Computer Security 101: Lesson 10

[tonybradley]

Since one of our compatriots already shared Lesson 1 of my Computer Security 101 series I thought I would officially add the lessons to the Tutorials forum here on AO. However, due to copyright and legal restrictions I can't simply post the whole thing. I am going to post a big chunk of each lesson and then link back to my original article for those who wish to read the entire lesson at About.com.

This is the 10th and final lesson of the Computer Security 101 series. There may be a more advanced 202 series or I may just focus on more specific tutorial targets such as intrusion detection or encryption. The lesson 10 quiz should be posted soon followed by a larger quiz for the whole series- the Computer Security 101 Final Exam. Enjoy!

Welcome to Lesson 10- the final lesson in the Computer Security 101 series. If you have followed the series through the previous nine lessons you should now know a little more about many aspects of computer networking, the pitfalls of being on a network and on the Internet and some steps you can take to protect yourself.

The purpose of the Computer Security 101 series is to provide you with an understanding of the core technology, terminology and acronyms that are used to network computers and connect to the Internet. Over the course of the first nine lessons we covered DNS, IP addresses, TCPIP, ports, protocols, viruses, malicious code, antivirus software, firewalls and many other things.

Lesson 8 and Lesson 9 both focused on proactive steps you can take to protect yourself and make your Web surfing experience safe and enjoyable. We covered preventive measures such as keeping your operating system and applications patched against known vulnerabilities, not running unknown programs, and installing and running up to date antivirus and personal firewall software to name just a few.

In our final lesson we will cover a few more precautionary measures you can take. For starters, you should not log in with root or administrative privileges unless it is necessary. Many viruses and hacking attempts exploit vulnerabilities that allow the attacker to run code with the same privileges as the currently logged in user. Being logged in with root or administrative privileges could give away the keys to the vault.

Many users typically prefer to be logged in with administrative privileges so they can install programs and make system configuration changes that regular users may not be allowed to do. However, *Nix (Linux and Unix) systems allow users to execute commands as SU (superuser) and Windows 2000 and XP allow users to execute programs using “Run As”.

Both of these features allow users to perform administrative functions while logged in as regular users. For some added authority without being logged in as an administrator, Windows systems also allow users to be assigned as PowerUsers which grants them more permissions than a normal user without giving them complete administrative access.

On a similar note, after you have taken care of not being logged in as administrator you should ensure that only administrators have access to certain features, files and folders. Folders which contain files that are system critical, such as the Windows and Windows System32 folders should be restricted to read-only for users other than administrators. It doesn’t do much good to log in as a regular user if a regular user can access and modify all of the same files the administrator can.

To read the whole article click here: Computer Security 101: Lesson 10

[\/IP3R]

You are doing a very good job here tonybradley. It feels like site is not really dead but some really care about AO. Keep up the good work.

[grobyccil]

nice work! keep going! Maybe u can merge the html files into pdf? 'cause my link is sloooow!!
thanks!!