, but if you are careful when selecting your hardware, you can easily get a fully functional Linux box. Most unsupported hardware have no place in the workplace anyway, I’m mainly talking here about USB devices like digital cameras and MP3 players.

Looks like most reasons Linux is not being adopted in the workplace are based on false assumptions and incorrect perceptions. How can we promote Linux adoption in the workplace? Seems to me the answer lies in educating and informing the “powers that be” in IT departments. Talking to managers in terms they understand, emphasizing reduced costs and increased productivity. Reduced cost because of the license savings, increased productivity because less time is spent applying service packs and patches, and the chances of catching a virus drop to near zero.

Convincing managers to give Linux a try is easier said than done, I know, but Rome wasn’t built in a day.

David Heffelfinger is a Software Engineer with over 10 years of experience. He is the editor in chief of Ensode.net a technology website providing articles about Java, Linux and other technology topics

Kismet is a network detector, packet sniffer, and intrusion detection system for 802.11 wireless LANs. Kismet will work with any wireless card which supports raw monitoring mode, and can sniff 802.11a, 802.11b and 802.11g traffic. The program runs under Linux, FreeBSD, NetBSD, OpenBSD, and Mac OS X. The client can also run on Microsoft Windows, although, aside from external drones, there’s only one supported wireless hardware available as packet source.

Kismet-2.7.1 Screenshot

Distributed under the GNU General Public License, Kismet is free software.

Kismet is unlike most other wireless network detectors in that it works passively. This means that without sending any loggable packets, it is able to detect the presence of both wireless access points and wireless clients, and associate them with each other.

Kismet also includes basic wireless IDS features such as detecting active wireless sniffing programs including NetStumbler, as well as a number of wireless network attacks.

Kismet has the ability to log all sniffed packets and save them in a tcpdump/Wireshark or Airsnort compatible fileformat.

To find as many networks as possible, kismet supports channelhopping. This means that it constantly changes from channel to channel non-sequentially, in a user-defined sequence with a default value that leaves big holes between channels (for example 1-6-11-2-7-12-3-8-13-4-9-14-5-10). The advantage with this method is that it will capture more packets because adjacent channels overlap.

Kismet also supports logging of the geographical coordinates of the network if the input from a GPS receiver is additionally available.

Kismet has three separate parts. A drone can be used to collect packets, and then pass them on to a server for interpretation. A server can either be used in conjunction with a drone, or on its own, interpreting packet data, and extrapolating wireless information, and organizing it. The client communicates with the server and displays the information the server collects.

Top 10 Tips to Using Public Wi-Fi Hotspots Safely
By Bethany Payne

Ahh, the joy of portable computers. Being able to grab a coffee, fancy pastry and sit down in a comfortable environment, and take in the energy of the others around you while getting some work done. Or getting some tasks completing while you are waiting at the airport. Great scenario, but most work these days involves connecting to the internet, and how can you do that safely using public wi-fi? With a bit of preparation and wireless security smarts, you can get quite a bit of work done at that coffee-shop or airport.

1. Be Smart

   Do not access sites that concern your online banking, investments, or private activities that you might not want others knowing about when you are using Wi-Fi in a public location. Thieves can easily sniff and see all data sent back and forth from your computer through the internet.

2. Be Aware of Low-Tech Thievery

   Be conscious of your surroundings. Shoulder-snoopers can see the sites you are accessing and maybe copy down your password. They may later contact you with enough information to bait you into giving them more.

3. Use a Firewall

   Make sure you have your Windows firewall active or that of another company installed and active, such as Norton or Panda, especially when you have wifi security concerns.

4. Watch for an Evil Twin Attack

   Be certain that the wi-fi you are connecting to is the legitimate one for that spot. An internet criminal may set up one that has a name very similar to the hotspot, and you may connect to theirs by mistake. Get the correct name for the true connection at that location as an initial step to protect your wireless internet security.

