Secure your Home PCs

Is your PC safe enough to do Internet Banking and Online transactions

Home PCs are becoming popular target for Intruders specially those PCs connected via high speed Internet link such as ADSL, ADSL 2+ and Cable. Most of the home-PCs are not properly secured and easy to break through. We all have PCs at home and most of them are connected to Internet for 24 hours a day via high-speed cable modem or DSL modem. Do we really pay enough attention on security of these PCs? Are these PCs secure enough to do Internet banking and online transactions?

Why intruders targeting our PCs.

Home PCs are like honey pots for intruders. Not only they are targeting your personal information, they also could use it to many more purposes. If a PC was hacked by intruders then, they could use it to

• Get your banking information, Credit card details, etc….
• Use your PC to hack other Computers or do unlawful activities, so the hacker is actually hiding behind your PC and you might be caught for the hacker’s unlawful activities.
• Use your hard disk space to store unauthorized/unlawful files and share among others and Steel your computer fast processor to run his programs in your PC and attack others.
• Use your PC as a source to spread viruses, Do Denial of service attack, send mass emails etc….
  
  So how can we make our PCs Save?
  
  Antivirus software
  
• Use recognised anti-virus software. (Symantec, MacAfee etc…)
• Installing anti-virus software alone is not enough. Updated virus definition files needs to be downloaded and installed regularly. Make sure it is happening
• Schedule daily full scan to your computer when the computers are not heavily used. It will detect any existing viruses.
• Make sure the auto-protect features turned on in your anti virus program so that any files opened or executed will be scanned first.
• Check the virus scan reports and alert massages and respond immediately, if any virus found
  
  Windows Updates
  
• Make sure the windows update is running and install the security patches immediately.
• Turn on Automatic windows update
  
  Firewalls
  
• If you have more than one PC and use broadband, Cable connection, I would recommend using hard ware firewalls. They will protect your entire network from incoming threads. Allow only known and required traffic through firewall and take extra care when creating firewall rules
• If you don’t have hardware firewall, Use recognised firewall software. Windows XP has it’s own firewall. Make sure only known applications can access Internet. Other better firewalls are Zone-alarm, Symantec etc..
  
  Anti-Spyware
  Install Microsoft Defender or any other recognised Anti-Spyware
  
  Safe Internet Browsing
  
• Do not open any Emails from unknown persons.
• Do not open any Email attachments unless you know that they are safe. Specially with file extension vbs, exe, bat, com, jar
• Take extra attention when installing ActiveX. Do not install ActiveX from unsigned/un-trusted sources. Install the ActiveX if it is necessary only.
• Internet Explorer is well known for its vulnerabilities. Switch to fire-fox. You could download the latest version of fire-fox from http://www.mozilla.org/
• Keep your kids computer in the living area, so that you could monitor what kids are doing.
• Install K9 protection software in your PC and configure properly so that your kids won’t go to improper web sites. This is free for home use and does a very good job.
  
  Wireless Security
  Recently, I did a wireless network scan in my friends place and found more than three unsecured wireless networks and I was able to connect to their network and access Internet. By Default, Not all the security features are turned ON in wireless access points. . Turn On the wireless security. Do not let the hacker to sneak through the wireless LAN.
  
• Do not broadcast the SSID, It makes hard to find your wireless network
• Enable access-list and add all your PCs MAC addresses in the list.
• Encrypt the wireless communication using WPA or WEP. And use unpredictable secret keys.
• Change the passwords. Don’t use the default passwords for your routers and access points.
  
  Backup
  
• Backup your important files in DVD or in some other locations.
• Turn off the computer when it is not in use.
  

Secure your Bank and Credit card accounts

• Recently, My wife lost her handbag in a shopping centre with bankcards, credit card, drivers license and Medicare card. As soon as she knew the bag was lost, she did the right thing. She informed the banks and the shopping centre customer service about lost cards, and lodged an entry in the Police. Later she applied and got the replacement banks cards, Drivers license and Medicare card. This incident, argued me to analyse about how secure our bank accounts and credit cards are. The result is very shocking. It is very much easier to hack our bank accounts than we think.
  
