Defensive Computing

How to use the LogMeIn Free

2010-04-05T01:05:00.062+08:00

SERVER SETUP

1st Step : Download the LogMeIn in Software

CLICK HERE to download the LogMeIn software

2nd Step : Install

CLIENT SETUP? (No setup required for client :D) just use your browser and install a plug-in

to remote logon to https://secure.logmein.com/

Kaspersky

2010-01-08T21:46:00.002+08:00

FIRST STEP IS : DISCONNECT FROM INTERNET!!!

BT4

2009-12-03T23:37:00.000+08:00

Online Port Scanning

2009-05-12T04:33:00.009+08:00

http://www.whatsmyip.org/ports/

This website allows users to check/test open ports on home gateway/router. :)

Besides that, you can also perform a basic security test on open ports. :)
click on Check Ports(it may take up to a minute)

and the results, :)

you can also check based on applications.

results :)

Other Tools includes.... :D

ENJOY!

Zone Alarm Pro

2008-11-09T22:26:00.000+08:00

Q : I have an anti-virus installed in my PC, do I really need a firewall? What is it? How it works and how does it protect my PC?

A : Yes, Anti-Virus Software alone is not enough to protect your computer today. After an Anti-Virus software is installed in your computer, the limitation of it is, you can only detect the virus and heal it if the virus is found, or if the virus is in you computer; Firewall protect your computer by building a defense line in front of you computer before an unauthorized connection is made by hackers or intruders. Most anti-virus software suite today like kaspersky internet security suite included a firewall in their product. A firewall's basic task is to regulate some of the flow of traffic between computer networks of different trust levels (Wikipedia, 2008).

If you have been using the internet for quite some time, you must have heard of firewall. "Firewall is defined as : A system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria" (Webopedia,2004).

Q: Why do we need firewall security?
A: Because there are many ways that people can use to access or abuse unprotected computers (Tyson, 2008). Firewall is one ways to prevent them. For example firewall can protect you from remote login. Firewall can also prevent you from Application backdoors; some virus or software might provide backdoors for hackers. Using a firewall can also prevent keyloggers software to send out the keystroke that have been captured by the software. There are many more reasons why firewall is needed and what it can do, click on the website link at the bottom of the page(reference) for more information about firewall.

Now, let's go back to out topic today, Zone Alarm Pro.
Q: Why Zone Alarm?
A: Zone Alarm Pro is software based firewall that is suitable for home users who want to extend their computer's security. Zone Alarm Pro is a very user friendly firewall software; anyone who understands English can use it without problem. Installing and setting up Zone Alarm Pro is easy. If have experience using computers, another firewall that i would recommend is Comodo Firewall Pro, stronger protection but complicated especially with the "Image Execution Prevention". In Zone Alarm it is call "program control" which is much more easier to manage and easy to configure. Similar to 'Image Execution Prevention'.

Snapshots,

Reference:

Webopedia, 2004, 'Firewall', online, date accessed 20th October 2008. Available from: http://www.zonealarm.com/store/content/home.jsp
Tyson, J. 2008, 'How Firewall Works', online, date accessed 20th October 2008. Available from: http://computer.howstuffworks.com/firewall3.htm
Wikipedia, 2008, 'Firewall', date accessed 20th October 2008. Available from: http://en.wikipedia.org/wiki/Firewall

Hard To Wake Up?

2008-11-04T03:00:00.000+08:00

Did you know that.... Firefox 3 have reach 8 million downloads!

2008-11-04T01:53:00.005+08:00

When Mozilla launched their latest browser, Firefox 3, Breaking the world record with 8 Million Downloads!!!

Even Babes love firefox >.< (photos from the internet)

Ubuntu 8.10 Sreenshots

2008-11-03T14:02:00.027+08:00

Are you fit to call yourself an expert?

2008-11-02T03:39:00.004+08:00

Snapshot from an IT Magazine. Anyone who calls himself an IT Expert, ask him to answer these questions before you start getting wrong information from him or accepting rumors from internet as facts. Ask these 7 questions to see if he is qualified. Of cause, before he answers you, he will get answers from "Prof. Google" and "Mr. Wikipedia". So, force him to answer on the spot. If he say he is not sure, the answers that he give you on the next day, will either from the internet or books. If he has a CCNA (Cisco Certified Network Associate), you are just asking him to "step 7 ants".