5. Use Secure Email

   When accessing your email, contact your ISP for their secure address. It should begin with “https:”, not just “http:”. This means that the site is using an SSL certificate so that the connection is more secure, and the information is also encrypted so sniffers cannot see the real data being transmitted. Be careful that the “https:” stays in the browser address bar throughout your whole email session. Some revert back to “http:” after you log in.

6. Delete Your Cookies

   Cookies make it easier to log in to your frequently visited sites by remembering your username and password for you, however, if you connect to these sites when using public wi-fi, sniffers can get your cookie info. Delete your cookies before you connect to the internet at a hotspot.

7. Turn off the Ad-Hoc Networking

   This should already be disabled with most default Windows XP and Vista installations, but you should check anyway. Ad-hoc networking allows two computers to communicate directly with one another, without an access point between. Obviously not a good idea to allow in public. Be certain you are using infrastructure mode, which requires an access point.

8. Do Not Allow Your Computer to Connect Automatically

   After you have connected to a wireless connection once, your laptop probably sets your network setup to automatically connect when you are in range again. Check on the properties of each connection when managing wireless connections, and do not allow your computer to automatically connect to networks. Although it may take you more time to get a connection, it gives you more control and awareness over your internet connections.

9. Disable Printer and File Sharing

   If you are used to sharing printing and files at home or work, be sure to disable this feature before connecting at a public wi-fi spot. Certainly don’t want to share with others there.

10. Connect More Securely

    There are a couple of options here. One is to get a wireless access card, so you don’t need to use public wi-fi. This is an expensive option, but if you travel a lot and need internet access out of the office, it might be the way to go. It’s a card you buy from a cell phone provider, insert into your laptop, and connect through that cell phone company’s data connection. A large part of the cost is the monthly fee.
    Amother solution is to use a VPN Tunnel. If you are working for a large company, you probably connect through their Virtual Private Network (VPN). This is a secure, encrypted connection and is a good way to go when connecting to the internet through a public access point. You can also set up your own VPN, between your home desktop and your laptop. Your desktop would have to be connected to the internet through a cable and be on and connected when you want to get online with your laptop. If you’re interested, do an internet search for how to set up a XP VPN.

In conclusion, public wi-fi connections are convenient, but be smart before you connect. Be aware of your surroundings and what data you are sending and receiving. Save the transactions that you wouldn’t want to be viewed by strangers for when you have a more secure connection.

For more great tips on using the internet and computers, including how to speed up your computer, come visit me, Bethany, at http://askgeekgirl.com/

Wardriving – The Same Old Song and Dance
By D Grady

It seems like its been forever since wardriving was used to map out the neighborhood wifi scene. I remember when statistics about mass wireless networks first started to emerge. I remember building antennas out of soup cans and a wire coat hanger. I remember having to build GPS drivers from source so Kismet could include coordinates in its output. I even remember cracking my first WEP network – it took me the better part of a week. It all seems like ancient history now.

If that was forever ago, we must have come up with some new way to secure wireless networks. We must all be running high-end encryption and have everything locked down right from the factory. After all, wireless vendors know what can be done with a laptop and some free wireless utilities. Even non-techies can tell you the dangers of WEP and running default networks. If that’s true – wardriving would probably be a waste of time these days. That’s what I thought about one weekend, so I set out to get a glimpse on the current state of wireless security.

I grabbed my Eee PC, fired up Kismet, hopped in the Jeep, and tore off across the countryside. After an hour of driving through the little beach town I live in, I had collected information on about 900 unique networks. Once I got back to the house, I fired up a shell and got to work analyzing the data. The spread of open, WEP, and WPA encrypted networks surprised me. I didn’t think I would find almost 300 open networks in this little town. Add in the 345 WEP protected networks, and that’s about 70% of total networks either completely open or protected with exceedingly crackable encryption.

