Once you make your home personal computer from the store or receive in the mail, there is nobody around to maintain basic tips computers to cleaning and improving the performance of your computer. Maintenance and cleaning of your computer must be part of the regular routine to ensure that you have long-term problems with the computer. Unfortunately, users of the most basic computers can not understand the mechanisms feel intimidated by computers or maintenance. There are simple steps anyone can ensure that your computer is running them will get when first moved out of the box to continue.

One of the first files on your computer with System Tools, located under the Start menu, Programs, and accessories. Tools maintenance system tools home base, such as Disk Defragmenter, Disk Cleanup, Backup, Scheduled Tasks and Information and Scan Disk on some computers Microsoft Windows. Surprising that these files are located in Accessories because they really the key to your system properly and support to improve the age group of computer performance.

Go regularly on my computer and right click on Local Disk (drive C) and open the properties. So you can see how much space you use and how much you have left to use your computer. According to the tools in this area, you can usually scan a page to disk. If you are considering a drive from here, Microsoft will launch a drive through analysis of system programs. It is important to run this file to determine if there are errors or problems running on your computer and the disk scan will repair potential problems. Some experts recommend performing a full scan disk and then a basic disk scan up to once a week on your computer to keep the first set of conditions.

After that, it is important to perform a Disk Cleanup regularly, either under Properties under the drive C: or under System Tools. Be aware that as Scan Disk and Disk Cleanup can take a long time and is best before these maintenance tools when not using the computer. Establish a routine with yourself, clean up the implementation of the disk and disk scan on Saturday evening, watching a movie with your family. After Disk Cleanup tool, also contributes regularly to perform a reconstruction. The hard disk is very fragmented over time, which means that the programs have worked together once separated in time from each other and not the right place, too, work on your computer. This delayed the implementation of procedures or use certain programs difficult. The Disk Defragmenter can pull the pieces to work again, and things return.

Basic maintenance routines that will ensure your computer is running at peak performance start with simply get rid of files that do not. If you have an earlier document in Word, you have a program not in a long time, or images and music used, do not use, delete it from your computer. Note that once you delete them, do not disappear automatically, but rather in the garbage, and it is also important to empty the garbage, as it is, delete the old files.

Old files on the Internet can slow down your computer. Often with Disk Cleanup is an opportunity to get rid of temporary files Internet, but you also get rid of them on your own, using your temporary Internet files in Microsoft Internet Explorer. Click the  Tools  then  Options Internet, General tab, Temporary Internet Files and delete files. Also, take a moment to clear all temporary files that you purchased in May, downloads from the Internet. More about the model temporary files on your computer in different places can be, but usually when the Disk Cleanup and scan there will be an option for temporary files and releasing them.

Get one other resources useful and easy to achieve the performance of your computer to run programs that protect you use a firewall to access the computer, installing software and always up to date available for Microsoft and protection programs. Keep a regular maintenance and establishment of a routine updates on your computer to ensure that the purpose of your computer the way, was the first to wear when they go home.

Public Keys

Public-key cryptography makes it possible for people who do not share a common key to communicate securely. It also makes signing messages possible without the presence of a trusted third party. Finally, signed message digests make it possible to verify the integrity of received messages easily.

However, there is one problem that we have glossed over a bit too quickly: if Alice and Bob do not know each other, how do they get each other's public keys to start the communication process? The obvious solution—put your public key on your Web site—does not work for the following reason. Suppose that Alice wants to look up Bob's public key on his Web site. How does she do it? She starts by typing in Bob's URL. Her browser then looks up the DNS address of Bob's home page and sends it a GET request, as shown in Fig. 1. Unfortunately, Trudy intercepts the request and replies with a fake home page, probably a copy of Bob's home page except for the replacement of Bob's public key with Trudy's public key. When Alice now encrypts her first message with ET, Trudy decrypts it, reads it, reencrypts it with Bob's public key, and sends it to Bob, who is none the wiser that Trudy is reading his incoming messages. Worse yet, Trudy could modify the messages before reencrypting them for Bob. Clearly, some mechanism is needed to make sure that public keys can be exchanged securely.

Figure 1. A way for Trudy to subvert public-key encryption.

Certificates

As a first attempt at distributing public keys securely, we could imagine a key distribution center available on-line 24 hours a day to provide public keys on demand. One of the many problems with this solution is that it is not scalable, and the key distribution center would rapidly become a bottleneck. Also, if it ever went down, Internet security would suddenly grind to a halt.

For these reasons, people have developed a different solution, one that does not require the key distribution center to be on-line all the time. In fact, it does not have to be on-line at all. Instead, what it does is certify the public keys belonging to people, companies, and other organizations. An organization that certifies public keys is now called a CA (Certification Authority).

