Most ISP's will furnish their subscribers with a small measure of protection. This is especially true concerning email traffic. Most email routed through an ISP to a user account that is accessed by a program like Outlook Express is scanned before being forwarded on to your computer. So, in essence, your ISP is your first firewall. Do not depend on this to keep you safe. Most data is simply passed through their system to yours.

Once a hacker gets your internet address, the hacker will begin to attempt to access your computer. Frequently, this is done by feeding a software device through the internet to embed itself on your hard drive and relay information back to the hacker. Armed with you system information and maybe some of your passwords, the hacker is ready to do some damage by stealing your data or your identity or both.

You need protection close to home to stop this from happening. Your local firewall is your best hope. Most major operating systems come with firewall software already installed. If not, companies like McAfee produce some excellent firewall programs. For home use, the less expensive types of firewalls are usually more than adequate. If you own a company that deals in proprietary or secret materials, you will want to go after the big guns.

Once installed on your computer, firewalls come with settings of low, medium, and high with some grading along the way. This means that you have about 5 to 10 security levels to choose from. The manufacturer will almost always have the software preset at the level recommended for home use. If you turn it up too high, nothing will come through from the internet. You might as well disconnect it from your computer if you are that fearful.

Low settings will allow all of the awful stuff that roams the internet looking for open doors to stroll right on in. Something between the middle and high is usually a good place to start. If this is too restrictive, back it off a little at a time until you feel that your system has a comfortable balance between high and low security. When it fits the pattern that lets you have the internet access you desire, trust your other protection like anti-virus programs to do the rest.

Most routers come with a measure of hardware based firewall protection. They are not perfect because often the have little ability to be customized to fit the users needs. So, they knock out the big pieces to take some of the pressure off of your software. If you use a cable modem or DSL, you will want to get a router to add the extra measure of security because you are always on an open line to the internet.

The first thing to do is to start using an encrypted virtual disk to store all your info inside instead of a normal disk. I recommend True Crypt since it's free and open source. Create a new container with the size of your choice and the use a very good password and some key files. Since you cannot keep a huge password in your mind I recommend you to save it to an encrypted PEN Drive as well as all the key files. Save their path in the cache so everytime you want to open the container, True Crypt knows automatically it must get the pass and the files from the PEN. Don't worry because as long as you keep the PEN with you nobody can access the container even if they steal the computer. The container works exactly like a normal hard disk. If you want to go further you can encrypt the entire disk but it's a bit risky.

Let's imagine someone breaks into your computer. They can see a file but when they try to open it they can't because they need a password and the key files so you are almost 100% protected.

Depending on the size of the container you can keep inside the hard disk or you can copy it to another PEN Drive making it impossible for anyone that hacks into the computer to get the file from you because the PEN is not fast enough for such upload. Another advantage is that is someone steals the computer they won't get a single file from you! I can't recommend anything but True Crypt!

Text files, images and documents and emails and not the only information you want to hide from hackers. How about Internet history and downloads you make? All this info is stored in temporary files and in the browser history and everyone can easily see it. The solution is using a portable browser loaded fom the container. Get Firefox Portable . These portable apps leave very little foot steps in the computer after being used. It's also very cool to have all your favorite apps inside an encrypted and portable place such as a PEN. Here you can find a huge list of portable software. Hackers that break your computer security can never know which programs you are using this way.

To backup your container just make a copy to another PEN. If you create a container with for example 100 GB and you want to back it up to PEN Drives use Winrar to break the container into smaller files. you don't need to use compression to do this. You can add another password if you want inside Winrar.

Keep in mind that if someone steals your computer even if it's locked with a Windows password they can get access to your True Crypt password! I couldn't believe until I saw one movie in Youtube about a technique to do that. Basically they can steal your computer and remove the RAM that contains the pass inside and they cool it until they can go to a place to get the data from the RAM. To prevent such nasty situation always turn off the computer to erase the RAM and the passwords that Windows stores in it.