Next, I did analysis on the SSID’s (the name of the network). This was also pretty interesting. Almost 10% of all networks had ‘linksys’ as their SSID. If they didn’t change the default SSID, I can imagine they changed little else. A number of the networks had personal names as their SSID’s (identity theft waiting to happen?). A few more had their street addresses as the network name. Some of the apartments and condos even had their apartment number worked in somehow.

Another interesting thing I noticed was wireless used by businesses. Digging through the raw output – I came across a lot of networks with familiar names because they belonged to businesses in town. A large CNC and prototyping shop in town had an open wifi network. A few other smaller businesses had wireless networks with their name on it. I also came across a large amount of hidden networks when I drove through industrial areas – I can only assume that some more prodding would produce more business networks. The biggest shock to me was the local police station running WEP! At least if I ever got arrested I could email someone for bail money.

It appears it’s the same old sad state of wireless security out there. I don’t expect general consumers to fret over the differences between WPA1 and WPA2, or how much overhead AES encryption has – but I expect businesses to know their risk. They should invest in a wireless penetration test or wireless security audit if they intend on rolling out wireless. Hire a professional to assess your physical surroundings for existing wireless networks you may not know about, and then have them help plan out implementation strategies with you. Wireless can be a great way to get some freedom from traditional networks, but all that freedom can come at paralyzing costs. A little planning and research can help slim down attack surfaces, and can help make casual wardriving a thing of the past.

Redspin’s cost effective penetration testing services utilize the latest technology. http://www.redspin.com

Installing and Using SNORT on Ubuntu
By Mike L Walton

I spoke about IDS (Intrusion Detection Systems) and IPS (Intrusion Prevention Systems) a few days ago in a question posted by a user. So I thought I would dive a little deeper into the subject with a specific application that I have personally used – Snort. Snort is a very powerful IDS that in later versions can act like an IPS. Snort is free to download and use in the personal environment as well as in the business environment. In fact Snort is used by many enterprises as a very effective option for their business because not only is it free, but it is one of the most powerful IDS’s out there if you know what you are doing when you configure it. Snort can be created as a program that you run when you want on a personal computer or it can be setup to run when your OS starts and protect all computers on your network from attacks.

If you want to use Snort to protect your entire network it will need to be placed in line with your Internet connection. So as an example lets say that you have a business Internet account with your local cable company and you want to protect it with a computer running Snort. The computer running Snort needs to be placed between the cable modem and the router, this way Snort is able to monitor every piece of traffic that comes into your network and is in the best place to discover possible attacks.

Installation:

We are going to be installing Snort on a computer running Ubuntu 9.04 which at the time of this article is the newest version of Ubuntu. Ubuntu is also a free OS that is available to download, making this IDS a totally free appliance for you, except the cost of the computer. There are two ways to install Snort onto a Ubuntu Distribution and the easiest is to do it through a command line. If your computer is up to date you can simply type:

sudo apt-get install snort

This will then download and install the newest version of snort on your computer through command line. As soon as it is done you will be ready to use snort. But if you run into an error or cannot install Snort through command line you can always go to the Snort website and download the newest version, but make sure that you are downloading the tar.gz file and follow their installation guide to completely setup Snort.

Once installed you can run snort as just a sniffer and have all packets captured and logged but that will create an enormous log file that you would then have to view. Snort works so well because of its use of rules to know which traffic to log and which traffic to ignore. Rules are going to be beyond the scope of this article but I plan on writing an article in the near future on creating rules for Snort.

How Snort runs depends on the flags that you specify when you launch Snort from command line.

Flag Function

-v View packet headers at the console.
-d View application data with IP headers.
-D Run Snort as a daemon.
-e Show data-link layer headers.
-l Run in packet logger mode.
-h Log information relative to the home network.
-b Log information to a single binary file in the logging directory.
-r Read packets contained in a log file.
N Disable packet logging.
-c Specifies which file will be used to provide a rule-set for intrusion detection.
-i Specifies which port you would like Snort to look at when running.

