mukky
computer virus threats! how do you handle system security?
Answer
I've been taught to use layers of security, or "defense in depth".
Most of these practices & policies will be done over and over again - not a one-time fix, but a process.
At the lowest level, (your machine) - evaluate and address physical security. Do you need to keep this in a locked room so nobody tampers with it? Evaluate & update BIOS and Firmware if appropriate. Remove or block USB, CD/DVD and other drives if necessary.
Next level, the operating system: no matter what you use (Linux, Win, mac, others) make sure you limit administrator or root access and make strong passwords for all users.
(For Windows this means 15+ characters), Patch the OS on a regular schedule, and make sure to disable or remove any services or programs that aren't needed.
If this is a critical system, then some system-file checking system should be used. Make sure that system files haven't changed unless you change them. Update your information regularly, and keep the tables or checksums that you collect from that machine in a safe place (your only copy should not be on the same machine).
Turn on logging, and if practical - store the logs on another machine where they can't be easily tampered with.
Next level, applications: only install what you need, and clean up anything you remove. Manually verify that patches are done on a systematic schedule. Check for security 'best practices' - stuff like "chroot"-ing an Apache install, and input-verification on SQL-like databases. Again, if practical, log events and check file checksums.
Limit user access to application on a need-to-have basis.
Next level, loss prevention: Here's where your firewall, anti virus, anti-malware and user policies come in. Keep all users (even your admins) to the least privileges to get a job done. Have a system to add new users and remove old ones. Keep AV & other security apps patched, and make sure it is working.
If your users will comply, then training is a good thing. Explain why they can't use myspace / utorrent / aim on critical work machines, and hold them accountable if they do violate policy.
(* as Scheiner says, I think it was something like this.. users will try to step across policy bounds, and if your policy isn't enforced, word gets out fast. A poorly enforced policy is useless. Don't waste time making them.)
Review your firewall policy on some schedule, so you can tell if changes were made without authorization.
Review policies on a set schedule - everything from changing keys to the server room, changing passwords, who has night/ weekend access, whether devices like CDs and USB can be booted from or 'autoplay'-able.
Use a UPS (power supply) and keep the machines off the ground where water, bugs, or clumsy employees can damage them.
Write this stuff down as a policy, and be prepared to justify it to outsiders if you keep anybody else's data.
Next level: recovery planning
Frequent backups, of course.
Check those backups .. verify that you actually have a working backup, and check them for viruses. If practical, keep backups off-site. If you can technically perform and/or afford clustering, virtualization, or other fail-over solutions, then split your work up over 2 or more machines. If one fails, be ready to move to the backup. Lots of ways to do this in hardware or software.. one hardware package I recently read about was Novell's (just bought) "PlateSpin".
Put in some system so you (or appropriate people) get some kind of auto-message from your UPS if power fails, or get called if your network goes down. Your recovery plan needs a start point - usually something other than " Monday AM, the CEO calls and complains". Try to avoid that one :)
Depending on how critical your systems are, you may want to have 24/365 monitoring including video camera or recorded logs of swipe/key access to the server rooms.
Network security is a whole 'nuther animal.
Again, layers of security..
block ports you don't need, firewall users/ IPs you don't need, use a VPN if you can, change default passwords on routers & switches, restrict physical and virtual access.. etc.
Compatability of Mac?
LewieG
I have been using a PC for my entire life and I am now considering making the switch to a MacBook Pro.
What is the compatability of files between the 2 systems and can I get the same applications on Mac that I would get on PC.
Really what I should be asking is 'Why should I buy a mac over a PC?'
Answer
There are really no reasons to buy a Mac over a PC, Here are reasons why not. And Mac OS X runs it's own software, not windows compat by default.
PC=Variety of specs, options, quality, prices, vendors, support
Mac=One vendor, limited options, still more expensive. Look below for more information..
Today, Macs use a subset of PC hardware. Why spend extra to get the same CPU chips, graphics cards and OS X isn't as secure as you think..
Don't believe the lies that Macs are better than PCs at graphics/animation.. Dreamworks Animation http://www.dreamworksanimation.com/ under studio click on Technology of Animation, an independent film maker I know uses PCs, a graphic artist I used to know uses PCs also.
A number of PCs can also run OS X (Mac OS) http://www.google.com/search?hl=en&q=os+x+on+pc&btnG=Google+Search&aq=0&oq=os+x+on+ as well just that Apple makes it illegal in order to get Market share.. The reason why Mac can run native Windows is because it is using a subset of PC hardware,
If you decide to buy a Mac for running Windows, you will still have to get the same virus/spyware protection, and run into the same issues as a regular PC.
Now is a Mac worth buying for OS X?
I say: NO... for the following reasons...
ADVANTAGES WINDOWS :
Aprox 90% of the market is Windows and most PCs have windows already pre-installed.
