Basically what you should be doing is:

1. Ensure that a hardware firewall/router is in between the internet and the PC (I’ll just call it a firewall from now on)
   • Use a recognized brand name like Linksys, avoid the no-name generics as they often have bad defaults and don’t implement the stateful-packet-inspection that you want to filter out most of the cruft on the Internet from reaching your PC
2. Ensure all default passwords on the firewall and PC have been changed
   • When you initially turn on the power to your PC and to your firewall, do NOT have them connected to your cable or DSL modem initially.  Do the setup of your firewall and PC first in order to ensure malware doesn’t have a chance to get at your shiny new PC before you’ve turned on the needed protection
   • Point a browser to your firewall (likely 192.168.0.1 or 192.168.1.1) and change the default administrator password.  This is very important, as some malware will seek out your firewall and try to use the manufacturer default password to change things like your DNS server settings – inserting the bad guys in between you and the rest of the Internet (eg. forcing your traffic to them first before it goes to your bank)
3. All normal accounts used for day-to-day business on the computer should NOT have administrator privilege (see my post on running without admin privileges)
   • On Windows XP, Vista (and I think 7), the default “user” that accesses the PC has full administrative privilege, that enables software  installation and configuration changes.  This is very dangerous, as malware that you come in contact with from infected emails or websites use this privilege to install their spyware, keyloggers, backdoors and other nasty stuff on your PC – without your explicit permission
   • Set a password for your Administrator account
   • Create a new user right away, before you setup your email, music, photos, documents, etc; ensure that new user is NOT a Computer Administrator
   • Always login with this non-Administrator username for your day-to-day use; only use the Computer Administrator username for software installation and configuration changes.
4. Never surf the Internet with an account that has administrative privilege
5. If this is a common PC for a business, ensure employees accounts are individually assigned (if practical). Ensure those employee accounts are not administrators (unless there is a need and a high degree of trust)
6. Run a good commercial anti-virus program with annual software support (or a subscription)
   • There are some good free AV packages (AVG, Clamwin, Avast) .. Google them for the links
   • Sophos makes a good Mac AV package .. yes, Macs are vulnerable to malware as well; it’s just not as prevalent
7. Finally ensure regular (daily) backups are being run to protect your business, financial, customer information from loss if there is a problem with the PC
8. For setup of your wireless access point (if you have one .. sometimes it’s built into the router/firewall)
   • Chose wireless encryption of at least WPA or WPA2 .. never use WEP or no encryption
   • There is no significant increase in security by obscuring your network name (SSID)
   • Don’t use any personally identifiable information in your network name

If you are unsure of how to do any of these steps, get one of your computer knowledgeable friends to help you.  Of course if you are purchasing a new system right now, I’d strongly recommend you check out Apple’s Mac products.  They’re not immune to malware, but the architecture and core are by design much less vulnerable to the types of malware that plague Windows.

PDF

2008/09/03

net5501 is a x86 SBC that I ordered with 4 10/100 ethernet ports, 512MB memory, 500MHz Geode LX CPU

Serial console is used for setup of net5501 – BIOS writes to serial port since there is no xVGA port. <ctrl-p> to enter BIOS setup. DB9 pinout:

2 — 3

3 — 2

5 — 5

Use 19,200 bps 8 data bits, no parity, 1 stop

With the Macbook Pro, I use a Keyspan USA-19HS USB <–> DB9 RS232 serial converter (and DB9-RJ45 adapters to implement the null modem configuration and allow me to use an ethernet cable for the serial console <–> Keyspan device.

On OS X (10.5) I use “screen” to provide the serial terminal interface:

$ screen /dev/tty.USA19H1a2P1.1 19200,8

<ctrl-a><ctrl-\> to exit

On the net5501 BIOS, PXEBoot is disabled:

set PXEBoot=Disabled

I setup voyage-0.5.0 on a compact flash card then installed the card into the net5501 – works great the first boot

Default root info: root / voyage

OpenBSD setup info:

http://techblagh.blogspot.com/2008/08/installing-openbsd-43-on-soekris-5501.html