As you can see from above we have a few different options when it comes to flags used with Snort. Lets start with just viewing IP packet headers by using the command sudo snort -v. Be sure to use the sudo command before snort so that it runs in administrative mode, this is needed to open the appropriate port. Now since we did not specify a port for snort to look at it is going to use the eth0 port by default, well I am not using the eth0 port right now as I write this article I am using the wlan0 port which is my wireless card. We will need to us the -i flag to tell Snort to use my wireless card to check for traffic, sudo snort -v -i wlan0. Now Snort will run and display on the screen every packet header that comes across my wlan0 or wireless card, as you can see this is very useful if you want to monitor all traffic across your network but very impractical if you want to protect your network. To end the application once it has started you can simply hit CTRL+C to end the program and bring you back to a command prompt.

We have quickly discussed installing Snort and then running some basic Snort commands to get some output from the program onto our screen. Stay tuned for the next article on configuring Snort rules and running Snort as true IDS with alerting.

Mike Walton has been in the technology field for over 8 years and has 6+ years in hospitality technolgy. Mike has experience with Microsoft Windows Server 2000, 2003, Windows 98, XP, and Vista, Networking, Cisco Equipment, PCI DSS, and many more. Mike Walton is also the founder of MikeNet PC Free Articles and Videos. http://www.mikenetpc.com

Original Article: http://www.mikenetpc.com/2009/08/24/installing-and-using-snort-on-ubuntu/

How To Sniff A Switched Network And Protect Against It
By Brian Carpio

Introduction

Up until now all the main stream information about sniffing a switched network has told you that if you are host c trying to watch traffic between host a and b it’s impossible because they are inside of different collision domains.

This document will teach you that it is possible due to flaws and security problems within TCP/IP.

We will be utilizing two programs one is called arpspoof and the other fragrouter.

TCP/IP Overview

As most of you know TCP/IP utilizes ARP (Address Resolution Protocol) to convert IP addresses into hardware addresses. This hardware address is referred to as a MAC (Media Access Control) address. Once the destination’s MAC address is determined, the encapsulated IP packed can be transmitted to the host. Every host on the network must have a unique MAC address for them to communicate on an Ethernet LAN.

Within Ethernet ARP there are four types of messages:

ARP request – A request for a destination hosts MAC address this is usually sent to all hosts in a broadcast domain.

ARP reply – This is a response to the ARP request and tells the hardware address of the destination host.

RARP request – This is a Reverse ARP request. This requests the IP address of a known MAC address.

RARP reply – This is a response to the RARP request and tells the IP address of the requested MAC address

All Ethernet hosts and switches keep a list of known MAC addresses and their corresponding IP address. The only time a ARP request is sent to the network is when a request for an IP address NOT in the hosts table is requested which occurs when a new host is requested or when the MAC entry on the table times out.

Sniffing traffic on network utilizing a hub is easy because all traffic is transmitted to each host on the network. Sniffing a switched network presents a problem because the switch knows which MACs are plugged into which ports, the only time a broadcast is sent to the entire network is when an ARP or RARP request is sent out.

Since there is no way built into TCP/IP to verify which MACs are associated with which IP addresses but to ask or look it it’s ARP table this opens TCP/IP up for exploitation.

So the goal of a malicious hacker would be to trick your system into updating it’s ARP table so that data goes to the attacker instead.

There are many ways to do this, but for the purpose of this document we will cover arpspoof from dsniff.

Network Setup

We have a pretty basic network setup here 3 hosts connect by a switch.

HostA: 192.168.0.2 MAC: 00:08:74:95:65:11

HostB: 192.168.0.3 MAC: 00:08:74:46:EB:08

HostC: 192.168.0.4 MAC: 00:02:B3:A4:7F:8B

For the purpose of this document we are HostC a linux box. Host B and Host C or something else, doesn’t really matter HostA could be a Sun box and HostB could be it’s default router, HostA could be a PC and HostB a Sun box, etc…

On HostC will will download and install dsniff

Src: http://monkey.org/~dugsong/dsniff/

Pkg: http://www.rpmfind.net

On HostC we will also download and install fragrouter

http://www.securityfocus.com/tools/176

>> tar zxvf fragrouter-1.6.tar.gz

>> ./configure

>> make

>> make install

Running Fragrouter

This app is very simple. We just want to do normal IP forwarding, we want the traffic to make it to the destination we just want to see it first.

