Home | Community | Message Board


This site includes paid links. Please support our sponsors.


Welcome to the Shroomery Message Board! You are experiencing a small sample of what the site has to offer. Please login or register to post messages and view our exclusive members-only content. You'll gain access to additional forums, file attachments, board customizations, encrypted private messages, and much more!

Shop: Unfolding Nature Unfolding Nature: Being in the Implicate Order   MagicBag.co Certified Organic All-In-One Grow Bags by Magic Bag   Myyco.com Golden Teacher Liquid Culture For Sale   Bridgetown Botanicals CBD Concentrates   PhytoExtractum Kratom Powder for Sale   Kraken Kratom Red Vein Kratom

Jump to first unread post Pages: 1
OfflineCyber
Ash
Male User Gallery

Registered: 06/14/04
Posts: 1,476
Loc: Dearborn Michigan
Last seen: 10 months, 16 days
The BASICS of Securing your computer and E-mail.
    #2861028 - 07/06/04 09:09 AM (19 years, 8 months ago)

I know a lot about the subject of computers and computer security. As such I have decided to put togeather a little help for those of you out there that may need a small push in the right direction. I hope everyone enjoys this!


Step 1 : Passwords

Your passwords are your first line of defense. Like a lock on your front door there are there to keep honest people honest. It is easy to bypass and should not be relied on as your only security.

How to pick a good password.

  • All system-level passwords (e.g., root, enable, NT admin, application administration accounts, etc.) should be changed on at least a quarterly basis.
  • All user-level passwords (e.g., email, web, desktop computer, etc.) should be changed at least every six months. The recommended change interval is every four months.
  • User accounts that have system-level privileges granted through group memberships or programs such as "sudo" should have a unique password from all other accounts held by you.
  • Passwords must not be inserted into email messages or other forms of electronic communication.
  • All user-level and system-level passwords should conform to the guidelines described below.


How to select strong passwords.

Poor, weak passwords have the following characteristics:
  • The password contains less than eight characters
  • The password is a word found in a dictionary (English or foreign)
  • The password is a common usage word such as:
  • Names of family, pets, friends, co-workers, fantasy characters, etc. Computer terms and names, commands, sites, companies, hardware, software.
  • Birthdays and other personal information such as addresses and phone numbers.
  • Word or number patterns like aaabbb, qwerty, zyxwvuts, 123321, etc.
  • Any of the above spelled backwards.
  • Any of the above preceded or followed by a digit (e.g., secret1, 1secret)

Strong passwords have the following characteristics:
  • Contain both upper and lower case characters (e.g., a-z, A-Z)
  • Have digits and punctuation characters as well as letters e.g., 0-9, !@#$%^&*()_+|~-=\`{}[]:";'<>?,./)
  • Are at least eight alphanumeric characters long.
  • Are not a word in any language, slang, dialect, jargon, etc.
  • Are not based on personal information, names of family, etc.
  • Passwords should never be written down or stored on-line. Try to create passwords that can be easily remembered. One way to do this is create a password based on a song title, affirmation, or other phrase. For example, the phrase might be: "This May Be One Way To Remember" and the password could be: "TmB1w2R!" or "Tmb1W>r~" or some other variation.

Here is a list of "dont's":
  • Don't reveal a password over the phone to ANYONE
  • Don't reveal a password in an email message
  • Don't talk about a password in front of others
  • Don't hint at the format of a password (e.g., "my family name")
  • Don't reveal a password on questionnaires or security forms
  • Don't share a password with family members
  • Don't write passwords down!


Step 2: Firewall

If you are on broadband it is suggested that you acquire a HARDWARE based firewall and not use a system based one. Hardware based firewalls offer better protection that system based firewall. The following guidelines can apply to both a hardware and software based firewall.
  • No local user accounts are configured on the firewall.
  • The password on the firewall must be kept in a secure encrypted form.
  • Disallow the following:
  • IP directed broadcasts
  • Incoming packets at the firewall sourced with invalid addresses such as RFC1918 address
  • TCP small services
    The TCP small servers are:
  • Echo: Echoes back whatever you type by using the telnet x.x.x.x echo command.
  • Chargen: Generates a stream of ASCII data. The command to use is telnet x.x.x.x chargen.
  • Discard: Throws away whatever you type. The command to use is telnet x.x.x.x discard
  • Daytime: Returns system date and time, if correct. It is correct if you are running Network Time Protocol (NTP) or have set the date and time manually from the exec level. The command to use is telnet x.x.x.x daytime.
  • Replace x.x.x.x with the address of your router.