The first step in every security assessment and hardening process is always to conduct an environmental survey specifically tailored towards promoting a comprehensive scenario specific awareness and understanding of the prevailing functional operating climate/environment.

One all too often overlooked aspect here is physical security. One should never forget that all security starts with the physical and only then progresses to the logical if appropriate. Without further ado here are the issues and potential solutions that merit consideration with regards to all wireless networking environments and implementation scenarios.

Fixing and Camouflage

So make sure that all of your Wireless Access Points (WAPs) are physically secured. Tie downs and camouflage are great ways to do this. Both camouflaged and secreted devices (located in suspended ceilings etc) have the added security benefit of being hidden from general view.

The old adage “out of sight out of mind” immediately springs to mind. What cannot be seen is often out of mind and therefore less likely to go walk-about. WAPs can be secreted in suspended ceilings, wiring closets or fixtures such as ornaments and planter pots. This makes for an all round far more aesthetically pleasing approach.

Signal Degradation

With respect to wireless networking physical security also entails taking such factors as environmental interference from other wireless devices and cell phones etc., electromagnetic interference (EMI) from other electronic and electrical devices such as TVs, radios and public address systems, signal attenuation, degradation and for the network's wired components such as those connecting your WAPs and wireless bridges/routers to your wired network (LAN) noise and cross-talk need to be taken into consideration.

Functional Reliability

Do not overlook the need for equipment reliability and robustness along with adequate emergency situation operating functionality. It is imperative that in the event of an emergency or catastrophe that your wireless network remains fully functional unless circumstances dictate otherwise. Communication is usually the most valuable resource in times of doubt and uncertainty. Just ask the military.

Naming, Labeling and Documentation

An appropriate secure customized naming convention complete with a fully complementary secure labeling system is a must. This is generally of higher importance for a business wireless networking environment where there may be considerable numbers of roaming network member devices than is usually the case for the home wireless network.

On top of this, wireless network physical security requires the appropriate planning to ensure ready location and identification of network devices in the event of malfunctions, failures or hacking (successful or not) especially when physical access of the equipment in question becomes necessary. Of course this will include the proper documentation detailing all physical aspects of the wireless network including device location and identification markers.

Wireless Traffic Control

Another crucial principal element of physical security for all wireless networks that rates special mention here is that of traffic control. Just as one regulates the physical ebb and flow of people on any given site through orchestrated control of transport facilities and mechanisms, the same holds true for the regulation of traffic flow and control for wireless networks.

Consider this to be very much akin to a perimeter-based site/facility security strategy that deploys multiple layers of defenses for physical site access. In networking applications firewalls can do an admirable job of regulating authenticated access; very much as a fence and guard-house does for facility perimeter security. So install one and ensure that it is correctly configured.

Physical Traffic Control Mechanisms

With regards to physical traffic control for wireless networks the majority of options will be partially implemented in hardware and partially logically. The exact mix will be situation specific. Planning and due care with device placement, the selection of transmission frequency bands and power ratings will all have a role to play.

Consider that some frequencies have better physical penetration attributes than others, while more powerful signals (higher wattage) will be propagated further and will also penetrate fixtures better. There have been documented instances of wireless network signals being detectable and of service level quality at up to 125 miles from the transmission source (the official world record distance as recorded by http://www.wifi-shootout.com).

For these reasons in a high security zone one might need to deploy more specialized WAPs set to a lower transmission power rating than usual in combination with unidirectional antennae rather than omnidirectional antennae. The additional costs of these types of units are readily justifiable in terms of the additional security levels attained.

From a fiscal standpoint it is worthy of note that this small additional cost is a onetime up front encumbrance and the financial department will love the fact that these devises are far more sturdy, reliable and in general have a longer expected mean operating life thereby reducing running costs and failure induced troubleshooting and replacement rates.

Logical Traffic Control Mechanisms

Having implemented perimeter-based access verification and validation security initiatives we may well need to implement additional logical controls and network subdivisions such as Demilitarized Zones (DMZs). DMZs for instance allow for additional network traffic control, regulation, isolation and compartmentalization.