>> fragrouter -B1

Running ARPSPOOF

The man page gives a completed explanation of how to use arpspoof. Of this document we will run arp spoof like this (again we want to watch traffic from host a to host b)

>> arpspoof -t HostA HostB

The man page for arpspoof says that -t . Target is the box that you want to spoof the arp tables on, meaning we want to update HostA’s ARP tables telling it that the MAC address of HostB is 00:02:B3:A4:7F:8B (which is you look above is the MAC address of HostC.

Frgrouter will just route the packets on to HostB.

Preventing Against This Type of Attack

Well there are a few ways to go about this.

1) You can gather all the MAC information for every host on your network and feed that into a startup script using arp -p. The problem with this is that every host will need to be updated if/when a network card gets replaced. — BAD IDEA

2) Solaris – Change the default arp_cleanup_interval. The default is 5 min. which means Solaris keeps arp values in it’s arp cache for 5 minutes.

ndd -set /dev/arp arp_cleanup_interval 6000

3) Arpwatch – This is one of the greatest tools for protecting your self against this type of attack.

You can download for linux from rpmfind.net and Solaris from sunfreware.com.

Example of logs:

Jun 23 10:22:02 hostA arpwatch: new station 192.168.0.5 00:02:B3:A4:7F:8B

Jun 23 10:22:02 hostA arpwatch: changed ethernet address 192.168.0.3 00:02:B3:A4:7F:8B

(00:08:74:46:EB:08)

The log on hostA which is running arpwatch show that hostB’s (192.168.0.3) MAC address has changed to what we know is hostC. You can easily setup scripts which monitor for this type of activity.

In Summary

As you can tell this document provides a basis for arp spoofing, however this basic idea lays the way for SSH and SSL man-in-the-middle attacks. Once a box is compromised and used as a gateway in a network the entire network’s security becomes open for exploitation.

About The Author

Brian Carpio is a senior Solaris/Linux system architect and has worked for some of the largest companies in the world. Currently he is a freelance Linux/Solaris consultant for his own company, The Tek, LLC. http://thetek.net and can be reached at info@thetek.net

10 Ways to Keep Your Computer Safe
By Kevin Park

It surprises me how many users don’t take computer security seriously.

With hackers, spammers, and viruses lurking around every corner, you can’t afford not to follow some basic steps in protecting your PC and your personal information.

Here are the 10 ways to keep your computer safe.

1. Update your OS
2. Install anti-virus and update
3. Use anti-spyware/adware
4. Secure your home network
5. Use a firewall
6. Don’t use IE
7. Watch out for email attachments
8. OpenDNS
9. Be careful with dangerous websites
10. Keep your personal information safe

1. Update Your Operating System (Windows Update)

The first thing you should do, after getting a new PC or reformatting, is to run Windows Update.

In my household, I have 4 computers running Windows XP, Windows Vista, Windows 7, Ubuntu 9.04, Xubuntu 9.04. Some dual-boot while one triple-boots etc.

Whichever operating system you are using, make sure to update them frequently. Especially if you’re running Windows, I recommend that you turn on the auto-update in ‘Windows Update’ if not already done so. Microsoft releases frequent vulnerability and security fixes.

Keeping your operating system up to date is the first step in keeping your computer safe. To check if you’re covered (in Windows), open up your control panel and click on Windows Update. If you see the automatic update option selected, you’re all set. If not, either choose the full auto update or the option that gives you the chance to choose which updates to install yourself. Just don’t turn it off. If you must turn it off for whatever reason, manually check the Windows Update website at least once a week.