  • UDP small services
    The UDP small servers are:
  • Echo: Echoes the payload of the datagram you send.
  • Discard: Silently pitches the datagram you send.
  • Chargen: Pitches the datagram you send and responds with a 72 character string of ASCII characters terminated with a CR+LF.
  • All source routing

Then go through the Firewall and disable ALL Services that you do not understand! Only turn on what you NEED!

Step 3: Virus Protection
Always run an anti-virus software!
Download and run the current version; download and install anti-virus software updates as they become available.
NEVER open any files or macros attached to an email from an unknown, suspicious or untrustworthy source. Delete these attachments immediately, then "double delete" them by emptying your Trash.
Delete spam, chain, and other junk email without forwarding.
Never download files from unknown or suspicious sources.
Avoid direct disk sharing with read/write access unless there is absolutely necessary!
Always scan a floppy diskette from an unknown source for viruses before using it.
Back-up critical data and system configurations on a regular basis and store the data in a safe place.
New viruses are discovered almost every day. Periodically check for Anti-Virus updates.

Step 4: Your system
  • Services and applications that will not be used should be disabled where practical.
  • Access to services should be logged and/or protected through access-control methods such as TCP Wrappers, if possible.
  • The most recent security patches should be installed on the system as soon as practical.
  • Trust relationships between systems are a security risk, and their use should be avoided. Do not use a trust relationship when some other method of communication will do.
  • Always use standard security principles of least required access to perform a function.
  • Do not use root/Administrator when a non-privileged account will do.
  • If a methodology for secure channel connection is available (i.e., technically feasible), privileged access must be performed over secure channels, (e.g., encrypted network connections using SSH, SSL or IPSec).

Monitoring
All security-related events on your system should be logged! Security-related events include, but are not limited to:
Port-scan attacks
Evidence of unauthorized access to privileged accounts
Anomalous occurrences that are not related to specific applications on your system.

Step 5: Encryption

Any data which you do not wish some one else to read, should be encrypted.
Proven, standard algorithms such as DES, Blowfish, RSA, RC5 and IDEA should be used as the basis for encryption technologies. These algorithms represent the actual cipher used for an approved application. For example, Network Associates Pretty Good Privacy (PGP) uses a combination of IDEA and RSA or Diffie-Hillman, while Secure Socket Layer (SSL) uses RSA encryption. Symmetric cryptosystem key lengths should be at least 256 bits. Asymmetric crypto-system keys must be of a length that yields equivalent strength (2048 bit).
I suggest that you lookinto getting PGP or GPG for standard file encryption and use it to encrypt any and all sensitive data!

Windows users can also encrypt hard drive partitions using PGP disk from

http://www.pgpi.org/products/pgpdisk/

Linux users can use ether the Crypto API or encrypted container files.
Encrypted Container file information can be found at

http://cl.xganon.com/cgi-bin/index.cgi?action=viewnews&id=1

The Linux Crypto API can be downloaded from kernel.org at

http://www.kernel.org/pub/linux/kernel/people/hvr/util-linux-cryptoapi/

Step 6: Anonymous E-mail

(more information on this can be found by searching google.com or in the news group alt.privacy.anon-server)

Mixmaster E-mail

(From the Mixmaster Site)
Mixmaster is the type II remailer protocol and the most popular implementation of it.
Remailers provide protection against traffic analysis and allow sending email anonymously or pseudonymously. Mixmaster consists of both client and server installations and is designed to run on several operation systems including but not limited to *BSD, Linux and Microsoft Windows.


Nym Servers

A nym account is like a forwarding email address except that it offers
the additional feature of anonymity. Not even the nym server operator
knows who you are! You set up an account with one of the nym
servers by sending a config message. In it you provide a newly created PGP public key for your chosen nym (say, boozehound@redneck.gacracker.org), some configuration options (like +signsend, -fingerkey, +nobcc, etc...) and finally a reply block so the nym server can send any replies back to you through a chain of remailers of your own choosing.

Extras: Filter Print Post Top
OfflineLoverOfMana
Hmm

Registered: 03/31/04
Posts: 109
Last seen: 19 years, 1 month
Re: The BASICS of Securing your computer and E-mail. [Re: Cyber]
    #2861125 - 07/06/04 10:04 AM (19 years, 8 months ago)

Great write-up Cyber. I'm sure many people will find this useful.

:thumbup:


--------------------
"Prohibition goes beyond the bounds of reason in that it attempts to control a man's appetite by legislation, and makes a crime out of things that are not crimes." -Abraham Lincoln

Extras: Filter Print Post Top
OfflineCyber
Ash
Male User Gallery

Registered: 06/14/04
Posts: 1,476
Loc: Dearborn Michigan
Last seen: 10 months, 16 days
Re: The BASICS of Securing your computer and E-mail. [Re: LoverOfMana]
    #2863045 - 07/06/04 09:25 PM (19 years, 8 months ago)

Quote:

LoverOfMana said:
Great write-up Cyber. I'm sure many people will find this useful.

