UPDATE: This part of the giveaway is over! Check back for the voting stage!
Important: Visit this Site-Wide Announcement for rules and directions.
After you have submitted your Quick Tip, post it here. Off-topic posts will be deleted. Good luck!
Printable View
UPDATE: This part of the giveaway is over! Check back for the voting stage!
Important: Visit this Site-Wide Announcement for rules and directions.
After you have submitted your Quick Tip, post it here. Off-topic posts will be deleted. Good luck!
Editing /etc/securetty and only allowing /dev/tty1 makes it very hard for someone to breka into your *NIX box. This tells the OS you ONLY want root to be able to log in from the first console. It's not fool proof but it adds another step to the process known as security.
No security is worse than false security.
Never make passwords so complicated that users will be tempted to write them down. Use alpha and special characters but in such a way that the password looks like a regular word and can be remembered easily.
It would be nice if people here weren't so jumpy sometimes. In one of my classes me and another teacher who was taking the same class, we used to turn tests into a competition. On the essays it was fun.
we would play a gae with each other on who could write the best essays. I remember ONE question I answered, just ONE was 20 pages long. I went into detail like a mofo. It was nothing more than a friendly competition for us, and it made it fun and we worked harder and did better as a result.
We could do the sme here and see who can come up with the best qucik tips wich would be a lot of fun, but I'm sure some people here would get all personal about it.
Anyway, I'll think up some more and post them and see if I can get Horsey and Jehn in on this for a little fun.
I'm quoting this one because mine plays off it:Quote:
Originally posted here by thehorse13
Never make passwords so complicated that users will be tempted to write them down. Use alpha and special characters but in such a way that the password looks like a regular word and can be remembered easily.
Making an actual good password easy to remember can be very hard. A way I've been using for a long time is by making sentences or phrases, into a password. For example: I love the Misfits, and I really like the songs they make. Well I could take lyrics from them like "Mommy can I go out and Kill tonight?" and add 1977 which is the year they released the first album, and even names of band members. Mommy can I go out and Kill tonight by the misfits 1977 would be a great password by taking just the first or last letter of each word and making it into a password which would be"mcIgoakt?1" Now that is a password! And you can remember it easily by listening to the song and remembering which year they released their first album.
A little competition is healthy :) Though things will be kept professional, no personal attacks sniping, etc.
Also, folks have been skipping Step 1:
Be sure to submit your Quick Tips in both places!Quote:
1. Submit a Quick Tip
Visit the AntiOnline Homepage, scroll down to the Quick Tip box on the right, and click "Add".
Quick Tips must be concise but informative by nature and are strictly related to computer and network security. Visit the archive to ensure that your tip hasn't already been covered. Off-topic tips won't be considered.
I've submitted all of mine in the sumbit a quick tip pop up first then copied it here ot the thread ;)
Ok, here's the tip - it's probably already in there, but after recovering from the Trend Micro thing over the weekend, it holds new meaning:
Always back up everything in case of catastrophe. Do this often because you never know what will fail.
Those "I know" shirts are hillarious.
I will enter..BUT.. not for the prize..
I suspect that there will be hidden exclusions.. like: open to residents of the USofA only...
I take it that "Beware of Geeks wearing GIF's" is not in..
Always back-up files in multiple (at least two) locations, you never know when you're going to accidently overwrite a file.
Visit thread for reference :)
"To know an Operating system You need to break it many times. To better Secure your System you need to know how to break into it. If you dont want to know your System your only a User"
(not exactly word for word..this dope forgot to key it in Notepad then C&P..)
Here is another:
When posting Tutorials Informational Posts: Edit the post in a text editor, check it is readable, and Spell check. Then C&P into the Post/Thread.
Oh and :
RTFM: Read The Flaming Manual: IF you have a problem: Read your software/hardware manual, Check the manufacturers/publishers Website, Use Google or any Search. Then post the question.
And the one I will nag about :
Help Us Help You: If ytou have a problem with something, What is it, Who made it, What is the Problem, What have you done to try to fix it.. Try and describe as clearly as possable.. And DON'T PANIC..
Ahh yes very important:
When looking for help.. BE PATIENT.. The People who are able to help you don't live in your TimeZone.
There that will do for now..
-Wireless Routers are very useful, but disable the wireless if you're not using it. It could prevent unnecessary risks to your network.-
OR
-Before using a wireless router, ask yourself: DO I REALLY NEED THE WIRELESS? Many people use wireless routers even though their PC is 3 feet away from their router and they're hardwired to it. If seldomly needed, disable the wireless when not using it-
WinXP ships with an "Administrator" account and the hackers know this. Change the name of this account and make 0wning your box much more difficult for the blackhats!
Further research finds this tip already submitted by angry bob...oh well, easy come, easy go.
If you're going to rename admin make sure no apps you use need that or they will break. (I didn't submit this as I'm not sure of it's "quick tipness" but if anyone thinks it is one tell me.).
If you have a choice, and don't have any legacy software to be compatible with, use Blowfish as your encryption. It's a lot harder to crack with a dictionary, and unlike KD5 doesn't have many recent problems. On SUSE Linux you can select up to 4096 encryption which is very high. I once let john the password cracker go wild on my 2.40 GHz box for 3 days with only one entry in a password file, it used 99.9% of the processor power for 4 days and didn't find a thing.