As an example, suppose that Bob wants to allow Alice and other people to communicate with him securely. He can go to the CA with his public key along with his passport or driver's license and ask to be certified. The CA then issues a certificate similar to the one in Fig. 2 and signs its SHA-1 hash with the CA's private key. Bob then pays the CA's fee and gets a floppy disk containing the certificate and its signed hash.

Figure 2. A possible certificate and its signed hash.

The fundamental job of a certificate is to bind a public key to the name of a principal (individual, company, etc.). Certificates themselves are not secret or protected. Bob might, for example, decide to put his new certificate on his Web site, with a link on the main page saying: Click here for my public-key certificate. The resulting click would return both the certificate and the signature block (the signed SHA-1 hash of the certificate).

Now let us run through the scenario of Fig. 1 again. When Trudy intercepts Alice's request for Bob's home page, what can she do? She can put her own certificate and signature block on the fake page, but when Alice reads the certificate she will immediately see that she is not talking to Bob because Bob's name is not in it. Trudy can modify Bob's home page on-the-fly, replacing Bob's public key with her own. However, when Alice runs the SHA-1 algorithm on the certificate, she will get a hash that does not agree with the one she gets when she applies the CA's well-known public key to the signature block. Since Trudy does not have the CA's private key, she has no way of generating a signature block that contains the hash of the modified Web page with her public key on it. In this way, Alice can be sure she has Bob's public key and not Trudy's or someone else's. And as we promised, this scheme does not require the CA to be on-line for verification, thus eliminating a potential bottleneck.

While the standard function of a certificate is to bind a public key to a principal, a certificate can also be used to bind a public key to an attribute. For example, a certificate could say: This public key belongs to someone over 18. It could be used to prove that the owner of the private key was not a minor and thus allowed to access material not suitable for children, and so on, but without disclosing the owner's identity. Typically, the person holding the certificate would send it to the Web site, principal, or process that cared about age. That site, principal, or process would then generate a random number and encrypt it with the public key in the certificate. If the owner were able to decrypt it and send it back, that would be proof that the owner indeed had the attribute stated in the certificate. Alternatively, the random number could be used to generate a session key for the ensuing conversation.

Another example of where a certificate might contain an attribute is in an object-oriented distributed system. Each object normally has multiple methods. The owner of the object could provide each customer with a certificate giving a bit map of which methods the customer is allowed to invoke and binding the bit map to a public key using a signed certificate. Again here, if the certificate holder can prove possession of the corresponding private key, he will be allowed to perform the methods in the bit map. It has the property that the owner's identity need not be known, a property useful in situations where privacy is important.

X.509

If everybody who wanted something signed went to the CA with a different kind of certificate, managing all the different formats would soon become a problem. To solve this problem, a standard for certificates has been devised and approved by ITU. The standard is called X.509 and is in widespread use on the Internet. It has gone through three versions since the initial standardization in 1988. We will discuss V3.

X.509 has been heavily influenced by the OSI world, borrowing some of its worst features (e.g., naming and encoding). Surprisingly, IETF went along with X.509, even though in nearly every other area, from machine addresses to transport protocols to e-mail formats, IETF generally ignored OSI and tried to do it right. The IETF version of X.509 is described in RFC 3280.

At its core, X.509 is a way to describe certificates. The primary fields in a certificate are listed in Fig. 3. The descriptions given there should provide a general idea of what the fields do. For additional information, please consult the standard itself or RFC 2459.

Figure 3. The basic fields of an X.509 certificate.

For example, if Bob works in the loan department of the Money Bank, his X.500 address might be:

/C=US/O=MoneyBank/OU=Loan/CN=Bob/

where C is for country, O is for organization, OU is for organizational unit, and CN is for common name. CAs and other entities are named in a similar way. A substantial problem with X.500 names is that if Alice is trying to contact This email address is being protected from spambots. You need JavaScript enabled to view it. and is given a certificate with an X.500 name, it may not be obvious to her that the certificate refers to the Bob she wants. Fortunately, starting with version 3, DNS names are now permitted instead of X.500 names, so this problem may eventually vanish.

Certificates are encoded using the OSI ASN.1 (Abstract Syntax Notation 1), which can be thought of as being like a struct in C, except with a very peculiar and verbose notation. More information about X.509 can be found in (Ford and Baum, 2000).