Announcement

2008-10-19T23:53:00.004+08:00

All my post in the future will be using the "Havard Referencing System"

The reasons for using it are:

To aknowledge the work of other writers;
To demonstrate the body of knowledge on which I have based on my work;
To enable other researchers to trace my source and lead them on to further discussion and
To avoid plagiarism.

Thanks for visiting my blog....

Protecting Sensitive Information - Cryptography

2008-08-01T01:26:00.019+08:00

Why do I need encryption? My answer would be,

To protect my sensitive/confidential information. With encryption, even if intruders hack into your computers and successfully transfered your personal files to his computer, he will not be able to read or to view the files without effort of decrypting it.

Another situation why we need encryption is, when we are bringing sensitive data with us in USB thumbdrive; Traveling or maybe transferring sensitive information that will bring huge damage to a company. You will never know that the USB Thunbdrive might be lost or being stolen when you leave your house or company. We do not want these information to be exposed to anyone even though if someone steal or found the Thumbdrive that you have lost.

For home users, sometimes we have private photos or maybe videos that we want to share with our friend; and we want use Thumbdrive to transfer them. The files must protect itself before it is ready to be transfered.

Solution : AxCrypt

Now, I want to have 2 layer of security in the files, what should i do? The best way is to use Winrar to protect the files with a password (first layer) and then use AxCrypt to encrypt and protect them with passphrase and keyfile.

First Step - Winrar
To Protect WinRAR files with a password, right click on the Folder and Click "Add to archive..."
Click on the Advance tab and click Set Password
Now, click enter a password
Press OK and WinRAR will start creating the Archive
Now we have successfully created a WinRAR archive with password.
WinRAR is not strong enough to protect the files because, there is a lot of software that is free, can crack the password and view the content, that is why we need to encrypt it and have second layer of security implemented in the file.

AxCrypt

Install AxCrypt and Right click on the WinRAR archive that we have created just now and click make key file, after you have successfully created a keyfile you will see a new .txt file, the default name is 'My Key-File
The key-file is a file storing a long key randomly generated by the software to lock and encrypt the content, AxCrypt can protect your file using the key-file or a passphrase. You can also use both of them, when decrypting, if you are unable to provide either one of them, you will not be able to decrypt the file if you have use both the key-file and the passphrase. So you must store the key-file in a safe place and make sure that you have a backup of the key-file.

*Note : You that you must use the same key-file that you have use to encrypt the file earlier in order to decrypt it.

Now start protecting the file, right click on the file and there is 3 options
Encrypt = encrypt the selected file (not recommended)
Encrypt a Copy = make a copy of the selected file and encrypt it (recommemded) (the pc must install AxCrypt to decrypt the encrypted file)
Encrypt copy to .EXE = encrypt a copy and create a .exe file ( the pc that you are going to use to decrypt the file does not required to have AxCrypt installed)
Since you have installed AxCrypt, we will try 'Encrypt a copy'; Click on encrypt a copy and enter a passphrase, then browse for the key-file that AxCrypt have created.
AxCrypt will start encrypting and you will see a file successfully being created.

Now, repeat the step if you want to create an .EXE file. To decrypt the file, double click on it and enter the passphrase and browse for the key-file.
AxCrypt Starts Decrypting
and WinRAR will ask for password before you can view the content

This one method that you can use to protect your files when transferring information. You can also encrypt important data in your computer using this method.

*Note:

Do a few times testing before you delete the original unencrypted files to make sure that there is no error when encrypting
some users have reported that it is not compatible with windows vista yet
if you need technical support, log on to their official website and get help in the forum, you can also report if you found any bugs in the software
store your key-file in a safe place and make sure you make backup of it because you need the same key-file to decrypt the encrypted file
again, do testing, testing and testing.

Submarine Cable Map 2008

2008-07-24T22:09:00.004+08:00

http://www.telegeography.com/

Can hackers hack my computer?

2008-07-20T15:40:00.001+08:00

The only answer to this question is, yes. No matter how secure is your system, Hackers can hack your computer. You should ask yourself, do hackers want to hack my computer?

In this post, I am going to explain about what is a security test.
The tool that I am going to introduce is PC Security Test

A Security test is performing a test on your computer. The purpose of this test is to know what hackers can do to your system. It means, after we have built a strong wall, we are now trying to break the wall like what the enemy does and see the results. How strong is the wall? What method can hackers use to break in to your system?

