Contents

1. 1 Security Begins with You
2. 2 Internet Connection
3. 3 Hardware
   1. 3.1 Old Hardware
   2. 3.2 New Hardware
4. 4 Software
   1. 4.1 Windows 7
   2. 4.2 Mac OS X
   3. 4.3 Linux
   4. 4.4 Windows XP SP3
5. 5 Who is Shane Harsch?

What does security mean to you? To most people it means control and restrictions 

and filtering and layers of protection and special software and, and, and....

Security should mean productivity or prosperity... the ability for you to focus on what you want to do without having to worry about the myriad threats that exist. While security can be a complex and challenging affair, there are some very direct and simple steps you can take to increase your overall security and reliability.

Fundamentally, don't be the "low-hanging fruit". There are many easy targets on the internet. If you can avoid being one of them you will succeed in avoiding the majority of threats.

There are many software solutions in the market that are quite effective, but I believe operating systems should provide a secure platform for everyday computing at no additional cost. The OpenSource community firmly supports this idea as well, but often finding solutions under Windows is a greater challenge. Additionally, Apple provides significant value by 

including a robust feature-set as part of its base operating system.

General Advice - Understand what you want your computer to do for you. Hopefully you will find the information below useful. Macs are my system of choice, primarily due to the bundled software (iPhoto, iMovie, and iDVD primarily - again, know what you want your computer to do), but I work with 

different operating systems daily, and as an avid gamer I maintain a secure Windows environment as well. I also appreciate the ease with which I can have multiple Macs work together and not needing a lot of time to make it all happen.

Security Begins with You

• Review my presentation. I have developed a presentation to facilitate discussion during Cyber Security Awareness month as promoted by the National Cyber Security Alliance at StaySafeOnline.org.
  

• Be a responsible computer user. The computer is a tool. The internet is a workshop. Learn to use your tools properly and understand the difference between safe and unsafe usage. iKeepSafe.org has a number of resources for teaching and facilitating responsible use for young users. They describe the three primary risks and the three primary courses of action to mitigate those risks:

• Inappropriate Contact – The Internet is a place to enhance existing relationships, not a place to meet new people.
• Inappropriate Content- The Internet is forever: everything you post online is tracked and stored and will follow you to future job interviews and college entrance interviews.
• Inappropriate Conduct – The Internet is a public forum: anonymity is a myth. Be a good person online as you should when off line.

• Keep Current with technology. You don't have to be an expert, but a little understanding goes a long way towards keeping you safe online.
• Keep Communicating with your children about everything they experience on the Internet. Know their lingo, and ask when you don't understand something.
• Keep Checking your children's Internet activity. Know where they go online. Let them know that you'll keep checking because you want them to understand that the Internet is a public forum and never truly private.
  

• Be aware. StaySafeOnline.org is a good place to start. Here are the essentials from that site:
  
  1. Protect your personal information. It's valuable.
  2. Know who you're dealing with online.
  3. Use anti-virus software, a firewall, and anti-spyware software to help keep your computer safe and secure.
  4. Be sure to set up your operating system and Web browser software properly, and update them regularly.
  5. Use strong passwords or strong authentication technology to help protect your personal information.
  6. Back up important files.
  7. Learn what to do if something goes wrong.
  8. Protect your children online.

Internet Connection

• Get a hardware firewall. Whether you buy a Linksys wireless gateway, or build your own from Astaro, a hardware firewall is essential to building your secure foundation.
• Use OpenDNS. You can configure the firewall you just bought to use OpenDNS and secure your entire home network. Why OpenDNS? Other than a safer, faster internet experience you can also provide content filtering and usage restrictions. Check out the features, but if you are trying to control internet usage, this is probably the easiest and most effective tool you can use without hobbling your computers or paying too much money.
• Wireless Security? If you live in the woods you can probably get away without securing your network, provided you understand the risks associated with such a choice. I recommend using WPA2 security, which you should be able to simply "turn on" in your wireless router/firewall interface, and coming up with a pithy passphrase that is easy to remember and share (e.g. "ilike2sharemywifiwithevery1"). You can certainly get a lot crazier with your passphrase selection, this goes a long way to providing a secure environment that is easy to use.
• Use GMail. Not only will you end up with an outstanding free email service that is not bound to any single machine, your email will be securely located off your home network, and SPAM and viruses will be less likely to plague you. Why go through the hassle of installing an email client, configuring it, installing AV that is email aware, and filter email and SPAM on your local machine, fighting to get the client to learn to filter SPAM properly. Because of the volume of mail Google moves through its system its ability to recognize a virus or SPAM signature and filter on it is significant.

