Re: Please help us with a fraud situation

On Tue, 27 May 2008 21:37:01 -0700, Jeff Liebermann <jeffl@xxxxxxxxxx>
wrote:

On Tue, 27 May 2008 20:06:14 -0700 (PDT), irfansmith@xxxxxxxxx wrote:

Please help us with a fraud situation

I don't see anything resembling fraud. More like common sense and
internet security setup. If this sounds like blame the victim, I
appologize, but if your surfing and security practices are lacking,
you are as big a part of the problem as the typical hacker.

We had some identity thefts situations with our credit cards and Bank
accounts.
People using our credit cards and writing checks against our account.

There are plenty of ways to get that info without involving the
internet. Most commonly, it's a theft of credit card data from some
idiot vendor that leaves the data on their web site. Having a virus
or trojan horse on your computer, that sends "interesting" files back
to the evil hackers, is also quite common. Lots of others. Hopefully,
you have a clue how it happened or who leaked the data.

How can I set up a really secure internet connection in my home ?

Yes. WPA2-PSK-AES encryption is about as secure as it gets. However,
that requires a shared key, which can easily be leaked if some evil
person has access to one of the computahs. To prevent that, you can
install a RADIUS server to provide a one-time encryption key along
with an extra login and password.

a more secure scheme is - no wireless, as then getting the security
wrong is much less risky.

ethernet cables are a lot more difficult to tap into without physical
access to the wires.

Incidentally, one of my friends got ripped off via identity theft. I
trashed a nice dinner by literally pounding the concept of NOT using
the same password for every account she was using. A month later, she
was moaning that it was too difficult to remember all the passwords,
so she just wrote them on a ledger pad and hung it on the wall of her
office. Moral: You gotta understand how security works in order to be
fairly safe.

I use a Windows XP - wireless laptop to access the internet I have
in my home.

Any particular model wireless router? Are you using WPA2 encryption
with a fairly obscure and non-dictionary password?
<http://wireless.wikia.com/wiki/Wi-Fi_How_To#Secure_a_wireless_network>

We use Comcast cable.

Comcast uses DOCSIS with BPI (Baseline Privacy Interface). That's
quite safe from sniffing.

We have a WPA secure internet. We use a Netgear Rangemax MIMO
and the Comcast modem.

Ummm... are the number keys missing on your keyboard or is there some
security reason why you don't disclose the model numbers?

Somehow some people have managed to get both our credit card numbers
and bank account numbers and even driving license number.

Give me a break. When was the last time you remember typing in your
drivers license number into a web form? If you did, it was probably a
hackers site. Do you even have any documents on your computah that
have the drivers license in them? If the drivers license number was
involved, it probably wasn't by sniffing your traffic or breaking into
your computer.

I use this internet to access all our bank accounts etc.

So do I. Have you checked that you're actually using the banks web
site, and not some impostor (phishing) site? Most banks have some
mechanism for storing an identifying icon or phrase that insures
you've got the correct site and not some phony that's collecting
passwords.

Because of the fraud that occurred, we want to make sure that
we have a really secure internet connection.

What additional hardware, software etc do I need, if any ?

No hardware. Anti-phishing software (i.e. Free AVG 8.0) works well
for identifying evil sites. Add some common sense and some heavy
reading about how internet security works. Pay attention to
anti-virus, anti-spyware, anti-rootkit, and anti-phishing software.
Pick *ONE* that works for you, and uninstall the rest as they trample
each other.

Since I am not a techie, pls help me with as much detail as possible.

Detail. OK. See:
<http://iase.disa.mil/stigs/checklist/>
Grab the XP and the wireless security checklists. You probably can't
impliment everything on the shopping list as much of it is not
applicable. However, you can get a good idea of what is expected if
you want to be REALLY secure.

This looks interesting. NIST Wireless Security Checklist:
<http://csrc.nist.gov/publications/nistpubs/800-48/NIST_SP_800-48.pdf>
--
Regards

stephen_hope@xxxxxxxxxxxx - replace xyz with ntl
.

Relevant Pages

  • Re: Please help us with a fraud situation
    ... internet security setup. ... drivers license number into a web form? ... Add some common sense and some heavy ... reading about how internet security works. ...
    (alt.internet.wireless)
  • Re: Vehicular Ramp Access
    ... common sense seems to have reared its ugly head ... I'm sorry to see Marco's airport going the other way, ... across the ramp with nary a suspicious glance. ... target level of security. ...
    (rec.aviation.piloting)
  • RE: Hashing passwords
    ... simple matter of phishing mentioned in the article in question is not really simple when we discuss that geared with math and common sense. ... where ever you see people talking about security risks, losses and benefits using numbers, think about "billion by billion" matrix. ... This email communication and any attachments may contain confidential ... please visit our Internet web site at http://www.commonwealthcare.org. ...
    (Security-Basics)
  • Re: Full Body Scans at Airports
    ... For the obese part, if it is sooo easy, why are half of you people obese ... Even going from one neighborhood to another, in your own places, security is ... (Yeah, yeah, I know you're in ... "A lack of common sense is now considered a disability, ...
    (rec.travel.air)
  • Re: Adequate Security
    ... > I think you will be fine with Norton CE and Windows XP Firewall ... > Internet Security will also manage outbound access and if you think ... > security updates at Windows Updates is also very important and can be ... I bought it via web download and so ...
    (microsoft.public.windowsxp.security_admin)