We got an email to the list today that got me to thinking. Alyce was concerned because of Attacks toward her computer that were being logged by the firewall that is part of the locally installed antivirus suite. Alyce wisely checks the history and logs section on a fairly regular basis but admits to being a novice. Recently Alyce observed that about every ten minutes the same IP was trying different attacks to gain access to the computer. As was stated in the email I know that no one is going to jump through my computer screen, but it is scaring me...
It is scary to know traffic coming toward your system is not friendly. The internet is not a safe, nice place where you can leave your computer open and no one will bother it. However, if you keep your system patched, run antivirus software and have your firewall turned on, you are pretty safe from the externally initiated attacks that are aimed at your system. Most tools are automated and are looking for home systems with vulnerabilities. There are far to many open and unprotected system's out there to go after then trying to compromise one that takes effort.
The bigger worry actually comes from what the user at the keyboard is doing. Currently as I write this, I have to make a decision as to whether I should rebuild my box. I keep it patched and locked down to what I need. I don't run as administrator and I run a firewall and antivirus software. All of this it seems, could not save my computer from one of my kids who got on it to surf around the internet. It appears they have picked up something on their travels as my computer is not running right. Even through all the lectures of not clicking on every link out there just because Google returned it, the message still did not get through. The attackers don't have to break in if you open the door for them.
Trying to teach the user community to be careful of where they go and what they click on seems to be a never ending saga. How many years have we spent trying to educate the end users? I have a couple of family members that unintentionally keep creating their own malware zoo on their computers. No matter how much I try to caution and explain, it obviously isn't getting through. I'm sure many of you have the same problem and similar users. The problem is trying to bridge the gap between those who work in the computer world and those who just use it. So, I would like to compile a simple, best practice list for safe internet travels for the non computer savvy home/work user. If you have any recommendations for best practices/advice for this list, please send them in and I will compile the results. I'll post the results of this in a diary next week.
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.