Recommended: Try out Ubuntu, the most popular Linux Distro. Using a Linux OS may sound too nerdy for some, but the level of user-friendliness has gotten a lot better over the years. It has all the pretty GUI, too. And, if you’re having problems, a huge online community is waiting to help you. It’s FREE and SAFE.

2. Install Anti-Virus and Keep the Virus Definitions Up-to-Date

An anti-virus software is a MUST. If you don’t have one, you are almost guaranteed to get infected; it’s only a matter of time.

It is amazing how many people don’t have an updated anti-virus running on their computers. Especially if you bought a pre-assembled PC from Dell or HP or Acer etc., your computer may come with a free trial period of 30 days to 1 year. Be mindful of this when you purchase a new PC.

When your subscription period runs out, you will need to either pay to continue using the anti-virus you currently have or get a different anti-virus software. Shop around.

Recommended: There are tons of options out there. But Avast and AVG are two of the best. Why? Because they’re free and very effective. Now, if you want more features and protection, you can move up to a paid anti-virus software. I know Symantec and Mcafee are two of the dominant players, but I don’t recommend them as they take more resources to run and there are others with better detection rates. Full list of recommended is below.

3. Anti-Spyware / Adware

Many times when a PC user complains about a sluggish computer or a slow startup, it is due to a presence of ad/spyware. Most common ones are mostly cookies from your browser as you surf the web and are not very dangerous, while some spywares are very malicious in nature. One example is a key-logger that can log your key strokes to steal your credit card numbers and passwords.

There are also adwares that hijack your browser’s homepage to display their content every time you load up your browser and toolbars that won’t go away.

These days, a lot of anti-virus softwares are able to protect your PC from spy/ad-wares, too. But if you want to be extra safe, install a couple of anti-spyware programs that will more aggressively block various malwares.

Recommended: Free: Spyware Blaster, Windows Defender, SuperAntiSpyware

You can get started with just a couple of those. If you have Windows Vista or 7, you will have Windows Defender by default. So, you might as well use it. I recommend Spyware Blaster in all cases. You simply run it, update, and protect. It doesn’t need to run in the background. It adds black lists to your browsers, and provides an effective prevention. SuperAntiSpyware is a complete suite with real-time protection.

4. Secure Your Home Network

In today’s typical household, multiple computers share a single internet connection. Usually, a router is used to share that connection.

What many people forget is that router is not only an internet sharing device, but a firewall to protect your whole network as well.

Setting up your router’s firewall is the first thing you need to do when setting up a network. Make sure that the firewall feature is turned on in the router settings.

What’s more concerning is that, with the gaining popularity of wireless (WiFi) networks, people are leaving the door wide open to potential hackers and your neighbors (who’s accessing your wireless network right now). You need to protect your computers not just from threats on the internet but also from threats close to your house.

If you have a wireless network enabled in your router, please look at your security settings. If you’ve never touched it, it is very likely that your neighbors had a peek inside your network a few times.

Set it up so that you are using WPA or (preferably WPA2 if supported) with AES encryption (or TKIP if your device doesn’t support AES). WEP is no good. It can be cracked within a couple of minutes. Even WPA is not all that safe these days, but you might not have the option to use WPA2.Create a shared key (password) that’s impossible to guess.

My key is 60+ characters long with numbers and lower/upper case letters randomly generated by the router.

5. Use a Firewall

A firewall prevents intruders from getting in. If you have a router, you already have a firewall. Just confirm that it is up and running. A software firewall can increase the level of security, and especially if you don’t have a router, you need a software firewall. Windows has a built-in firewall, and should be enabled by default. There are other popular firewalls like Zone Alarm.

What I’d recommend, if you want to keep things simple, is to use a security suite that has both anti-virus and firewall included.

6. Try Something Other than Internet Explorer

If you are still using Internet Explorer as your main browser, you really need to switch. IE is the most vulnerable and is also the least efficient browser on the market.