Hardware

Old Hardware

When re-using old hardware it is important to remember that stability and reliability can become significant issues. The most critical element of old hardware is the hard drive, because even if the rest of the hardware fails your data is still salvageable. Therefore, for everything you can do to ensure the old hardware is in working condition, it is worth the time and money to validate the stability and reliability of the one component in the system that can be irreplaceable.

• SpinRite (disk repair / maintenance - costs $89 - will repair damaged hard drives and validate their condition)
• This is one of the few pieces of software I have yet to find a comparable opensource substitute.
  

New Hardware

Building a new machine? Buying a new machine? There are a lot of choices to be made. Building a machine takes patience and skill, but if you are up for the satisfaction of actually choosing every element of your PC it can be very rewarding.

• Build your own.
• This can be a bit daunting. There are a lot of options and making the right choices is not something to go alone on.
• An option here is to go half-way. Many vendors (iBuyPower, NewEgg, MWave) will sell you either barebones machines or assemble them for you. These are cases with power supply, motherboard, CPU, and RAM all installed, tested, and ready to go. This is my preferred solution, provided I can get the motherboard I want. It is worth the time savings and the validation that all the hardware is working and installed.
  
• If purchasing, Apple would be my first choice, building my own my second. If neither of these are an option for you, Dell and HP are generally good choices, although be aware of what you are purchasing.
• Make yourself a list of what you expect to get out of the new computer and make sure that every feature is found on your target system.
• If hunting for bargains, consider NewEgg and some of the off-the-shelf consumer systems there. NewEgg has a rating system that can really help you determine if a particular machine is the value it seems to be. Be wary of a good bargain and know your vendor. Newegg often has great deals, sub-$300 computers even, and their rating system can help you identify if such a bargain is indeed worthwhile.

Software

Windows 7

The solution outlined below will provide a secure, stable platform with essential productivity and usability, while ensuring continuity with minimal cost.

• Security
  • Web Usage: K9 Web Protection - content filtering protection that is service-based, real-time, and efficient.
  • Security Suite: Microsoft Security Essentials
  • Windows Update (whether auto or manual, apply patches regularly)
  • TrueCrypt (strong whole disk or partition encryption)
• Stability
• jkdefrag (robust defrag utility that can handle the large files many games introduce to the disk)
• ccCleaner (clean out your registry)
• Continuity
• Crashplan - this solution is outstanding. You can use it locally, on your home network, at no cost, or use their services offsite at a nominal cost. Windows, Mac, and Linux support.
• Usability
• Firefox
• 7zip
• Adobe Reader
• PDFCreator
• OpenOffice

Mac OS X

• Security
• K9 Web Protection - content filtering protection that is service-based, real-time, and efficient.
• Antivirus: Sophos or ClamAV
• Automatic updates and Firewall are all built-in.
• TrueCrypt (strong whole disk or partition encryption)
• Stability
• MacOS filesystems generally don't require defrag, nor does it have a registry (or its equivalent). This isn't to say that Mac OS is bullet-proof, but they system is as stable as you need it to be.
• Continuity
• Crashplan - this solution is outstanding. You can use it locally, on your home network, at no cost, or use their services offsite at a nominal cost. Windows, Mac, and Linux support.
• TimeMachine (outstanding local backups)
• Usability
• PDF Reader/creator, zip/archive built-in
• Firefox
• OpenOffice

Linux

My favorite distribution for end-users is Ubuntu. I think it is the easiest to install and maintain, plus comes loaded with the software I use most. Linux is also an ideal solution for older hardware - Ubuntu can turn an 800MHz Pentium III into a very stable, useful, up-to-date system for everything but the latest games.

• Security
  • Automatic updates, Firewall, AV are all built-in.
  • TrueCrypt (strong whole disk or partition encryption)
• Stability
  • Linux filesystems generally don't require defrag, nor does it have a registry (or it's equivalent). This isn't to say that linux is bullet-proof, but they system is as stable as you need it to be.
• Continuity
• Crashplan - this solution is outstanding. You can use it locally, on your home network, at no cost, or use their services offsite at a nominal cost. Windows, Mac, and Linux support.
• Usability
• PDF Reader/creator, zip/archive built-in
• Firefox (included)
• OpenOffice (included)

Who is Shane Harsch?