Limiting wireless devices to specific areas/zones of a network also delivers additional benefits such as greater economy and efficiency of bandwidth usage patterns and superior levels of granular administrative capabilities and ease of use.

Wireless-Free Zones

There are also many instances where wireless networking devices along with mobile communications or entertainment devices functionality are undesirable or unwelcome. The most sensitive of these areas will be related to sensitive electronic equipment such as that found in hospital trauma, intensive care, surgical units, coronary care units and life support systems. Areas where flammable materials are handled, stored or used also qualify as wireless-free zones.

In these cases and others like them we need to monitor to ensure that within a specific perimeter wireless devices are not functional and that signal leakage from wireless enabled sectors does not leak in. Perimeter threshold detection is generally considered to be the most effective solution here.

By this I mean that metaphorically speaking a line is drawn beyond which none of the above devices will pass while still turned on. Hospitals generally paint a red line on the floor, walls and ceiling to clearly mark this threshold.

Collateral Damage

When designing and planning a wireless network remember to incorporate provisions that address physical security from the health perspective by ensuring that no possible harm, collateral damage or interference can be caused by the network, its devices and its signals. Cables for example, should be secured and out of harm's way as should WAPs.

We don't, for instance want a WAP falling onto somebody from a humane perspective as well as from a litigation avoidance perspective. Nor do we want our wireless network to cause the cardiac pacemaker of a passer-by to malfunction. Here is a case where clear, readily noticeable and unambiguous notifications (signage) are our main preventative and compliance option. I guess this is more or less a disclaimer approach really.

Not only do we need to protect and guard humans from harm caused directly or indirectly by our wireless network and its components but we need to protect our wireless network from physical harm caused by humans and/or the environment as well. It is up to us to provide for our networks physical well-being as it cannot do this for itself.

Regulatory Compliance

Regulatory compliance issues also need to be addressed at all levels and all stages of a wireless network's life cycle. Local and regional standards and regulations need to be researched and fully compliant measures implemented. Policies also need to be developed, made appropriately available to those concerned and of course implemented.

Pass-Through Point Security

Just as a physical site's physical access controls may see the implementation and installation of fences and stationing of security guards at primary access points the same can often be done with wireless networks. For example there may be the opportunity to implement search mechanisms such as the pass-through points seen at airports etc. This is one way of ensuring that unknown devices do not enter within the coverage area of your wireless network.

Unfortunately, for most businesses it is often impractical to implement this type of measure as the cost and negative customer reactions may preclude it as being overly draconian. Larger chain retailers do however, employ pass-through scanning devices but they are more attuned to the detection of theft of merchandise rather than the prevention of unauthorized wireless access.

Note however, that for areas not publicly accessible and/or where sensitive materials are stored pass-through inspection security is a viable option. Espionage is a reality that must be addressed. If not the stealing of properties then the sabotage aspect may be of appropriate weight to implement pass-through surveillance mechanisms.

Much damage has been done in the past by persons posing as service or utility personal that many facilities, especially an organization's research and development and marketing divisions as well as their datacenter have seen fit to implement the pass-through security approach.

Wireless Network Presence Detection

Although a wireless network uses an invisible to the human eye medium with the right tools it becomes very observable. Tools such as Kismet for example, have very little difficulty in detecting the presence of a wireless network. Furthermore, there is very little you can do to prevent this type of detection. After all, wireless signals are transmitted over the public domain. Fortunately however, there is a lot you can do to prevent exploitation of a wireless network after detection.

The implementation of full conversation encryption including that of authentication mechanisms and connection establishment is, as far as most would-be intruders/hackers are concerned, just too much hard work considering that there are untold numbers of easier targets to be had.

Quality of Service (QoS) Geographical Access Parameters

One should always consider geographical access and connectivity requirements and parameters in conjunction with the desired timely delivery of Quality of Service (QoS) metrics. The wireless network's ideal is to provide adequate connectivity and accessibility throughout the entire area of intended coverage (no drop-out zones) and with a specified level of Quality of Service (QoS) for said area but no more.