1) Some websites require Internet Explorer, to run IE on Mac you really get ies4osx which is the Windows version of IE running really buggy and illegal if you don't have a legitimate copy of Windows.
2) Supports more devices (printers and other things you hook into the computer).
3) More business software/games
4) Want the dock on OS X (Mac)? google/yahoo rocketdock, objectdoc.
5) Used by businesses.
ADVANTAGES LINUX :
1) FREE (most versions are)
2) Install software by either 1) Synaptic Package Manager, 2) Add/Remove 3) Opening a .deb or .rpm file (depending on distribution)
2) Like the Mac OS X effects? go yahoo/google COMPIZ FUSION which can do any cool effect a Mac can do and many ore....
http://www.youtube.com/watch?v=E4Fbk52Mk1w
http://www.youtube.com/watch?v=N3gkX9HDfEE (there is no flickering when you use it like on the video, not sure why the person has the flicker)
3) Mac OS X Doc? google/yahoo Avant Window Navigator.Cairo Dock, http://www.dailymotion.com/video/x3rf5q_cairo-dock-mac-os-x-leopard-dock-on_tech
http://www.youtube.com/watch?v=p0hzi22g2DE
4) It is FASTER/MORE SECURE to surf on the internet
5) Some Windows programs work with Wnehq/Crossover (also avail on Mac, but why pay $$$)
Instructions how to download, burn and boot http://www.howtogeek.com/howto/windows-vista/use-ubuntu-live-cd-to-backup-files-from-your-dead-windows-computer/
Dual Boot Instructions http://apcmag.com/how_to_dual_boot_windows_xp_and_linux_xp_installed_first.htm
SECURITY
Mac OS X was hacked in 2006 less than 30 minutes, and within 2 minutes in a contest in 2008, and within 10 seconds in 2009. In 2008, Linux and Vista were not hacked until another day when restrictions were lowered. Vista was next, and then Linux. In 2009 Windows 7 fell shortly after the Mac but Linux was unscathed.
Macs are standardized with Cameras, if your Mac gets hacked, the hacker can turn on your camera with more ease.
Please Note: All OS's have vulnerabilities.
http://www.zdnet.com.au/news/security/soa/Mac-OS-X-hacked-under-30-minutes/0,130061744,139241748,00.htm
http://www.infoworld.com/article/08/03/27/Gone-in-2-minutes-Mac-gets-hacked-first-in-contest_1.html
http://www.infoworld.com/article/09/03/19/Researcher_cracks_Mac_in_10_seconds_1.html
http://news.softpedia.com/news/Microsoft-Finds-Irony-in-Mac-OS-X-Getting-Hacked-Before-Vista-SP1-82135.shtml
VIRUSES
Mac OS X has viruses (and significantly on the rise), a friend of mine has a virused Mac. As more users use Macs, more viruses will come out for it. Especially when users think "they are safe".
http://infosecurity.us/?p=4005
http://blogs.chron.com/techblog/archives/2008/07/malware_authors_take_aim_at_growing_number_of_1.html
http://www.macsimumnews.com/index.php/archive/poll_have_you_noticed_an_increase_in_malware_viruses_etc_on_your_mac/
QUALITY/PROBLEMS
Contrary to belief, Macs are not better quality. Apple also has been changing suppliers to try to "lower the price" and thus lowering quality. Even with the lower prices, Macs still cost more, they spend a higher percent of budget trying to make it look pretty, and marketing.
Sample of problems: Overheating Macbooks, OS X- not responding to keyboard, some units with 16bit screens, etc. Apple statistics are misleading since Mac users with problem machines are more likely to go out and buy a new computer than PC users. Apple is lowering prices which means you can expect lower quality than in the past. Apple had switched the manufacturers producing parts. OS X also has problems slowing down.
http://news.cnet.com/8301-13506_3-10020263-17.html
http://www.tuaw.com/2008/08/01/apples-quality-dwindling-my-macbook-pro-sob-story/
http://www.appledefects.com/
http://www.mac-forums.com/forums/os-x-operating-system/107748-mac-os-leopard-running-slow.html
http://cybernetnews.com/wp-content/uploads/2008/05/reliable-laptops.jpg
Repairs are more expensive than PCs since the IMac, Mac Mini are compact units, and Apple charges a premium for their services. Some repairs can be done by another repair service but the compact design of the computer causes problems.
With an IMac, if the problem is with the monitor, the whole computer would have to be brought in.
IMac and Mac mini lack expansion.