Second tip I just added with this one:
Always remember that a password, is nothing more than security by obscurity. It's only secure if others don't know it, so DON'T ever write it down. Just recently I went to a gas company who deal in client financial data, and the passwords for the routers were on a sticker on the back of the routers. Don't ever do this, I found it, would you trust ME with your account information?
^ True story. It was last Wednesday.
If you use Free BSD and see a UID 0 (root privs) account named toor, don't worry, you're not rooted, toor is an ``alternative'' superuser account (toor is root spelt backwards). Previously it was created when the bash(1) shell was installed but now it is created by default. It is intended to be used with a non-standard shell so you do not have to change root's default shell. This is important as shells which are not part of the base distribution (for example a shell installed from ports or packages) are likely to be installed in /usr/local/bin which, by default, resides on a different filesystem.
OK...I submitted this a couple of years ago and evidently it didn't pass muster but hey...it's still good advice in my book....
When filling out web-forms ALWAYS select "under 13" as your age....the drop-down doesn't specify the units as years so how do you know they don't mean decades (that makes me 4)? The point is, if you select under 13, by law that website cannot collect any information about you other than your IP, web browser, etc....nothing personal allowed.
I am entering for T shirt (I never won any thing in my whole life) so here goes
"Before making any E-transaction make sure that you see a lock sign in the bottem left corner of the browser.Also make sure that the site has a valid certificate"
My latest:
A Virus/Worm or Malware are not the only things to cause your computer or applications to Slow or freeze. Consider also your hardware: mismatched memory or a faulty HDD, or overheating CPU or PSU are a few of the likely's. Even as likely a recent install or Update could also be responsable..
And:
Good tools are very hard to come by: Take very Good care of them, treat them with respect, and keep them well maintained.. OH and be sure to pay at the counter.. (I refer to software tools, use for testing only, keep them updated, and dont be a pirate)
Here is my tip:
Security is practice not an art. Knowing about vulnerability but yet not responding to it by patching the system or updating your Firewall or AV, would only make your system in a black and dusky future, just as a completely black painting. Learn and then Apply.
Computers can be abused in many ways. Learn how to and then secure your computer not only for your personal data on it, but also to make sure that your computer can not be abused against any other system. Having a computer connected to any sort of network brings along responsibility.
Ok, another one:
Shouting "Wench, fetch me another beer!" at your wife on any day except your birthday can be hazardous to your health.
:D
Security policies do no good if they are not implemented and enforced.
Never, ever, underestimate the importance of physical security.
Don't just tell users what to do, explain why you need them to do it.
the USER is the biggest risk to security, Educate them and you have increased your security 100 times over.
You can get the best best best firewall in the whole wide world, you can make permissions strict as crap, but some user on your network has their password on a sticky note on the monitor. There is no patch for user stupidity, learn about social engineering.
Alright I have another one I tell everyone.
Deleted isn't.
Yeah! another one:
"Keeping the unnecessary protocoles enabled and the unused ports open, increases the probability of a full system exposure"
1: In the office (or any network computing environment) its good practice to lock your terminal if you step away for any reason. It may seem like a slight inconvenience but it makes a big difference in the overall security of the local network.
2: An easy way to get users to use mixed characters in their passwords to make them more secure is to show them simple "leet speak"**.Users can create passwords that are easy to remember for them but created in such a way that the password itself is a bit more secure. For example "password" could be "P@55w0rD"
**I know all of you are probably rolling your eyes and groaning as you read that but I suggest you try it out, you'd be surprised.
Most password crackers actually find that. They try common passwords spelled with other spellings such as that.Quote:
Originally posted here by CuseMMA
2: An easy way to get users to use mixed characters in their passwords to make them more secure is to show them simple "leet speak"**.Users can create passwords that are easy to remember for them but created in such a way that the password itself is a bit more secure. For example "password" could be "P@55w0rD"
**I know all of you are probably rolling your eyes and groaning as you read that but I suggest you try it out, you'd be surprised.
One more to add (thanx to gore)
"Artificial intelligence is no match for natural stupidity " :p
here's mine too.
"Encrypting the encrypted doesnot make a sense."
Ah, then I stand corrected. Thank you for enlightening me on that issue.Quote:
Originally posted here by gore
Most password crackers actually find that. They try common passwords spelled with other spellings such as that.
Here's another one (no fun):
Security is all about the People, Process and Technology. First, we need to educate people about the importance of security. Then, we develop our processes and policies. Finally, we use technology to enforce them.
.
You can't just go and buy some tools, and expect everything would be secure. Security is a continuous improvement to the PPT.
Peace always,
<jdenny>
How to create a massive word dictionary for use in password cracking? Go to Access Data's website at www.accessdata.com download all the text dictionaries/libraries. You next need to merge them as one. There are several tools to do this type of task; however if you are an EnCase user, preview your own drive, select all your new libraries, and export them out as a merged .txt file. You'll end up with something like a 200MB massive dictionary. This can be used with many tools to defeat passwords with a dictionary attack.
And lets not forget about keeping the AV updated :p
YEh: after 3 on the trot requests for personal assistance.. I'm on ****ing holidays.. and when I'm not I dont have the time for bloody personalised assistance.. two versions Im sure the wording can be cleaned on the version 1..
Ver 1: If you have a problem Start a thread in the Appropriate Forum.. Don't request Personal support sessions from other members, except by invitation. Two reasons, one.. it is not helpful to the rest of the board and Two, Other members like to help But May not have the personal time to assist every request
ver2: You want help start Your own thread .. DONT PM memebers for personalsed Tech support