The Quality of Service (QoS) factor may be defined by either meeting or failing to meet specific performance metrics such as transfer rates or strength of encryption.

The geographical network confinement parameters are generally characterized and measured by the degree of signal leakage beyond a specified intended perimeter of coverage. The distance, signal strength, signal quality and degree of availability both within and beyond the designated network perimeter are the parameters that define and delineate that point at which signal leakage becomes unacceptable.

Network Monitoring and Site Surveys

In monitoring the attributes of a wireless network, tools such as Airsnort, WireShark (formerly Ethereal), NetStumbler and Kismet are your friends. Use them to conduct regular site surveys to assess signal leakage. If need be take the appropriate remedial measures to ensure compliance at all times and locations.

Some organizations even go to the extent of using signal jamming technologies to ensure that any leakage is rendered useless and piggy-backing cannot take place.

Line of Sight

Line of sight requirements need to be assessed carefully from the perspectives of both the current scenario and extrapolated into making predictions of the most likely conditions that will be prevalent at various predefined times in the future. Trees for example have a habit of growing.

So where a clear line of sight exists today the possibility that this will not be so in the future must be evaluated. In the case of trees one solution might entail lopping every other year in order to preserve said clear line of sight. No matter the terms or conditions, the establishment and implementation of a documented schedule or regime that addresses these types of issues needs to be set forth.

Conclusions

Wind, vibration, the environment in general and other factors including human interference of one form or another will all conspire to throw the most carefully designed and implemented wireless network out of alignment. Persistent cognizant vigilance must be your motto and creed.

Introduction

It would be nice to live in utopia, that ideal world where nobody was a villain and misdemeanors never occurred. Unfortunately for the majority of us residing back here on planet Earth, security breaches, compromises and issues are all too real and unpleasant facts of life. Regardless of our station in life somebody is always trying to get a free lunch at our expense or trying to take advantage of us in some other way.

This being said we need to identify the objectives, acceptable standards, policies and regulatory compliance requirements that our wireless network security should deliver as intended.

Wireless Networking Security Objectives Defined

It is widely recognized that the underlying themes of all network security, and not just the wireless components, should be such that they consistently ensure adherence to the principles expressed by the CIA of Security ethos. Simply put this means the planning, implementation and maintenance of organization/network-wide Confidentiality, Integrity and Authentication (CIA).

The implications of this are that only duly authenticated authorized users have full access to all of their allocated network resources, assets, capabilities, bandwidth and Quality of Service (QoS) in line with the appropriate user rights, permissions and privileges whilst maintaining full and comprehensive organization-wide network confidentiality and integrity. The trick is in doing so seamlessly and transparently to the user.

Strategies

The implementation of security strategies and solutions consisting of multiple layers of protection by incorporating and melding a blend of physical security, multiple layers of authentication, network monitoring, traffic flow control, firewalls, intrusion detection, intrusion prevention, surveillance, logging and log analysis, specialized software, hardware and complementary technologies are widely regarded to be the fundamental pillars upon which the preservation of rock solid security for networks is built.

Make no mistake about it, this holds true for wired and wireless networks alike. By employing a security-in-depth approach many exploits can be negated. An example of where multiple layers of authentication can return handsome dividends is in wireless network access.

First line of defense is network access and connectivity controls. Users should be required to provide valid current authentication credentials in order to begin to access the wireless network. The user's wireless adapters should also be required to authenticate themselves.

Machine authentication can be implemented by simply creating a Wireless Access Point (WAP) or wireless router MAC Address filter table. Devices lacking a qualified listed MAC Address will be automatically denied network access. This level access control actually precedes any user based authentication mechanisms since the MAC Address is contained in the Layer 2 header of every packet placed onto the network.