Public Key Infrastructures

Having a single CA to issue all the world's certificates obviously would not work. It would collapse under the load and be a central point of failure as well. A possible solution might be to have multiple CAs, all run by the same organization and all using the same private key to sign certificates. While this would solve the load and failure problems, it introduces a new problem: key leakage. If there were dozens of servers spread around the world, all holding the CA's private key, the chance of the private key being stolen or otherwise leaking out would be greatly increased. Since the compromise of this key would ruin the world's electronic security infrastructure, having a single central CA is very risky.

In addition, which organization would operate the CA? It is hard to imagine any authority that would be accepted worldwide as legitimate and trustworthy. In some countries people would insist that it be a government, while in other countries they would insist that it not be a government.

For these reasons, a different way for certifying public keys has evolved. It goes under the general name of PKI (Public Key Infrastructure). In this section we will summarize how it works in general, although there have been many proposals so the details will probably evolve in time.

A PKI has multiple components, including users, CAs, certificates, and directories. What the PKI does is provide a way of structuring these components and define standards for the various documents and protocols. A particularly simple form of PKI is a hierarchy of CAs, as depicted in Fig. 4. In this example we have shown three levels, but in practice there might be fewer or more. The top-level CA, the root, certifies second-level CAs, which we call RAs (Regional Authorities) because they might cover some geographic region, such as a country or continent. This term is not standard, though; in fact, no term is really standard for the different levels of the tree. These in turn certify the real CAs, which issue the X.509 certificates to organizations and individuals. When the root authorizes a new RA, it generates an X.509 certificate stating that it has approved the RA, includes the new RA's public key in it, signs it, and hands it to the RA. Similarly, when an RA approves a new CA, it produces and signs a certificate stating its approval and containing the CA's public key.

Figure 4. (a) A hierarchical PKI. (b) A chain of certificates.

Our PKI works like this. Suppose that Alice needs Bob's public key in order to communicate with him, so she looks for and finds a certificate containing it, signed by CA 5. But Alice has never heard of CA 5. For all she knows, CA 5 might be Bob's 10-year-old daughter. She could go to CA 5 and say: Prove your legitimacy. CA 5 responds with the certificate it got from RA 2, which contains CA 5's public key. Now armed with CA 5's public key, she can verify that Bob's certificate was indeed signed by CA 5 and is thus legal.

Unless RA 2 is Bob's 12-year-old son. So the next step is for her to ask RA 2 to prove it is legitimate. The response to her query is a certificate signed by the root and containing RA 2's public key. Now Alice is sure she has Bob's public key.

But how does Alice find the root's public key? Magic. It is assumed that everyone knows the root's public key. For example, her browser might have been shipped with the root's public key built in.

Bob is a friendly sort of guy and does not want to cause Alice a lot of work. He knows that she is going to have to check out CA 5 and RA 2, so to save her some trouble, he collects the two needed certificates and gives her the two certificates along with his. Now she can use her own knowledge of the root's public key to verify the top-level certificate and the public key contained therein to verify the second one. In this way, Alice does not need to contact anyone to do the verification. Because the certificates are all signed, she can easily detect any attempts to tamper with their contents. A chain of certificates going back to the root like this is sometimes called a chain of trust or a certification path. The technique is widely used in practice.

Of course, we still have the problem of who is going to run the root. The solution is not to have a single root, but to have many roots, each with its own RAs and CAs. In fact, modern browsers come preloaded with the public keys for over 100 roots, sometimes referred to as trust anchors. In this way, having a single worldwide trusted authority can be avoided.

But there is now the issue of how the browser vendor decides which purported trust anchors are reliable and which are sleazy. It all comes down to the user trusting the browser vendor to make wise choices and not simply approve all trust anchors willing to pay its inclusion fee. Most browsers allow users to inspect the root keys (usually in the form of certificates signed by the root) and delete any that seem shady.

Directories

Another issue for any PKI is where certificates (and their chains back to some known trust anchor) are stored. One possibility is to have each user store his or her own certificates. While doing this is safe (i.e., there is no way for users to tamper with signed certificates without detection), it is also inconvenient. One alternative that has been proposed is to use DNS as a certificate directory. Before contacting Bob, Alice probably has to look up his IP address using DNS, so why not have DNS return Bob's entire certificate chain along with his IP address?

Some people think this is the way to go, but others would prefer dedicated directory servers whose only job is managing X.509 certificates. Such directories could provide lookup services by using properties of the X.500 names. For example, in theory such a directory service could answer a query such as: ''Give me a list of all people named Alice who work in sales departments anywhere in the U.S. or Canada.'' LDAP might be a candidate for holding such information.

