Hack-proofing your clients

A large percentage of computer and network security seems to be reactive in nature. Antivirus software is typically only as good as its last update and antivirus software vendors have to scramble to create the necessary detection after the new threat is discovered. The same can essentially be said for antispyware and many anti-phishing solutions as well as some of the other computer and network security technologies.

There are some security technologies which strive to provide broader, more proactive defense against threats such as firewalls, but the attackers have more or less learned to rely on attack vectors that circumvent firewall defenses. So, aside from employing firewalls, antivirus, anti-spyware, intrusion detection and other security technologies, what can you do to proactively defend your network or computer from attack?

1. Patch and Update. Most attackers don't have the skills or creativity to come up with original attack vectors. Attacks typically rely on known vulnerabilities and publicly disclosed exploit code. Keeping your systems patched and updated will protect you from these attacks. Read more about patching myths.
2. Change Default Usernames and Passwords. It is easy for an attacker to find out what default usernames and passwords a particular hardware or software vendor uses. Make sure that you change all default usernames and passwords to prevent easy attacks. Find out how to crack a password.
3. Restrict Access. Protect critical operating system and application files by restricting which usernames or passwords have the authority to access them. Read more about access control in this Learning Guide.
4. Use Less Privileged Accounts. Hand in hand with Tip 3, you should not use the Root or Administrator account for day to day activity. Use a less-privileged, normal user account to avoid system compromise and only use the Root or Administrator accounts when necessary. Consult this checklist on removing admin rights.

   For more information: Tip: Get hacked in 10 easy steps Book excerpt: Anatomy of a hack

5. Remove Unused Programs and Services. Be sure to uninstall or disable any programs or services that you aren't even using. Even if they aren't vulnerable today, a vulnerability may be discovered in the future and you may forget the program or service even exists on your system, leaving you open to attack when an exploit is created. Find out which services to disable for Windows XP clients.

About the author: Tony Bradley is a consultant and writer with a focus on network security and antivirus and incident response. He is the About.com guide for Internet/Network Security, providing a broad range of security tips, advice, reviews and information. Tony also contributes frequently to other industry publications. For a complete list of his freelance contributions you can visit Essential Computer Security.