Browsers such as Firefox, Opera, and Chrome are much faster and safer. At the moment, Firefox is the most popular alternative. But I encourage you to try out all the browsers and see which one you like the best.

I highly recommend Opera. Opera is faster than Firefox. It has built-in email client, bittorrent client, widgets, mouse gestures and more. Opera has all these features built-in, yet, it is smaller than Firefox. With the new release of Opera 10 with Turbo (speeds up browsing for slower connections), I predict it will gain more market share. I personally use Firefox, Opera, and IE. Firefox is my main browser; Opera is number two. IE is only used when testing website changes and visiting Korean websites. Lots of Korean websites are only compatible with IE, which I really hate.

7. Careful Opening Email Attachments

Even if you receive an email from one of your friends, don’t assume it’s safe to open file attachments. Some viruses take control of a person’s email account and sends viruses to all his contacts.

If an email is from a stranger, most likely the attachment is a virus. Having an anti-virus should protect you from email threats, but still be careful.

Now, if you experience harm because you had replied to a Nigerian email saying you won a $10 million lottery, there’s nothing that can help for you other than your common sense.

8. Try Open DNS

OpenDNS is a free DNS service that can help your browsing experience to be faster and safer. DNS (Domain Name System) “translates domain names meaningful to humans into the numerical (binary) identifiers associated with networking equipment for the purpose of locating and addressing these devices worldwide.

An often used analogy to explain the Domain Name System is that it serves as the “phone book” for the Internet by translating human-friendly computer hostnames into IP addresses. For example, www.example.com translates to 208.77.188.166.” – Wikipedia

OpenDNS keeps track of and blocks harmful websites and also has a parental control feature and more.

All you have to do is put these two numbers “208.67.222.222″, “208.67.220.220″ into your router settings or your computer’s network settings.

Instructions for various routers and computers are available on the website.

9. Be Careful about Which Sites You Visit

If you got OpenDNS all set up, you can worry about this a little less. But OpenDNS cannot protect you 100% as news malicious sites keep on popping up.

Warez, crack, and adult sites are the most dangerous categories of websites. Don’t visit them unless you know it’s safe.

Again, an anti-virus will protect you from this kind of threats as well. See how important an anti-virus is?

10. Keep Your Personal Information Safe

Many of these threats are aimed at getting your personal information. So, keep them safe!

Don’t easily give away your name, email, phone, and address to any website.

Don’t store credit card and other sensitive information on your computer. Sometimes, you have to store them on your computer. If so, don’t save an Excel file with your credit card numbers as “credit card numbers.xls” and put it in a shared folder.

Your neighbor who was sharing your internet connection might be tempted. Playing with files will be of little help. You should encrypt your files with a password, too, if it stores sensitive information.

Overall, be mindful of protecting your personal data.

I hope you learned some ways to protect your computer and your personal data. Web is a dangerous place. You must always be on the lookout and have protection.

For a full list of recommended softwares, visit: http://www.scamfreeinternet.com/?p=691

Enjoy a Scam Free Internet: http://www.scamfreeinternet.com

Read internet scam news, software guides, and scam analysis reports.

How to Use Private Keys For SSH Authentication From Windows to Linux
By Don R. Crawley

Take one look at the / var / log / secure directory on an Internet-connected server and you’ll immediately understand the need for securing your root account. The bad guys are constantly attempting root and other usernames to attempt to login to your server using SSH or some other protocol. If you use a simple password, it’s only a matter of time before your server is compromised by a password-guessing attack. Best practice is to disallow SSH logins by root, thus eliminating a big part of the risk. The problem is that doing so also eliminates a lot of convenience for sys admins and complicates the use of tools such as WinSCP for file copy from your Windows desktop or laptop to your Linux or UNIX server.