:thumbup:




Thanks

Extras: Filter Print Post Top
InvisibleLe_Canard
The Duk Abides

Registered: 05/16/03
Posts: 94,392
Loc: Earthfarm 1 Flag
Re: The BASICS of Securing your computer and E-mail. [Re: LoverOfMana]
    #2866064 - 07/07/04 05:39 PM (19 years, 8 months ago)

Quote:

LoverOfMana said:
Great write-up Cyber. I'm sure many people will find this useful.

:thumbup:




:thumbup: :thumbup:

This should be a sticky thread! :laugh:

Extras: Filter Print Post Top
InvisibleLe_Canard
The Duk Abides

Registered: 05/16/03
Posts: 94,392
Loc: Earthfarm 1 Flag
Re: The BASICS of Securing your computer and E-mail. [Re: Le_Canard]
    #2904852 - 07/19/04 08:21 AM (19 years, 8 months ago)

*bump*

Extras: Filter Print Post Top
OfflineBowlKiller
----
Registered: 09/22/02
Posts: 757
Last seen: 19 years, 4 months
Re: The BASICS of Securing your computer and E-mail. [Re: Cyber]
    #3132881 - 09/14/04 12:39 AM (19 years, 6 months ago)

more people need this imformation, yes imformation.

Extras: Filter Print Post Top
OfflineMojo_Risin
Man

Registered: 03/31/01
Posts: 2,838
Loc: United States of America ...
Last seen: 8 years, 2 months
Re: The BASICS of Securing your computer and E-mail. [Re: BowlKiller]
    #3147673 - 09/17/04 09:47 AM (19 years, 6 months ago)

Can you post some information about IP protection from the RIAA for Piracy Sharing users please?


--------------------
Fear    attracts  energy  that can expose one to be coerced. Learn to overcome fear and develop enlightenment.


Freedom Equality Justice (3 of 12 Jewels of Life)

Nov.11th Veterans Ron Paul Moneybomb...www.Ronpaul2012.com

Check out campaignforliberty.com

Extras: Filter Print Post Top
InvisiblePsychoReactive
.
Male User Gallery

Registered: 05/22/09
Posts: 2,563
Loc: Cocalero
Re: The BASICS of Securing your computer and E-mail. [Re: Mojo_Risin]
    #10468773 - 06/08/09 12:03 AM (14 years, 9 months ago)

Excuse for raising this thread but I think one of the better ways to leave no traces on your PC is to get a portable hard drive and store any shroom related stuff on there, then once you are finished, hide the hard drive somewhere safe. Although there are still traces of your web surfing history...

An even better way is to get a small laptop and use that for forums and shroom activities... once you are done, hide it in a safe spot.

You never know when cops will raid your PC.

Edited by PsychoReactive (06/08/09 12:09 AM)

Extras: Filter Print Post Top
OfflineCyber
Ash
Male User Gallery


Registered: 06/14/04
Posts: 1,476
Loc: Dearborn Michigan
Last seen: 10 months, 16 days
Re: The BASICS of Securing your computer and E-mail. [Re: PsychoReactive]
    #10469513 - 06/08/09 05:19 AM (14 years, 9 months ago)

5 Years ago when I made the original post, that was not exactly the most available methods. Now sure, grab a small UBS drive or pen drive and install a full os on it.

Edited by Cyber (06/08/09 05:20 AM)

Extras: Filter Print Post Top
OfflineAlan RockefellerM
Mycologist
Male User Gallery

Registered: 03/10/07
Posts: 48,358
Last seen: 7 days, 12 hours
Re: The BASICS of Securing your computer and E-mail. [Re: PsychoReactive]
    #10475425 - 06/09/09 02:16 AM (14 years, 9 months ago)

Quote:


An even better way is to get a small laptop and use that for forums and shroom activities... once you are done, hide it in a safe spot.





Hiding computers is silly.  It will look shady as fuck when they find it.

Instead leave them where they are and use strong full disk encryption.

Extras: Filter Print Post Top
OfflineSeussA
Error: divide byzero


Folding@home Statistics
Registered: 04/27/01
Posts: 23,480
Loc: Caribbean
Last seen: 1 month, 19 days
Re: The BASICS of Securing your computer and E-mail. [Re: Alan Rockefeller]
    #10475702 - 06/09/09 05:03 AM (14 years, 9 months ago)

Quote:

  • All system-level passwords (e.g., root, enable, NT admin, application administration accounts, etc.) should be changed on at least a quarterly basis.