  Lets see what is the information a hacker could get from the stolen handbag or Wallet
• Your name, date of Birth, Driver’s license No and the current address from Driver’s license
• Your Family Details from Medicare card
• Your bank and Credit card information
• Internet bank Digital Key, if you have a habit of keeping it with you.
• Your other personal cards such as library card, Fitness centre card etc.
• Your work details from your business card
• Other useful information from things in the wallet.
  
  Lets analyse each possible cases
  
  Phone banking
  
  This is the most vulnerable banking option. All transactions could be completed with some simple questions from a remote location. The operator asks your bank account number first, and it could be found in your handbag or wallet. (This is not secret information any way. You give this information to number of people including the bank loan agent, real estate agent to rent a house, your HR and Account payroll departments). Next the operator asks the telephone-banking password. The hacker could try few passwords based on the personal information. If he couldn’t succeed, No problem, the operator will ask few more simple personal questions like your date of birth, your current address, telephone no or your kids name etc… This information is readily available in Driver’s license and Medicare card. Most banks are simply authenticate a client by asking only for a Driver’s license No., date of birth, Residential address etc.
  
  Internet banking
  
  Safety of the Internet banking depends on how secure the computer you are using. There are numerous viruses, spy-wares and Trojan horses in the world to target bank details. If you are using a non-secure PC to do Internet banking, it is like giving your bank ID and password to a stranger. (I will discuss about how to make your computer safe in my next post.)
  
  
  
  
  
  How easy to reset the internet banking password
  
  In some banks, the Internet banking password could be reset over the phone again by answering some questions to authenticate. They ask some simple online questions before giving the forgotten password.
  
  
  Credit card
  
  Credit card is easy and convenient to use, but very difficult to protect. Once the card is lost, the criminal doesn’t need any other information to do a transaction. He could go to the shopping centre counter and withdraw money or buy things from there.
  Do you know who else has got your credit card information?
  Make a list of known persons and companies…
  Start with the companies and persons that you gave the credit card info over the phone and through the Internet,
  The insurance agent, Fitness centre, Internet service provider, Soccer club, amazon.com, paypal.com etc… the list goes on and goes on…
  Now can you imagine how many people have got your credit card details, and this information could go to criminal’s hands in no time.
  
  
  How often do you check your bank transactions
  
  Do you have a good habit of checking the bank statements properly? In our busy life style, we don’t have enough time to do a proper check and we don’t pay attention to the small amounts of money deducted from our account. Never know, it could be a criminal who takes a small amount from your account every month, so it will go unnoticed.
  
  
  How can we do a safe banking??
  
  Phone banking

Ask a question to your self. Do you really need phone-banking option?
If you ask me I would say, disable the phone bank completely.
But if you really need it

• Protect it with some really hard password using the combinations of alpha, numeric and special chars.
• Choose some really hard authentication questions for which the answers are very difficult to guess by others.
• Change your password often.
• Change your questions time to time…
• Use the phone banking whenever you do not have any other option. Keep in mind that, no matter how hard is your password and authentication questions are, you are giving all of them to some unknown Bank employee over the phone. The employee may not be trustworthy and phone conversation could get trapped too.
• Do not do phone banking in public places. Pay attention around you before giving details over the phone. There might be somebody listening to your phone conversation.
  
  Credit cards
  a. Keep your credit cards separate from your wallet
  b. Minimize your Credit card usage. Use the credit card whenever it is really necessary.
  c. Do not give your credit card information over the phone.
  d. Do not give your credit card to others or leave the cards lying around.
  e. Keep an eye on your card during transactions and get back your card as quickly as possible.
  f. Keep a record of your card numbers, expiry dates and bank contact details in a secured place.
  g. Check your credit statements in a regular basis and make sure that there are no unauthorised transactions debited against your account.
  h. Lock your letterbox and make sure you are getting expected letters and bank/credit statements on time.
  i. Keep a low limit credit card, at least for the online transactions and for the travel use in overseas.