The next line in our defenses could involve additional authentication at various points throughout the network including transit beyond the local segment. For wireless networking components this can be most easily achieved by configuring dedicated wireless only network segments or through Virtual Local Area Network segmentation (VLANs) for wireless devices.

These specialized and segregated wireless networking segments can be placed into Demilitarized Zones (DMZs) for ease of administration. It is also advisable to make sure that they are on LAN segments physically independent of the rest of the network. Secondary user passwords or passphrases can be implemented at the application level as well.

Failure to incorporate a multi-layered approach makes the likelihood of successful intrusion far more likely. If all an attacker need do is to “crack” one password or passphrase then having gained access to a wireless network component without secondary authentication mechanisms in place you can safely assume that they will have also gained full access over your entire network. This means all assets and resources including those of the wired segments.

Wired and Wireless Issues

I will now cover the major issues and areas of concern pertaining to wireless network security. Please note that this list is not intended to be absolute nor complete. New exploits and threats arise every day. Hence I have elected to present and highlight here those areas representing the greatest concern and/or those areas most likely to present future new threats and exploits.

Many of the generic issues discussed below apply equally to wireless and wired networks alike. This is especially so when the device in question is a consumer class broadband modem/router. Both the wired and wireless versions will exhibit the same basic preconfigured functionalities and default manufacturer configurations. For example manufacturers tend to use the same default administrator name, administrator password and network names as well as enabling DHCP by default.

So let's get to it and as always security starts with the physical and wireless networking is no different.

Physical Security

There are many physical security related issues regarding wireless networking security including the physical security of the device itself (accidental loss theft etc), device naming and labeling conventions, physical accessibility (so critical for troubleshooting) coverage, Quality of Service (QoS), bandwidth, signal distortion, degradation and strength, device location, type of antennae and many more. If you would like to read more then check out Wireless Networking Physical Security.

Transmission Media

Because wireless networks use a public domain transmission medium, which is freely accessible to anyone with the right tools and desire, it is imperative that additional care and attention be paid to security aspects throughout the network's entire life cycle. So it is that the appropriate time for consideration of these initiatives to commence is at the very beginning of the network's life cycle during the technical requirements analysis and evaluation, planning and design stages. The process will be ongoing from there.

Documentation

Wireless device manufacturers usually provide the device's supporting documentation either on a disc bundled with the device or available for download from the manufacturer's website. In general, this documentation usually describes first steps/getting started, minimum requirements, preparation, installation, additional security procedures and finally troubleshooting and support.

Unfortunately, the vast majority of users will either ignore or skim over this information or anything else that is not pictorially depicted in the quick start guide. Let's face it these are the realities of our plug "n" play world. The device is working and I can use it; end of deal.

Plug "n" Play

The rise in popularity of wireless networks and technologies can in no small part be attributed to plug "n" play capabilities. On the one hand this is a boon for ease of connectivity, user friendliness and all-round ease of use. Yet it is these very aspects that make plug "n" play devices across the board so susceptible to subversion and compromise.

The problem with the default plug "n" play “silent install” approach to the installation and configuration of all devices (including wireless networking devices) is that in so far as network/device security is concerned it is no approach at all.

Manufacturer Defaults

Manufacturers preload their hardware with device specific software (firmware) and a basic configuration intended to get users up and running in the shortest possible time with minimal required user input.

Factory set default configurations, parameters, options and settings of most if not all devices are in the public domain. This is due to the fact that detailed and specific device defaults lists and documentation are generally freely available on the device manufacturer's website. They can also be found on a number of other third party websites.

The big difference between the documentation, resources and tutorials etc that are published on a manufacturer's website and those published on third party websites is that on the whole the third party sites tend not to confine their listings to only those devices manufactured by a single manufacturer. They also tend to reveal more of and about the inherent flaws and potential exploits of a device that a manufacturer would prefer to “overlook”. You might say that they are a one-stop-shop.