Revocation

The real world is full of certificates, too, such as passports and drivers' licenses. Sometimes these certificates can be revoked, for example, drivers' licenses can be revoked for drunken driving and other driving offenses. The same problem occurs in the digital world: the grantor of a certificate may decide to revoke it because the person or organization holding it has abused it in some way. It can also be revoked if the subject's private key has been exposed, or worse yet, the CA's private key has been compromised. Thus, a PKI needs to deal with the issue of revocation.

A first step in this direction is to have each CA periodically issue a CRL (Certificate Revocation List) giving the serial numbers of all certificates that it has revoked. Since certificates contain expiry times, the CRL need only contain the serial numbers of certificates that have not yet expired. Once its expiry time has passed, a certificate is automatically invalid, so no distinction is needed between those that just timed out and those that were actually revoked. In both cases, they cannot be used any more.

Unfortunately, introducing CRLs means that a user who is about to use a certificate must now acquire the CRL to see if the certificate has been revoked. If it has been, it should not be used. However, even if the certificate is not on the list, it might have been revoked just after the list was published. Thus, the only way to really be sure is to ask the CA. And on the next use of the same certificate, the CA has to be asked again, since the certificate might have been revoked a few seconds ago.

Another complication is that a revoked certificate could conceivably be reinstated, for example, if it was revoked for nonpayment of some fee that has since been paid. Having to deal with revocation (and possibly reinstatement) eliminates one of the best properties of certificates, namely, that they can be used without having to contact a CA.

Where should CRLs be stored? A good place would be the same place the certificates themselves are stored. One strategy is for the CA to actively push out CRLs periodically and have the directories process them by simply removing the revoked certificates. If directories are not used for storing certificates, the CRLs can be cached at various convenient places around the network. Since a CRL is itself a signed document, if it is tampered with, that tampering can be easily detected.

If certificates have long lifetimes, the CRLs will be long, too. For example, if credit cards are valid for 5 years, the number of revocations outstanding will be much longer than if new cards are issued every 3 months. A standard way to deal with long CRLs is to issue a master list infrequently, but issue updates to it more often. Doing this reduces the bandwidth needed for distributing the CRLs.

How to Protect Your Computer from a Virus

• Virus can do great damage to your computer or none at all.
• A Trojan does not travel from one computer to another, like the virus and worm can.
• Viruses are spread by email, downloads, floppies of any kind, new hard drives, or network computers.

A virus will place itself into other program files and when the infected program runs, the virus code looks for other program files to infect. If that infected file is sent to another computer user, the virus may spread quickly. A virus can do great damage to your computer or none at all. Some are simply annoying, while others will destroy your hard drive. There are two basic types of viruses. Those that infect files and those that infect the areas on your disk that are used to start up your hard disk or boot sector.

While most anti virus companies are now using the term "virus" to include Trojans, worms, and viruses, there are differences. A Trojan does not travel from one computer to another, like the virus and worm can. A trojan can seem to do something useful while concealing it's actual destructive purpose, such as destroy files. A worm's a self-replicating program that does not alter files, but stays in active the memory and duplicates itself. Worms use the features of the operating system to remain undected by the user. Quite often they will carry a malicious payload.

How can you protect yourself from such attacks? How can you safeguard your computer? Some simple steps will help to greatly diminish your chances of getting a virus, trojan, or worm. While these are simple steps, they are also routine steps.

Viruses are spread by email, downloads, floppies of any kind, new hard drives, or network computers. You can therefore get a virus from your email, but not AOL email, downloads from the internet, or any floppy disc.

You should always scan every floppy and any new download regardless of who you received it from. Floppies can carry boot sector viruses which can disable your computer from starting up, and you can never be sure that the one who sent you that file scanned their own system

The best way to protect yourself is to NEVER download anything for someone you do not know. Even if you do know who sent you something, you might still want to scan it to be safe. If the person sending the file does not know they are infected, you stand a good chance of getting infected also. Some virus programs send out email using the person’s address book, and something that might appear to be from a friend, was not actually sent by them at all, but rather the virus.

You do not want to EVER click on hyperlinks sent to you by strangers. There is a good chance that you might end up someplace online that you do not want to be, if you click it. Many web sites today have them set up, so that when you go to that page, it starts an automatic download. To safeguard against an unknown and unwanted download, beware of clicking on hyperlinks from those you do not know.

Never give out your password for get online to anyone. Beware of email or instant messages asking for your password. An internet newcomer might easily be fooled if the email appears to be from an official source. Remember that your Internet Service Provider will NEVER ask for your password, nor you’re billing information. Never give out your billing information or password.