This tool is a very user friendly and GUI tool, anyone who can understand English should be able to use this tool without any problem. This tool is for computer literates who wish to have a basic security test on their computer.This tool is made for commercial use, not for enterprise or corporate network. This tool will perform a security test so that home users will be aware.

Let's look at a screen shot of the tool.
Now to perform a security test. Click on any test that you want to perform, I would recommend you to start with a standard test first before you perform other tests. Now as I have said earlier, this tool is very user friendly, easy to use and suitable for home users; So I am not going to make screen shot but I will briefly explain about this software.

There is 3 steps that you need to practice when you are using this software:
1)READ
2)Click
3)R-E-A-D!

This software will hack your computer like what a hacker will do to your computer. This software will not harm your computer; For example, in 'standard test', this software will copy a virus to your computer and run it. After all test have been done, the virus will be removed and the software will show you the results of the test. If this software can successfully get information, bypass your anti-virus, or control your hardware that you use; It means your computer is vulnerable for hackers to exploit your system.

After performing the tests, to increase your knowledge on computer security, you may try to answer the quiz. The quiz will ask you questions to test your knowledge on computer security and provide the explanation. READ every single word and you will definitely learn something from this software.

Choosing An Antivirus Product

2008-07-14T02:26:00.009+08:00

It is very important to have an Anti-Virus software installed in your computer. Script kiddies are creating virus that bring potential harm or damage to your computer. Now, I cant give you an exact amount of how many virus being are created in a day, but I am sure that virus are created every second not day.

Virus usually come from the internet, Instant Messenger (MSN,Yahoo,Skype,AIM...) or USB thumb drive, in one of my previous post, I have introduced McAfee Site Advisor and some screen shot of how can virus infect computers by just viewing a web page. If an image is attached with a virus or any malware, once the image is loaded in your browser, it means, your machines has been infected. You do not need to click on the image or save it into your computer.

Sometimes, viruses come from Instant Messenger, for example MSN Messenger, in this software, a feature call Sharing Folder, where you can share folders with your contact.
If User A have shared a folder with Contact B , and Contact B's Computer is infected with virus, trojan or spyware that has the ability to spread, User A will be infected.

Another situation usually that usually happen is autorun in USB Thumbdrive. Some virus will spread and duplicate itself into any mass storage devices that is plugged into the computer. The thumbdrive is plugged into another computer and infect that computer.

Virus also come from email attachment, today, almost all the anti-virus has
the intelligence to detect and scan email attachment and warm the user if there is a malware or any potential threats that will harm the computer.

Solutions? Anti-Virus

If you ask me what Anti-Virus is the best, I will tell you the is no such thing as best Anti-Virus in this world. Triangle again ><, if the anti-virus is too sensitive, you will end up saying that anti-virus s*cks, if it is too weak, you will say lame or useless . If you ask me what Anti-Virus I trust the most, i would say Symantec Norton and Kaspersky, I Trust Norton Anti-Virus because Norton has a large list of Virus Definition and the solutions; how to remove the virus manually, no other anti-virus company has a list larger than Norton. For Kaspersky, everyone knows it is famous for strong detection, the anti-virus's ability to detect a virus or a malware is very high. Both of product are recommended if you are willing to spend money for your anti-virus. Another product to consider is BitDefender, My experience of using BitDefender is it is quite sensitive in when scanning and it updates the virus definition every hour, without disturbing the user or slowing down the performance. You may consider McAfee, it is a quite famous anti-virus solution.

Free Anti-Virus List?
If you are not willing to spend money to buy an anti-virus product, there are some free anti virus available in the Internet. The one I trust the most for free anti-virus is BitDefender Free Anti-Virus.
A few more to consider:-

1)AVG Anti-Virus 8.0
2)Avira AntiVir Personal
3)avast! 4 Home Edition

No screen shot :(, all are based on experience and some important testing. If you want to compare some famous Anti-Virus Product, this website has a very detail comparison and review.

Keeping watchdog in your computer

2008-06-25T20:52:00.015+08:00

In reality, dogs guard houses, prevent thieves and protect its owner. Keeping a watch dog like rottweiler, bulldog, or doberman to guard the house is definitely a good choice.