War Driving and Wireless Network Hacking

While most of us have heard of hacking the practice of “war driving” is not so well known. So for the benefit of one and all war driving is the practice of cruising around with a wireless enabled laptop complete with a plethora of wireless networking detection and cracking tools. Many war drivers even make use of GPS to physically locate with pin-point accuracy the precise locations of any wireless networks detected.

The major distinction between the two is that war driving is all about discovering the existence of wireless networks. Hacking wireless networks on the other hand is about cracking/breaking into those wireless networks discovered through war driving or any other means such packet sniffing.

In short, the hacking of wireless networks is all about gaining access to a network whilst not being a legitimate bone fide network user with authentic access privileges and rights. This does not infer in any way that a would-be intruder is implicitly malevolent.

For example, legitimate, authorized and authentic security staff conducting site surveys, penetration testing or network preparedness assessments usually do not have “evil” intent. Still others may be attempting to access your wireless network for the thrill of it simply because it's there.

Note that the tools used for war driving and standard wireless hacking purposes are generally the same. In addition, these tools are freely available for download via the Internet usually in the form of self extracting automatic installation packages or user installable software.

What many may not realize is the degree of user friendly sophistication and capabilities that these tools have attained over the years of their existence and development. So it is that in today's wireless networking climate we must assume that attackers are by default armed with these tools. With this in mind we can construct our defenses in a manner best suited to counteracting a multiplicity of threats originating from all angles.

Conclusion

In combination a device's factory defaults and plug "n" play silent installation and setup provide a very user friendly, fast and convenient method to get a device up and running. Yet it is these very same default factory/plug "n" play device parameters, default configuration settings and behaviors that make wireless networks and wireless devices installed in this way without any further user/administrator interaction particularly inherently susceptible to compromise.

Therefore, immediately after the initial setup and installation has completed successfully the first security tasks that you should religiously attend to are the modification and/or customization of the basic manufacturer factory default settings, administrator names, passwords and configurations.

Why is a DoS attack so effective, why does it work? A denial of service attack is basically a flood of empty, fake connections that the server can't handle. The server can only provide so much service at one time, if a ton of fake connections are spamming it, it will not know the difference between a the fake connections or a real person trying to use the website or server, so it will become so preoccupied in accepting and handling the fake flood of connections that it will deny service to the actual users of the website or server. Sometimes, DoS attacks can be so powerful that it will overload and crash the victim server, leaving it offline until it is restarted.

The simple DoS attack Whenever you open your web browser and view a web page, you connect to the website, request information from it, and the website server sends you the information without incident. Now, imagine thousands, or even millions, of people connecting to that same website every second, the website will have to work harder to process everything and will respond more slowly to your request. This is the basis of a denial of service attack. The attacker wants to overload the website with so many connections that it cannot handle any more connections, causing it to reject new connections from real users. The Botnet If you've read about hacking or culture, you might have come across the term, botnet. A botnet is a collection of computers infected with a worm that was distributed by one host machine. The worm will wait in standby until the host machine tells the worm to act. The worm will then connect to the specified website at a high rate. A botnet can contain a dozen to a million infected zombie computers waiting to attack.

The botnet is the nuke of the DoS subject. The Code Any programmer can easily create a program that floods connections to a host machine. I have written a simple example in the Java programming language. This isn't at all a powerful DoS tool, a powerful one would implement threads to connect hundreds of thousands of times per second. This example will connect twice per second, using the standard loop. Here is an example:

1. import java.net.*; 2. public class Flood { 3. public static void main(String[] args) { 4. while(true) { 5. try { 6. Socket s = new Socket("ip",port); 7. System.out.println("Successfully connected!"); 8. } 9. catch(Exception e) { 10. System.out.println("Error connecting to host."); 11. } 12. } 13. } 14. }

The code above - explained:

