Comparison of the different Internet Browsers and their users.
Click here for a bigger picture : http://www.flickr.com/photos/21904710@N00/2754981251/sizes/o/
If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!
Defense-in-depth is fundamental to the design of a secure system. It stems from the idea that software can have flaws; people can make configuration mistakes; and hardware devices can fail. To compensate for events like these, we do not want to rely on a single mechanism to defend our resources. Instead, we deploy multiple layers of protection to account for the possibility that one of them may fail.
Let us apply this concept of defense in depth for securing your home network.
1. Router: You probably have a router(maybe wireless) connected to your cable or DSL modem. The router acts as a firewall protecting you from direct malicious attacks originating from the internet.
2. Anti-virus: Now, while the router acting as a firewall can help you against internet attacks, it cannot protect you against say an email based computer virus or a worm that got downloaded when you visited a malicious web site. An Anti-virus software with the latest signature updates, can protect you from such an attack.
3. Fully patched operating system: A virus probably needs access to some Windows service or a port. A fully patched operating system can add an additional layer of security.
Protecting yourself is very challenging in the hostile environment of the internet. Imagine a global environment where an unscrupulous person from the other side of the planet can probe your computer for weaknesses, and exploit them to gain access to your most sensitive secrets.
They can even use your computer to store data like stolen credit-card numbers or child pornography, or to attack another innocent home user or business from your system.
Here’s Kevin Mitnick’s Top 10 list of steps you should take to protect your information and your computing resources from the bad boys and girls of cyberspace.
#1. Back up everything! You are not invulnerable. Catastrophic data loss can happen to you — one worm or Trojan is all it takes.
#2. Choose passwords that are reasonably hard to guess — don’t just append a few numbers to a no-brainer. Always change default passwords.
#3. Use an antivirus product like AVG or Norton, and set it to update daily.
#4. Update your OS religiously and be vigilant in applying all security patches released by the software manufacturer.
Working in Computer Security, one of the biggest threats we face today is the threat of an Insider, an Employee who might casually walk in with his 4 GB USB Flash drive, plug it in to their computer within the corporate network and walk away with valuable data. I have seen solutions ranging from expensive Intrusion Prevention Systems to disabling access to the USB drive all together.
In the first scenario, a company might not have enough financial resources for such an expensive IPS solution. The second scenario is impossible to implement in a corporation, think about the external USB keyboards, mouse or a LCD screen.
In this scenario, let us think that a corporation has migrated to Windows Vista from Windows XP. It does not wish to use an expensive solution but at the same time lock down users from having access to the WRITE capability with regard to a USB device.
1. Open Notepad and copy the following
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
“EncryptionContextMenu”=dword:00000001
2. Save the file as USBNoWrite_Vista.reg
Operating Systems Security: Year 2007 Vulnerability Report
This paper analyzes the vulnerability disclosures and security updates during the year 2007 for Windows Vista Operating System when compared to its predecessor, Windows XP, along with other modern Client Operating Systems Red Hat, Ubuntu and Apple Mac OS X.
The results of this analysis based on the Vulnerability Count Metric and Days of Risk suggest that Windows Vista is the most secure Operating System when compared to the other leading Desktop Operating Systems for the year 2007 based on its lower vulnerability profile. Windows Vista is also significantly easier to administer for IT Security of various corporations as well as individual users based on the number of Security Bulletins and updates it issues besides the excellent security support provided through Microsoft TechNet Security Center.
With the vulnerability and risk data available, I also wanted to tackle the topic of Browser security. The analysis reveals that Firefox 2.x on Ubuntu platform was the most secure browser for the year 2007 in terms of the lowest Days of Risk and vulnerability profile. While these results represent only the vulnerability dimension of security risk, they do provide insight into the aspects of security quality that are under the control of the vendors – code security quality and security response. These metrics however, must be considered in combination with several other important qualitative factors when choosing a platform based upon security maintenance and likelihood of a security breach in your environment.
Beyond patches and vulnerabilities, there are “softer” qualities of security that are difficult to quantify but undeniably impact deployed security. Qualities like security lifecycle support, bulletin descriptiveness, default security features and the like all have a direct impact on deployed role security.
Note: This report is an update to the previously published Windows Vista One Year Vulnerability Report by Jeff Jones1, a VP at Microsoft, who concluded that Windows Vista is more secure by analyzing vulnerability data of Windows Vista and other Operating Systems based on the first year of their operation. However, as Jeff admits, this kind of first year analysis may be good to evaluate the security practices and product development methodologies of a vendor more than measure the security of an Operating system. This paper expands on his findings while following a similar structure used in Jeff’s report presenting a deeper level of analysis and comparison of the modern workstation Operating Systems using the entire 2007 vulnerability and risk data which would more accurately reflect the “present security state” of these different Operating Systems.
Also, please note for non-windows fans, this is a Vulnerability Report not a ranking the most secure operating system report. Before you make any conclusions, I have presented the data used to come to the conclusions in this paper for everyone to access. I tried my best to level the playing field by having similar components for all Operating Systems accessed in this report. go on reading »
A blog covering Computer Security and Technology in general
Contact me