For computers, no rottweilers...:( BUT...let me introduce a watch dog call Scotty :D

I have been training Scotty for quite some time and notices that Scotty is a very loyal, smart, intelligent, high performance but sometimes irritating :(

Scotty is born in a company call BillP Studios, the product name is called Winpatrol
http://www.winpatrol.com/

Again, installation is as easy as ABC. Install winpatrol and say hi to Scotty. There is many things that Scotty can do, it can be used to clean virus. Some virus disable the task manager of windows, and hide itself from being detected by anti virus. Even if the virus did not disable the task manager, some virus is visible and can be seen in the task manager. You can end the process in task manager, but next time your when machine boots up, the virus will be execute again....:(

Using Scotty/Winpatrol u can actually view the folder/directory of the virus file.
for example, explorer.exe(not a virus, just an example, but some virus may use the same name)

Click on 'Active Tasks' ( In case some virus disable your task manager.This can be used to stop the virus) Right Click and click 'Info'

Now you can see the location of the program, if it is a virus, you can browse and find the folder then delete the virus folder or .exe file manually

Scotty can also view the startup location of a program or explore the folder, you can also disable some programs which you do not want it to start when booting up yr machine.

You can also view the ActiveX which is use by Internet Explorer or other browsers,

or view hidden files

This is a good program if you want to remove a virus manually or view processes that is running in your machine. Winpatrol will automatically scan your computer for any possible treat. If a virus is trying to modify your system files, winpatrol will alert you and ask wait for your decision whether to allow or decline the changes.

Scotty will keep on scanning and alert you if there is any changes in your system.
So, performance or security? :) Triangle...........

Storing your private files - Encrypted!

2008-06-20T03:13:00.002+08:00

Have you ever wonder how you could store your private files safely in your computer? If there is only one user of cause with a strong password that I showed you, you can protect your private and personal files. What if there is more than one user and both of you are using the same user account?

One "traditional" method is to use third party softwares like Folder Lock. Folder Lock is a shareware software that you may have tried, it can be use to protect your personal files. When I first saw folder lock it 'looks safe', Folder Lock's user usually end up in 2 situations:-

1)Forgot their password
2)Expired! lol! After the trial period, data are still in the 'protected' folder (if the user did not purchase the software)

But believe me this software is too lame, it can be compromised, easily...:D
Many people are not aware of that, and not many people knows how to crack the password. So it is still consider safe...but since there is chances of being compromise, so forget about Folder Lock now.

OK....SOLUTIONS?

TrueCrypt - FREE!!! :D
http://www.truecrypt.org/

This software automatic encrypt your data that is stored in the hidden drive. This software works the same like folder lock, the reason I introduce this software is because it have not been compromise...yet

Now, I'm not going to demonstrate how to install it. The installation process is easy. After you successfully installed TrueCrypt; You should see this,

Click yes if you want to view the tutorial, after clicking you will be automatically redirected to their website.

Click Create Volume and the wizard will guide you, Click 'Create a File Container' and 'Next'

Now select a volume type. (I am going to select 'Standard TrueCryt Volume to demonstrate)

Click 'Select File' and select your volume location, I will name it 'My Volume'

Click 'next'

Select The Encryption Option and click next,

Now key in the Volume Size, and the password.

Select the Type of File System and Click 'Format'

Click 'OK' and 'Exit'

Now, Click 'select file' and select the volume,

Click mount and key in the password,

Now go to My Computer and you will see that mounted drive,

Now u can save your private or personal files here, i have created 2 files for testing,

To hide the drive, Click 'Dismount'

now go to my computer, you wont be able to see the Drive because it is hidden and it can only be seen after u mount it, after dismount, try to mount it again to make sure your files is not lost....

*To mount it, you have to repeat the step of selecting the volume file and mount the drive
*Before you reinstall your windows or any Operating System remember to backup your files that is in the protected drive.
*Remember the location of the volume file and your password.

This software is still consider safe, but believe me, one day it will be hacked....lol

Windows can get infected just by viewing a Web page

2008-06-16T22:27:00.013+08:00

Yes! It's true. By just browsing web pages, your computer can get infected. The old "myth" of not opening email attachment doesn't works anymore today, by just reading e-mail message can infect windows.

When you are browsing web pages using your browser, once you type in the address,

The page is loaded for you in your computer, but where is the content stored?
When you are browsing web pages, the image is stored in the temporary folder in

"C:\Documents and Settings\USERNAME\Local Settings\Temporary Internet Files"

So it means, the image is stored somewhere in that folder, the image may contain malicious software like virus, spywares, worms, Trojan and any unwanted stuff that may harm your windows. Malicious software doesn't need to be attach to image, it can come directly to your computer without attaching to any file.