• Line 1: An import statement, used so that we can create a new Socket to connect to the host machine.
• Line 2: Declaring our class, this is required by Java.
• Line 3: The main method, this is the chunk of code initiated when the program starts.
• Line 4: The loop - This part makes the code under it (indented further) execute every 500 milliseconds - twice per second.
• Line 5: The try-catch statement, this is required incase connecting fails.
• Line 6: The heart and soul of this program, the line that makes the actual connection to the server. "ip" and port are the values that are used to specify who we are connecting to, and through what port.
• Line 7: Telling the user of the program that we have successfully connected.
• Line 8: Closing our try code block.
• Line 9: Stating the error-catch block that will be called incase connecting fails.
• Line 10: Telling the user that we cannot connect.
• Line 11: Closing our error-catch statement.
• Line 12: Closing our loop, anything after this brace will only be initiated once.
• Line 13: Closing our main method.
• Line 14: Closing our program. This isn't even one kilobyte of code, yet it has the power to completely take a website offline, if distributed among many computers. But this code lacks power, it will only connect two times per second.

A more advanced code can connect tens of thousands of times per second. Detecting and Preventing a DoS attack Fortunately, DoS attacks are easily avoided and stopped in their tracks (with the exception of the botnet). Denial of Service attacks leave a connection trace and make it possible for you to turn in the attacker to authorities. There are many programs and firewalls designed to protect servers from this type of attack. A botnet, however, is very hard to stop, because it is performed by numerous computers of innocent people who don't do anything. The DoS attack is looked down upon in the "cracker" (not hacker, hackers are good!), community because they are so easily performed and take no skill to use (in the hacker culture, at least). Summary Denial of Service attacks are simple but can be advanced and complex. They are very powerful, and very tricky as they make use of something that servers were meant to do - accept and process connections. The DoS is truly an underestimated attack.

The word, to most of the world, represents skilled malicious computer users that try to find ways to steal credentials, harass people, deface websites, and steal information. In fact, a very small percentage of actual "hackers" are what the media makes them out to be.

So what exactly is a hacker?

The term originated in the 1960's. Back then, a hacker was a programmer. They would "hack" out code, creating, exploring, and inventing. Hackers were the forefathers to the computer industry. Even Bill Gates can be considered a hacker. Hackers would create advanced programs that most people couldn't even think of.

What makes a hacker tick?

Curiosity. Hackers explore and write programs and code to learn. Most hackers, or programmers, consider what they do as a hobby. Sometimes it can be an obsession. Hackers don't write code to destroy computer systems, they write code to see what they can build, and sometimes what they create is quite amazing. So why do hackers have a bad reputation?

Hackers have a bad reputation because of a very small percentage, isolated from the productive community of hacking. These people are called crackers, they are the ones that use their skill maliciously to infiltrate systems and cause damage. Hackers in truth don't want anything to do with crackers, they view crackers as immature individuals that need to, to be blunt, get a life. Most crackers are adolescent males who get a rush out of hacking systems. Crackers destroy, hackers create.

Overall, hackers are given a bad name by crackers and the media. Hackers forged the internet as it is today and continue to invent ground-breaking technology and programs.

Hackers created the computer industry as it is today, from the internet to your cell phone.

1. Search For Knowledge

   One thing that Hackers must learn that nothing last forever and that no one is able to know everything about Hacking. Most of knowledge is actually written you must seek someone, from who you wish to learn, from who you are willing to learn for several years. Most of the hacking starts with innocent exploration on computers, and than it grows, every this try is possibility of founding out something new. Knowledge is written everywhere: in forums, in guides, in guidelines that lead to the answer of your question.

2. Getting Started

    First of all learn how to program. Start with easy ones like Python its quite simple and designed that anyone should be able to understand it. Good tutorials are available on Python web site. After mastering Python my subjection is that you should continue with Java but I saw many people having a lot of problems with it. Than even if you did skip the Java part you should start with C, than C++. This is sufficient for those who are not eager to know more than that most of those who will read this text is interested in Java programming. PERL and LISP are common computer languages used by hackers if you want to be at least hacker that is not afraid of learning than my subjection that you will need a lot of tries and patience and power of will to get this done.