PRICE
A similar equipped PC is much cheaper to purchase than Mac. Lets use Dell (but you can compare with another PC Brand if you like)
**(LAPTOP)
Dell Inspiron Laptop Starting Price: $500
Ending Price: $500
15" Screen
CPU: 2.0GHz Intel Core 2 Duo [5% slower]
Graphics: Intel Graphics Media Accelerator X4500HD [Not as good/fine for general use[
Memory: 3GB DDR2 SDRAM [75% of ram)
Hard Drive: 320GB Serial ATA Drive @ 5400 rpm (same)
http://configure.us.dell.com/dellstore/config.aspx?oc=dndozm4&c=us&l=en&s=dhs&cs=19&kc=laptop-inspiron-1545
Cybperpower Notebook Xplorer X5-2900 Starting Price: $755
Ending Price After upgrades (not including 5% rebate): $860
15" Screen
CPU: (upgrade to) 2.4GHz Intel Core 2 Duo (+$100) [FASTER]
Graphics: Nvidia GFORCE 9600-GT 512MB [MUCH FASTER/BETTER CARD]
Memory: 4GB DDR2 SDRAM [MORE MEMORY]
Hard Drive: (upgrade to) 320GB Serial ATA Drive @ 5400 rpm (+$5) [LARGER HARD DRIVE]
http://www.cyberpowerpc.com/system/Xplorer_X5-2900_Notebook/detail
Macbook Starting laptop Price: $1000
Ending Price After Upgrades: $1200
13" Screen (SMALLER)
CPU: 2.1GHz Intel Core 2 Duo (SLOWER)
Graphics: Nvidia GFORCE 9400 256MB
Memory: (upgrade to) 4GB DDR2 SDRAM (SAME)
Hard Drive (upgrade to) 320B Serial ATA Drive @ 5400 rpm (SAME)
http://store.apple.com/us/configure/MC240LL/A?mco=NjcxMTQ3Ng
**(DESKTOP)
PLEASE NOTE: I compare Apple Mac's vs Dells best deal. If you really want an all-in one the Dell all-in-one has more ram, wireless keyboard and mouse and equivalent to $400 for free making the Imac still more expensive when you matching specs. Personally I don't think the All-in-Ones are a good choice, and consider them overpriced, lack expandability and repairs both more expensive and require the entire computer.
PS: Apple knows that they need to make Macintosh look different than PC so all Macs except the Mac Pro will not have a tower option. Apple's low end lacks expandability but it makes the Mac "look different", if Mac had a tower for low-end, more people would realize the similarities between the two.
Dell: ($700)
CPU: 2.33 GHZ Dell Inspiron QUAD (4 Processor) CORE
SCREEN: 20inch Screen
MEMORY: 4GB Ram
HARD DRIVE: 500 GB hard Drive
OPTICAL DRIVE: 16x DVD/CD Read/Writer
GRAPHICS: ATI Radeon HD 512MB
http://configure.us.dell.com/dellstore/config.aspx?oc=dddwra4&c=us&l=en&s=dhs&cs=19&kc=desktop-inspiron-537s
The Mac Mini since it has no monitor, keyboard, mouse, very skimpy on options and setup and is not the best deal... The IMac is better price than the Mac Mini.
IMac ($1300)
CPU: 2.4 GHZ DUAL (2 Processor) CORE (SLOWER CPU)
SCREEN: 20inch Screen
MEMORY: (upgrade to) 4GB Ram (SAME)
HARD DRIVE: (upgrade to ) 320 GB hard Drive (LESS HARD DRIVE)
OPTICAL DRIVE: 8x DVD Reader/Writer (1/2 speed)
GRAPHICS: Nvidia Geforce 9400M (APPROX SAME BUT LESS MEMORY GAPHICS)
http://store.apple.com/us/configure/MB417LL/A?mco=NDE4Mzg3Ng
Equivalents to ILife
http://www.jakeludington.com/ask_jake/20070830_ilife_for_windows.html
http://www.xsellize.com/showthread.php?t=20518
FREE Windows Stuff
http://www.comodo.com/products/free_products.html
http://www.iobit.com/
http://www.ccleaner.com/
ANTI-VIRUS
Avira Antivir (FREE) for 2009 personal edition is free (there is a paid version) the free version was rated the best by onsumer reports 2009 and here http://www.freewaregenius.com/2009/04/07/the-best-free-antivirus-a-comparison/
http://www.free-av.com/
Avast (Free- Click under Free Software and download Avast Home Edition) http://www.avast.com/
ANTI-MALWARE
Windows Defender (FREE)
http://www.microsoft.com/windows/products/winfamily/defender/default.mspx
Malware Bytes (FREE) Limitation - No Realtime protection on free version.
http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol
Super Anti-Spyware (FREE)
http://download.cnet.com/SuperAntiSpyware-Free-Edition/3000-8022_4-10523889.html?tag=mncol
LINUX INFO:
http://distrowatch.com/
http://polishlinux.org/
http://www.desktoplinux.com/
http://polishlinux.org/
http://www.ubuntu.com/
Powered by Yahoo! Answers