Everyone that uses a computer should have virus protection, and have it enabled. While having this protection is good, it serves little purpose if the virus protection is not updated on a regular basic, and often. The virus protection, if kept updated, in most cases will catch a virus that is trying to infect your computer.

There are several levels of virus protection, and various companies offering it. The best thing to do is decide what is best for your particular needs. If you start out with just basic protection, you can always upgrade to more lately if the need arises. The important thing is to get protected now.

Two virus protection companies are Norton and McAfee.

Computer Security Basics

• Passwords are one of your first lines of defense against an attack, but sadly they're overlooked.

As an IT and Security instructor I frequently get asked the question "What should I be doing to protect and secure my computer?" In response to this question I give a lot of the usual answers plus a host of other suggestions that can and will make a system more secure and make one less of a target. When I decided to write this article I decided that I would put together a list of "Tips and tricks" to assist you, the reader, in making your system more secure.

The following list I put together as a checklist and is not meant to imply any step is necessarily more important than another.

• Antivirus Program: Chances are a good number of you reading this article will have an antivirus scanner in place, however there are still more than a few computer users who do not. The reality is that everyone should have an antivirus program installed, running and most importantly up-to-date. There are currently a number of options to choose from including Norton and McAfee or free versions from vendors like Grisoft (www. grisoft.com), so if you do not have one, get one today.

Trivia: Recent surveys suggest that between 25% and 35% of computer users worldwide have virus protection installed.

• Firewalls: Firewalls serve a very important function which is controlling the flow of traffic on and off a computer thereby stopping unauthorized ingress and egress of data. Firewalls become even a bigger issue for those of you who have a) broadband b) use wireless or c) use public hot-spots as such connections all expose one to higher risk than older, slower connection standards such a dial-up. Great options for firewalls include, on the software side, Kerio, Norton and Zonealarm • or hardware solutions such as dialup.

Tip: Not sure how well your firewall is working? Want to test it out? Browse over to the "Shields Up" utility over at (www.grc.com) and put your firewall to the test.

• Updates and Patches: Keeping your system up-to-date with the latest patches first and foremost ensures that you are not only staying current with your software it also ensures that you do not have any nasty "holes" to be exploited. An example of what happens when patches are overlooked think back to the Nimda worm from 2001; this same worm is still infecting some Microsoft web servers today simply because some system admins have not installed a patch from 5 years ago.

• Complex Passwords: Passwords are one of your first lines of defense against an attack, but sadly they are overlooked quite often until it is too late. Those that do use passwords tend to overlook basic safety with passwords by not using what is called password complexity; password complexity refers to a password that has the following characteristics: Upper and lower case letters Special characters such as @ % or $ Are at least 7 or 8 characters long Are not words found in the dictionary or are easy to guess Using these simple guidelines to construct a password makes it significantly harder to break and therefore a successful deterrent against an attacker. Another tip with passwords? Do not write them down. Ever.

Trivia: The most common place to find the password of a user who has written it down? On a Post it note under their keyboard (no kidding).

• Backing up: Backing up represents one of the final options if your system finally decides that it is going to take an "Extended leave" when you need it most. You should ideally be backing up your computer on a regular basis either daily or weekly (depending on your own needs) to a medium such as tape, CD or DVD.

• Do you really need that? Most people have a lot of software installed on their machine, but the question is how much of that do they actually use? Uninstalling applications you do not ever use or just plain do not need, reduces what security professionals call your "Attack surface" or possible ways for someone to attack you. A great place to start is to look at those applications that came bundled with your PC when you bought it. If you do not need it, do not patch it just uninstall it.
• 
  Can we get some service here?: In Windows (XP Pro and Windows 2000 Only) you might have heard of something called Services, which run in the background on your machine. Services provide features such as file sharing, networking enhancements and many other system features both obvious and otherwise. The problem is that more services are started in Windows than are normally needed, but they are started anyway to make the system useable by the greatest number of people. Shutting down unnecessary services can not only make your system run faster, but can also reduce the number of ways some can attack you. Basically if it is not running, it cannot be exploited. Not sure what to shut off? Take a look at this helpful URL for guidance

(http://www.liutilities.com/prod-ucts/wintaskspro/processlibrary/)

Note: Shutting down services if done correctly can be a great way to make a system more secure and perform better. Shutting down the wrong service can make a system unable to boot, so exercise caution.

Using the preceding tips can make you much more secure than you would be otherwise. I usually recommend these as a first line of defense. If you are feeling brave you can take this even further. The important thing to remember when trying to secure a system, (whether it is a single PC or an entire network) is that it can never be 100% secure. However, you can make yourself less of a target by making it harder to go after your system.

Until next time my friends, stay safe.