  • All user-level passwords (e.g., email, web, desktop computer, etc.) should be changed at least every six months. The recommended change interval is every four months.




  • I disagree with both of those.  Forcing people to change passwords encourages people to write down passwords in order to remember them, to use common "easy to remember" passwords, and to use patterns, such as putting a number that increases with each password change at the end of their password.

    Quote:

    Hiding computers is silly.  It will look shady as fuck when they find it.




    I keep a small NAS drive hidden, away from my computer desk.  It is a drive that holds a backup of my computer.  My main concern is theft rather than police.  If somebody breaks into my home and steals my computer, they are unlikely to find my NAS drive, thus I will not have lost all of my data.  (I keep another drive at work, for the same reason, but only update it about once a month.)

    Also, don't substitute easy to guess characters for letters, such as @ for A, 1 for L, 3 for E, etc, in common words and expect the password to be secure.  For example, "1@ught3r" looks like a strong password, but is actually very weak.  Most dictionary based password crackers will check these common substitutions when cracking.

    Extras: Filter Print Post Top
    InvisiblePsychoReactive
    .
    Male User Gallery

    Registered: 05/22/09
    Posts: 2,563
    Loc: Cocalero
    Re: The BASICS of Securing your computer and E-mail. [Re: Alan Rockefeller]
        #10475911 - 06/09/09 07:08 AM (14 years, 9 months ago)

    Quote:

    Alan Rockefeller said:
    Quote:


    An even better way is to get a small laptop and use that for forums and shroom activities... once you are done, hide it in a safe spot.





    Hiding computers is silly.  It will look shady as fuck when they find it.

    Instead leave them where they are and use strong full disk encryption.



    Depends how small the alptop is and how hard you hide it. Anything can be hidden.

    And like others said, you can now get a small USB which can hold programs.

    BTW, can I run Firefox on those so all cookies and temp internet files get stored on the USB rather than the PC?

    Extras: Filter Print Post Top
    OfflineAlan RockefellerM
    Mycologist
    Male User Gallery

    Registered: 03/10/07
    Posts: 48,358
    Last seen: 7 days, 12 hours
    Re: The BASICS of Securing your computer and E-mail. [Re: PsychoReactive]
        #10478122 - 06/09/09 03:34 PM (14 years, 9 months ago)

    Quote:

    BTW, can I run Firefox on those so all cookies and temp internet files get stored on the USB rather than the PC?




    Yes but that would be very slow.  Encrypt everything instead (including USB disks).

    Too bad cameras can't read encrypted filesystems on CF cards.

    Extras: Filter Print Post Top
    Jump to top Pages: 1

    Shop: Unfolding Nature Unfolding Nature: Being in the Implicate Order   MagicBag.co Certified Organic All-In-One Grow Bags by Magic Bag   Myyco.com Golden Teacher Liquid Culture For Sale   Bridgetown Botanicals CBD Concentrates   PhytoExtractum Kratom Powder for Sale   Kraken Kratom Red Vein Kratom


    Similar ThreadsPosterViewsRepliesLast post
    * security test Xochitl 1,201 5 11/02/03 03:03 PM
    by Kid_Orgo
    * Any recommendations for maintaining security? TheHobbit 2,305 10 11/19/02 08:38 PM
    by BuzzDoctor
    * Personal/False Identities - Basic How To: Lana 3,399 3 08/08/01 08:13 AM
    by Beatnik
    * Free Internet Security&Privacy Tools Lana 2,466 6 01/24/02 09:42 PM
    by dioze1
    * How to Purchase Securely 101
    ( 1 2 3 4 all )
    Lana 44,873 64 05/22/13 01:31 AM
    by 1ve5w4hu
    * Password Lock for windows Xp Mojo_Risin 1,124 17 07/08/04 10:45 AM
    by Mojo_Risin
    * Is there a way to put a password on my computer? ShamanSean 2,035 12 01/01/03 08:40 AM
    by mntlfngrs
    * Basic saftey when buying drugs mail order rommstein2001 2,432 5 11/11/03 04:36 PM
    by WakeboardrB

    Extra information
    You cannot start new topics / You cannot reply to topics
    HTML is disabled / BBCode is enabled
    Moderator: Enlil, Alan Rockefeller
    2,685 topic views. 0 members, 0 guests and 1 web crawlers are browsing this forum.
    [ Show Images Only | Sort by Score | Print Topic ]
    Search this thread:

    Copyright 1997-2024 Mind Media. Some rights reserved.

    Generated in 0.02 seconds spending 0.004 seconds on 13 queries.