This document assumes you have completely cleaned your PC following the information in my malware/service document or just have a clean PC, this document complements it.

I have also included security informations for other areas of security in this document to make it easier to get a more secure enviroment. If any sections over time get to big to be included here i will move them and refence the subsequent articls.

General

• strong password (add generator links)
• Rotate passwords?
• 2 factor authentication
• When asked how to best protect ourselves right now, Snowden said to “use full disk encryption to protect your computer and devices,” and to also use “network encryption” like SSL. He also suggested using the browser add-ons NoScript and Ghostery as well as using TOR. If you encrypt your hardware and your network, then you are “far, far more hardened than the average user,” he said.

Local PC

• safe search toolbars etc.. (with the ticks etc avg safe search + link scanner)
• antivirus software
• firewall (best, ie comodo, zone alarm)
• antimalware (should be part of av)
• id protectino
• password vault software ie keepass lastpass
• latest software and patches
• auto updates
• Rapport
• keylogger blocker etc..
• additional online scanners
• grc.com shields up
• encyrpted drive (pros and cons)
• java/flash/adobe reader upate to latest if need or uninstall completely. Also remove old java version.
• Malwarebytes realtime scanner (possible in malwae section)
• Pendrive autorun (not needed on win7 +)
• Link scanners
• Eula analyser
• MRU-Blaster is a program made to do one large task - detect and clean MRU (most recently used) lists on your computer.
• Zero filling + file shredding
• run stuff in a sandbox (ie comodo kiosk / sandboxie (http://www.sandboxie.com/))
• keyscrambler – this will scrambler keyboard output in the kernel
• uninstall all unwanted programs
• uninstall all unwanted services less security holes
• USB Autoplay protection
• use a virtual pc to web browse
• antispam software in your client

Software to try

• web of trust/macfee/norton one/ avg link scanner
• http://www.ilovefreesoftware.com/28/featured/6-free-link-scanners-to-scan-urls-in-browser.html
• http://www.pcworld.com/article/248963/how_to_tell_if_a_link_is_safe_without_clicking_on_it.html
• Pop up blockers
• LastPass / KeePass
• panda usb

Browser / Browsing

• firefox use the 'no script' plugin, also prevents java from other websites from loading (xss – cross scripting).
• Remove unknown or unwanted search plugins (possible make part of antimalware notes)
• No script for FF (prevent scripts running and xss whilst letting some run)
• add do not track
• using a vmware machine to browse
• Flash
  • this utility allows you to read them - http://www.nirsoft.net/utils/flash_cookies_view.html
  • these are a type of cookie and can be deleted and should be every so often
    http://helpx.adobe.com/flash-player/kb/disable-local-shared-objects-flash.html
  • right click on the picture at the top to quickly access flash settings
    http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html
• http://blog.ickydime.com/2008/12/how-to-delete-flash-shared-objects.html

Finance

• add a note to paypal for them never to give out my credit card numbers ie the last 4 digit

Network Level

• Public DNS servers
• Opendns - dns monitoring
• router
• router firewall SPI etc.
• router DDOS settings to on
• dmz rule to dead ip
• block uneeded ports (stealth/blocked/etc see grc.com)
• TOR network
• VPN tunnel
• Google Public DNS is a free, global Domain Name System (DNS) resolution service, that you can use as an alternative to your current DNS provider. Google Public DNS
• respond to ICMP ping set to off
• disable upnp on router

Data Transport (on the internet)

• PGP to internal encypt email messages
• not all SSL smtp traffic is secure ie if the serv other end does not accept SSL (2 settings 'advantages' = if remote server supports ssl it will use that or default back to non ssl. required = remote server requires SSL smtp to accept email

Webserver

• https always on
• webserver https beast attack
• web server section
• penertration testing
• testlabs.. SSL testing website
• use secure php.ini in the sub root folder ie /home/lancast/ see example php.ini
• redefine php.ini global location with htaccess (suphp and setenv)
• turn php error displays off as this is a security thing
• block Russia and china by IP

Research

• BeEf is a penertration testing platform also used for hackers
• security test GFI languard - http://www.gfi.com/pages/vulnerability-management.asp?adv=13734&loc=27&kwd=4
• security website that might be of some use - http://www.matousec.com/
• firewall reviews - http://www.techsupportalert.com/content/matousec-personal-firewall-tests-analyzed.htm
• http://www.techsupportalert.com/content/how-install-comodo-firewall.htm
• http://www.wilderssecurity.com/ - good security forum
• http://www.neustar.biz/enterprise/dns-services/free-recursive-dns#.UdHr021p20Y
• Norton dns - https://dns.norton.com/dnsweb/homePage.do
• https://www.grc.com/dns/benchmark.htm
• Grc.com and ‘Security Now’ podcast
• Passwords section ?
• Good passwords =
• Password generator sites
• Hxxtp header (prevents iframe thing)
• Email, junk email and settings