TechWhirl (TECHWR-L) is a resource for technical writing and technical communications professionals of all experience levels and in all industries to share their experiences and acquire information.
For two decades, technical communicators have turned to TechWhirl to ask and answer questions about the always-changing world of technical communications, such as tools, skills, career paths, methodologies, and emerging industries. The TechWhirl Archives and magazine, created for, by and about technical writers, offer a wealth of knowledge to everyone with an interest in any aspect of technical communications.
> This weekend I was downloading MP3 of Kaazaa, and I came back to find
> that someone was downloading my tech writing samples. Since I believe
> KaaZaa only scans the files you elect to share, I assume someone was
> hacking...I can't think of why someone with "Evil" in their screen name
> would want a document called "Administration of ****** Portal.pdf"
>
> Thoughts or comments?
Kazza is pure evil. As are all the sharing programs. If you open ports and
share files on your PC, you're asking for it.
That said, if you really want to do this, then secure your box.
1. Harden: Turn off every service you don't need. There are about 5-10 services
in WinXP you can shut off without any detrimental effect on web browsing, email
reading, and the constant enjoyment of porn. You might want to look for any
number of the "Hardening" papers out there on Windows. I wrote one as well: http://www.anitian.com/corp/papers/Hardening_Win2k.pdf
Hardening is also a big issue in Linux. Default Linux packages have a lot of
stuff turned on as well.
2. Anti-Virus: Make sure you have a decent AV package. Symantec, McAfee are the
most popular. Good luck finding a Linux AV package, maybe Bruce can recommend
one.
3. Personal firewalls: Some people have recommended personal firewalls. I have
mixed attitude toward them. On one hand, they are better than nothing. So, yes
if you don't have one, get one. On the other hand, they tend to give people a
false sense of security. All of the personal firewalls have weaknesses. And
some of the new worms coming out can cut right through ZoneAlarm and Tiny and
the like. (Linux: IPchains)
4. IDS: I am a big proponent of intrusion detection systems (IDS), but these
take a lot more technical expertise to handle. The BlackICE products that I
worked on for a long time are an IDS. There is always Snort (open source) as
well as OneSecure (NetScreen), Entercept, Okena Storm Watch, etc. Its important
to understand that an IDS is NOT a firewall. ZoneAlarm, Tiny, Sygate, etc. are
all just firewalls. They have no IDS capabilities.
5. Patching: Keep that system up-to-date. Its easy for Windows users. Just
click the Windows Update thing.
6. Confidentiality: Keep confidential information, confidential. I admonished
the group about this last week because some TECHWR-Lers were posting details of
the technologies and platforms used. Armed with that information, even a novice
hacker could have hacked some of those TECHWR-Ler's employers and then left
evidence that would have indicted the TECHWR-Ler.
7. High-speed configuration: If you have DSL or a cable modem at home, consider
getting one of those Linksys routers. Set the router up to use network address
translation. Then use the DMZ option to route all unrequested, inbound traffic
to a non-existent IP address in your network. This is a simple and effective
way to send would be port scanners, script kiddies, and other scum into a black
hole of timeouts.
8. Common frickin' sense. Use the big mushy gray thing between your ears and
think before you click:
- Don't just click on links. Inspect them first. Look for redirects within the
link or hex encoding.
- Don't open attachments unless its been virus scanned first.
- Don't give out information to people. I can't tell you how many people when I
talk to them for the first time will just volunteer everything I need to know
about their systems.
9. Encrypt and sign important communications. Get a copy of PGP and learn how
to sign and encrypt communications.
__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Help Authoring Seminar 2003, coming soon to a city near you! Attend this
educational and affordable one-day seminar covering existing and emerging
trends in Help authoring technology. See http://www.ehelp.com/techwr-l2.
A new book on Single Sourcing has been released by William Andrew
Publishing: _Single Sourcing: Building Modular Documentation_
is now available at: http://www.williamandrew.com/titles/1491.html.
---
You are currently subscribed to techwr-l as:
archive -at- raycomm -dot- com
To unsubscribe send a blank email to leave-techwr-l-obscured -at- lists -dot- raycomm -dot- com
Send administrative questions to ejray -at- raycomm -dot- com -dot- Visit http://www.raycomm.com/techwhirl/ for more resources and info.