When these malware (malicious software) are already in your computer, some virus can run without being detected by your antivirus, some hackers might install key logger in your computer, monitoring your keystroke.

So, SOLUTIONS?

McAfee Site Advisor
http://www.siteadvisor.com/

Log on to siteadvisor.com, download SiteAdvisor. It works for IE and Firefox.
Once you have installed, (I am using Firefox to demonstrate)

Click on it and go to settings,

Select, "Highlight search result links" and "Use SSL communication to server"

and now, try to search something in google

click on the (X) and No. of red downloads, the results...

click on any of the virus found,

and lets see what the "free stuff" will do to your computer,

So, try it out! It is one of the way to prevent u from being infected.
oh ya, always remember,
"Moving towards security means moving away from functionality and ease of use"

A Strong Password

2008-06-14T01:08:00.007+08:00

Before I go further, i want to remind my readers that it is very important to have a secure password. Password will protect user's computer from unauthorized people or maybe a connection. A strong password will definitely strengthen your computer's security.

The length of a strong password that i recommend should be at least 15 Characters long. Because the softwares that a hacker use are usually from the internet. Most of the password cracking software that is available to the "hackers" could only break 14 characters. That is why i recommend my readers to use a password that is more than 15 characters.

Instead of using alphabet only you can use a combinations of alphabet, numbers, symbols, uppercase and lowercase for example:-

defensivecomputing
DeFeNsIveCoMpUtInG
D3F3N51VeC0m9Ut1N6
D3F3^$!V3(0M9uT!^G
d3F3^$1v3(0M9Ut!^G

Instead of using password, we can use pass phrase, for example:-

thequickbrownfoxjumpsoverthelazydog
ThEqUiCkBrOwNfOxJuMpSoVeRtHeLaZyDoG
Th3Qu1(k8R0wNfo#7uM9$0^3rT#e!42yDo6

So, there is a lots of ways combining alpha, numeric, symbols, signs, uppercase, lowercase. Since pass phrase is so long you can always play around changing and replacing the alphabet with other symbols and signs. If u feel that pass phrase is too long and u cant remember that password, another example that i would give is :-

TheQuickBrownFoxJumpsOverTheLazyDog

so, TQBFJOTLD (try to make it to at least 15, this is just an example)

Now use the same way like above, replace the alphabet with symbols and signs. Use combination of uppercase and lowercase. A few more things that i need to highlight before i end this session :-

1)>15! >15! >15!
2)Don't use words that can be found in the dictionary like: apple,boy,cat,dog. use a password like TQBFJOTLD which is not an English word and it doesn't make any sense.
3)Never use the same password for every account, user name or email address.
4)Change yr password frequently, at least once a month, try to write down and put it in a safe place in case u forgot the password.
5)QWERTYUIOP or 123456 is not a safe password....remember that...
6)Don't use password that is the same with the username, like admin or root.
7)Avoid using password that is easy for hackers to guess, like your birthday,name,IC no., Lucky number,Idol's name and words that u often mention in front of people, things that u like, your hobby...

Ok, I hope you have understand about the ways to strengthen your password and what is a strong password....TQ

Introduction to Computer Security

2008-06-08T02:43:00.007+08:00

Let me start with a quote,
"No system is 100% secure"

Don't tell me that your system is 100% secure because,
"I am not connected to the internet" ><

Some hackers could easily hack your computer system in just a few seconds by just using a USB thumbdrive if he has physical contact with your computer system.

Later on, I will demonstrate it in a post how to prevent yourself from being a victim of that threat. To make my readers easier to understand, i will try to make more snapshot and provide some links to for reference. and, always remember the triangle...

I will first start with some basic softwares which you can get for free to secure your system first, these software might looks normal but it do helps, because i have experienced it, trying and testing it before i post it here.

We will go step by step, my primary aim is to help home users, for enterprise and corp. it will be totally different way and environment to protect their system.

People who is not a computer literate, i would recommend them to visit my blog for tips and people who think their computer system is secure, they should think 10 times before they say,
"My system is definitely secure"

Copy any content here, share with your friends, post it in your blog, reproduction is not prohibited here, but credits to me please... ><