A fairly simple solution is to use public/private keypairs for authentication. The public key is stored on the Linux/UNIX server and the private key is stored on your local Windows computer. When you attempt to connect to the Linux/UNIX server from your Windows computer, authentication is done with the keypair instead of a password. Password authentication is actually disabled for root, so no amount of password guessing will work for authentication.

Here’s how to do it:

Start by downloading the PuTTY Windows installer from the Internet. Search on the term “PuTTY SSH” to find the installer. Run the installer on your local Windows computer.

Now, you must generate the keypairs. The PuTTY Windows installer you just ran installs an application called PuTTYgen that you can use to generate the keypairs. The installer probably placed PuTTYgen (and the other PuTTY applications) in Start>>All Programs>>PuTTY.

When you run PuTTYgen for the first time, you must generate a new keypair. At the bottom of the PuTTYgen window are three parameters choices including SSH-1 (RSA), SSH-2 RSA, and SSH-2 DSA. SSH-2 RSA is the default choice with a default key length of 1024 bits. Longer key lengths are more secure, but require more processing power. 1024 bits is an acceptable compromise at this time (late 2008), but may not be acceptable in the future as computer processing power continues to increase.

Click the button labeled Generate to produce your public and private keys. (You must move your mouse pointer over the blank area at the top of the screen to generate some randomness for use in producing the keypair. Just move your mouse pointer in a cirular motion over the blank area until the progress bar reaches the far right side and PuTTYgen generates the keys.)

You can now save the private key on your local laptop or desktop computer and copy the public key to the remote Linux/UNIX server.

Enter and confirm a passphrase to protect the private key in the two fields in PuTTYgen.

Click the button labeled Save private key and select a location on your local hard drive to save the private key. (Remember to protect your private key by storing it securely!)

Copy the jibberish text that is the public key (at the top of the PuTTYgen window) and paste it into /root/.ssh/authorized_keys on your server (you’ll might have to create the .ssh directory and you’ll probably have to create the authorized_keys file).

On your Linux/UNIX server, inspect /etc/ssh/sshd_config to ensure that RSA authentication and public key authentication are both allowed. If not, change “no” to “yes” or uncomment the lines to allow said authentication. Also, ensure that the path to the authorized_keys file is set to “%h/.ssh/authorized_keys” and uncomment the line. (I found the three lines at line 43 on a RedHat system and line 29 on a Debian system.) When you’re done, the lines should look like this:

RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile %h/.ssh/authorized_keys

Test the configuration by attempting to log on as root using PuTTY with private key authentication: From your Windows workstation, start PuTTY and enter the hostname or IP address of your server in the Host Name (or IP address) field.

In the left pane of the PuTTY window, under Category, expand SSH and click on Auth.

Click on the buttown labeled Browse… and find the private key file you saved earlier.

Click the button labeled Open to start the session When prompted for a username, enter “root”

If your configuration is correct, you’ll be prompted for the private key passphrase. If you enter it correctly, you should be authenticated as root and see a privileged prompt (On systems using the BASH shell, you should see a pound sign (#).)

You must also disable root password authentication in order to limit the root account to private key authentication.

Open /etc/ssh/sshd_config for editing and modify the line that reads “PermitRootLogin yes” to read “PermitRootLogin without-password”.

Restart the ssh daemon: #/etc/init.d/sshd restart on Red Hat systems or /etc/init.d/ssh restart on Debian systems

Attempt to do a password-based login on the Linux/UNIX server. It should be denied. Attempt to perform a private key-based login on the Linux/UNIX server as before. It should be successful.

You can use the private key with PuTTY and WinSCP. I ran into errors when I tried to use it with Tera Term, but Tera Term now includes a keygen utility which seems to work fine with Tera Term, if that’s your preference.

Don R. Crawley, Linux+ and CCNA-certified, is president and chief technologist at soundtraining.net the Seattle training firm specializing in accelerated, task-oriented training for IT pros. He works with IT pros to enhance their work, lives, and careers. Click here for a free subscription to soundbytes, the monthly ezine for IT pros.