My NetSec History
By 1997 when I went to work for Compucom, I was into request brokers for load balancing and connecting applications to servers. Even though the company was Windows centric, they still did all their critical work on Unix iron. After developing an infrastructure to support several of their critical apps on HP 9000s, I was asked to solve some sendmail issues. This led to helping solve some Bind issues and finally some routing issues the company was having. One day the head of network security came by and asked if I could help them with some Linux problems they were having. It turned out the former head of network security had moved on to greener pastures leaving some interesting Linux code running which the current netsec guys couldn't quite handle. So I moved into network security and fell in love with it. It was like drinking from a firehose, there was so much to learn about protocols, firewalls, Cisco switch/router ACLs, etc. but, as I said, I loved it. A short while after I moved over, there was a major RIFF and I was left the most senior person in network security, by then I was also pretty much the most senior technical person in the company. We only had 4 sensors to cover a network with thousands of desktops, hundreds of lap tops, over 50 remote sites, numerous links to client companys, and hundreds of in-house servers. I wrote the the network behavioral IDS on this site then got it going on the sensors and one ancient server we had at Compucom. I had used NTSC's Shadow so the behavioral NIDS I wrote accomplished similar goals only in real-time. The NTSC's Shadow allows you to watch traffic and see exactly what folks are doing, I learned a bunch just watching traffic this way and I still watch it today. I also became familiar with versions of Dragon, a knowledge based IDS. The company had received a problematic security review from their auditors and I was assigned to solve the network security problems evolving from the audit. The company started on a comprehensive network upgrade and as part of it we (netsec) were allowed to purchase 16 more sensors and 4 fairly powerful servers just for security. In a few months we got all these sensors and servers up and running monitoring the network. The large servers had over a terabyte of storage to keep captured network information and had their own gigabit network between them. Having enough space to store captured packet info has been a problem for most security operations so the terabyte was invaluable.
In 2003 I went to work for Globaldataguard where I mostly programmed and became even more familiar with specific firewalls and router ACLs and other security equipment. We developed a really keen and more effecient data base to store captured network information, that was interrogated using an SQL like language. I had an opportunity to work on many firewalls, router ACLs, and bridging. One interesting thing I did was to integrate Snort into a traffic logger we developed to accomplish both behavior and knowledge based packet monitoring in a single multi-thread process.
Never use any version of Windows, use Mac's OS 10 or any form of Linux, Ubuntu is really good for neophytes, you'll be amazed at how familiar it feels. I have a lap top which runs XP, I keep it around just to program my Harmony-1 and my GPS, those are the only times I turn it on. I wish suppliers would support Linux so I can junk that lap top and you would be safer, but the CEOs of those companies think they are playing it safe and cheap.
If you want your stuff safe, until we have good biometric devices, you gotta use good, strong passwords. If your one of these folks who can't remember you password(s) you have to focus on what you are trying to do (protect yourself), or maybe you just shouldn't be using a computer at all. I've seen NSA guys research a person on the internet, then crack their passwords in seconds.
Don't include a long list of recepients on each mail, hide them, use BCC (blind copy, or your email client (program you use) has the ability to hide them for you, look at your preferences. Never, ever, ever open an email you were not expecting, even if you think you know who sent it, and that goes double for opening attachments. Spammers and take over hackers love to send email with viral attachment programs that they mask as pictures (steganography) etc. When surfing, be very careful who you give your email address to, lots of companies sell email addresses to spammers (advertising companies, like: Exact Target, Constant Contact, etc., are usually spammers). Be careful of web sites that want you email address as you user ID, same reason.
Use wireless sparingly or not at all, it is very hard to secure. Hard wired networks are always better, I know its a little harder to install but the peace of mind is worth it. Encryption: if you just MUST use wireless, use WPA2 (Wi-Fi Protected Access), do NOT use WEP. WEP secured nets have been cracked in 3 minutes by the FBI. If your AP (Access Point, aka. wireless router) doesn't support WPA2 get a new one. Use your own wireless key (or pin), make it as complex as possible, don't use the manufacturer's pin, its too easy to crack. Don't use DHCP, unless you assign your computer's MAC address(es) in the AP. When your not actually using wireless, turn the AP off.
Never use Internet Explorer, use any thing else, like Firefox or Chromium (is there still a Netscape?). I know IE is the default on your windows box, that in itself should be reason enough to replace it. Use anonymous or private browsing sessions, if you browser doesn't support it, get a different browser. An anonymous browse session doesn't allow a site to look at your history or cookies unless that site put them on you computer.
As I have had to remind a whole lot of computer professionals, The Bad Guys Don't Play By The Rules
Social Media: (like facebook etc.)
It gives bad guys a look into you life and info about habits, password hints etc. Don't mention going on vacation next week, it tells thieves that your not gonna be home during that time.