3. Linux

   Linux is the operating system that is the easiest to explore and to understand. Than you should try to understand UNIX once when you understand it you will be able to modify the code. Linux programming tools are much better than tools on windows. Now you have at least 10 years of your life mastering those program languages.

4. Famous Web And Writing HTML Files

    The first you need to learn is how web works. Now most of people think that surfing on web is actually it but you need to know how to write HTML codes.

This is part 1 of my guide what is Hacker and what is Hacking.

Now I don't have anything against my stepdaughter and in fact the whole family uses the computer so it could be any of us but it always seems to be right after she uses it. She uses it very seldom and when the rest of the family uses it there are no problems. I know what the problem is. She goes on these girly websites that have you dress up a doll or put makeup on a face. It asks you if you will just download some items that you need to use this website. My stepdaughter will do this and a few days later the computer crashes. Then I have to sit there and fix the computer either by using an Anti-Virus program or having to restore the computer to a previous date loosing valuable computer information.

We tried various things: limiting her computer time, making a password on her account and restricting her account so she can't do anything bad to the computer. Yet when I recently ran the anti-spyware program it found 15 spywares.

So I am at my wits end. I either have to accept that I will always need to back up my programs and if anything happens reboot them, run the antivirus program, or block the websites my stepdaughter wants to go to.

The whole problem is the internet. It is too easy to send someone a virus or send them spyware to screw up a person's computer. I think that for every antivirus and anti spyware software created there are double the amount of viruses and spyware created. What is the point? Do people really need to spy on the general public to make a dollar?

With all the time they create making spyware to spy on you, they could find a legal internet job that could put their programming skills to use for big bucks. I guess this doesn't matter. I guess if you're a hacker you will always find it a thrill to destroy or spy on someone's computer. But for that person I have one response. Imagine if it was your computer that was infected and stopped working. You wouldn't like that now would you? Neither do we, the general public.

Don'ts

Never ever use you user name as the password. That is probably one of the first thing people try. Other things that peopletry as passwords are Calendar months i.e. March or week days i.e. Monday. you should also never use dates as passwords. So if you are thinking about using your birthday as password forget it think again. When choosing a password never use a sequence ie 22222222 or 12345678 or qwertyu.

If your password is in the dictionary of any language then there is a very good chance that some hacker will be able to break into your account. Password should be kept secret. Don't share them with anyone and don't write them down. If you have to give someone your password for whatever reason, make sure you change it asap after the person has finished with whatever he/she was doing. I have friends that use the same password on all websites that they use. Does that make sense? No! If one account is broken into all of them are broken into. Which leads us to the Does.

Dos

Make sure you use different passwords for different websites. make it as difficult as possible for anyone to simply guess your password. Use a mixture of UPPERCASE and lowercase letters and as many numbers and symbols (where allowed) as possible. Make sure you your chosen password is at least 8 characters long and remember the longer the better.

Microsoft has a website where you can check your password strength. (HERE) You might be surprised that your password is very weak. Change your password regularly. Every month if possible but at least every 90 days. I hope this will help you to keep your stuff save and secure.

How do they do this?

Well the hacker as a range of software and a very good knowledge of computers, they use the software to scan open ports on your computer and then using the software they gain entry on that computer.

Once on the computer they will either cause damage, steal information or leave, some hackers do it for fun and the challenge, some others do it for the money, hacking Can be an easy way to make cash for some people.

Hackers are not people you would want to meet on your computer, they can bend some of the best systems in the world and dodge the best security, there is no sure way for you to dodge a hacker, some might not be bale to get through your firewall but there are some out there that can get through.

Protection on your computer is a must if you want to avoid on of these people, a firewall is a good place to start, this creates a wall for the hacker and tries to keep them out, however like I have said it’s not 100% hacker proof, some are just to experienced and will be able to beat the software.

Some signs of an hacker on your system is the computer is doing what it wants, files disappearing or moving, data suddenly sending to the internet, your mouse moving where it wants, if you see any of this turn your computer off there and then, this will break the connection with the hacker, or disconnect the phone line on your computer.