Preventing hackers from stealing your money - please read.

[ColdCaller]

In the wake of all of the chipdumping and episodes involving 'tealninja' and 'playerlogin', there have been numerous posts on 2+2 detailing how to secure your system and network, with many of them being completely inaccurate and possibly detrimental. While I have no sympathy for people who are hacked due to the fact that they leave tens of thousands of dollars on their online poker accounts without adequately securing their systems, the misinformation and fearmongering built up by people in the Zoo is has far surpassed my point of tolerance.

My background: I have worked for several dot-com companies and technical corporations as a network and systems administrator, network analyst, web programmer, quality assurance technician, and have liasoned with the U.S. government for assistance with certain departments concerning network security and cryptology. I have significant education in computer networking/programming, systems analysis, as well as game theory. I feel more than qualified to write a beginner-to-intermediate guide for implementing good network security for Internet poker players.

Disclaimer: This guide is meant to be an entry-level document to help in securing your network and computers that you access the Internet with, along with various other activities. None of the advice contained within guarantees that your system and network will be totally secure, and carries no guarantee, implied or otherwise. You assume all the risks of implementing such a strategy.

So, with all of that out of the way, what do we need to do to secure our systems and our network to avoid hacking attempts that can potentially cost us thousands of dollars in time and real money, not to mention the very real possibility of identity theft, which is far worse than any amount of money you may have lost?

Before we go into detail of securing your system, let me say that this guide will address people running Windows XP Home, Professional, or Corporate only. Though the recommendations will help older Windows users as well, no effort to clarify the steps will be taken.

Step One: Baseline Operations

“So high-speed Internet access makes me more vulnerable, since attackers are coming at me faster?” –Idiot AOL user on a commercial
“Yes, exactly.” –Retard AOL system administrator on the same commercial

You’ve probably seen that commercial, and you probably believe in it. It’s not true. In fact, people who are on dial-up are probably MORE at risk than broadband Internet users, since most (if not all) dial-up users aren’t using a hardware firewall to protect them.

This post will continue to address only users with broadband connections, as they are the overwhelmingly vast majority of the 2+2 posters here, I imagine.

What You Will Need to Protect Yourself – Non-negotiable pieces of the puzzle
-A good router (I recommend the Linksys WRT54GS, as it offers wireless access and is an overall good piece of hardware for the cost)
-Good anti-virus software (most commercially available software is going to be good enough, regardless of the brand – don’t buy into the brand war hype. My recommendations are Kaspersky Anti-Virus or BitDefender)
-Good Antispyware software (Microsoft Anti-Spyware is pretty good, but you should use a combination of MS Anti-Spyware and Spybot Search and Destroy to catch everything. Lavasoft’s Ad-Aware is good, as well.)
-A legitimate copy of Windows XP. This is non-negotiable. You NEED to have a non-pirated version of Windows XP, because of Windows Updates and the possibility that backdoor software was built into your copy of pirated Windows. If you refuse to spend the money on a registered copy, stop reading.

Optional Protection
-A software-based firewall (ZoneAlarm is a good choice, but if you use BitDefender, it has a built-in firewall as well)
-Third-party router software (I recommend dd-wrt for your Linksys WRT54GS, but I will not discuss at length on how to configure it)

Your network should look something like this:

Cable Modem -> Router -> Computer

And if you have wireless devices, the router feeds them data as well without a hard-wired connection. Let me say this right off the bat: Using wireless Internet for online poker is dangerous and not recommended. You are putting yourself at higher risk for comfort. If this is okay with you, so be it.

Step Two: Initial Setup

The steps you should take in order to secure your system are as follows:

1) Reformat your system.
2) Reinstall Windows with a legitimate CD-key.
3) Do not connect your system to the Internet yet.
4) Install all hardware drivers that you have without using the Internet.
5) Install Anti-Virus software and optional firewall software.
6) Scan your system and data backups for viruses.
7) Connect your router to your computer, but do not connect the cable modem to the router.

After you have completed those steps in order and to the fullest extent, you move on to Step Three.

Step Three: Configuring Network Pieces

After you have connected the router, you will need to consult the installation manual to perform the following tasks. I cannot address all of configuration possibilities of the routers, so I am going to give you general instructions.

1) Hold the reset button on the back of the router for 45 seconds continuously.
2) Connect to your router’s web-based interface using the default login and password.
3) Change the default login and password using at least eight (8) alphanumeric characters that cannot be found sequentially in any dictionary.
4) If you use wireless, enable the wireless option and change the following settings: Enable wireless security (use WPA2 Pre-Shared Key if your systems support it, WEP is not secure enough), set a password that is NOT THE SAME as your router login password but still using the same guidelines as step 3, change the broadcast channel to something other than the default (usually channel six).
5) Disable uPnP through the router, if possible.
6) Set up all necessary port forwarding fields. If you don’t know how to, follow the instruction at portforward.com.
7) Set up a static IP for ALL systems that will access the Internet on the network, and be sure they are outside the DHCP range of your router. If you don’t know how to do this, see portforward.com for instructions.
8) Enable the hardware firewall and disable anonymous requests from hitting your computer, enable NAT (Network Address Translation), and filter IDENT requests.
9) (Optional) Set up QoS for your poker programs to improve speeds.

This is extremely important: Disable uPnP through Windows XP. http://grc.com/UnPnP/UnPnP.htm has a step-by-step guide. This is what allows people to run Trojan programs on your system without using port forwarding to gain access to your system.

After you have taken these steps, move forward to Step Four.

Step Four: Connecting Your Computer to the Internet

At this point you can connect your router to the cable/DSL modem. Be sure to power cycle the router when you connect it to ensure a good firmware restart and connection to the ISP. Go into the router’s configuration and ensure that your computer is outside the DHCP range and using a static IP address as you set up in Step Three, Substep Seven.

At this point, you should update all of your software definitions and hardware drivers. Update the Anti-Virus definitions first, then your firewall (if you have a software one), then the hardware drivers. Reboot the system. Run Windows Update and download and install ALL of the updates. Reboot the system.

Scan the system for spyware/adware.

If you have a software firewall, disable Windows Firewall. If you don’t, you should probably leave it active, though it doesn’t do a whole lot. If you don’t want to go through the pain of application protection through ZoneAlarm (I don’t), you can use ISS BlackIce Defender without AP to stop basic port scans and see incoming transmissions.

(Optional): At this point I recommend writing down all of the settings you used in Step Three to setup the router successfully, and install a third-party firmware that is compatible with your router, such as dd-wrt for Linksys WRT54G and GS routers. They provide added features and security, as well as the ability to boost the wireless signal up to ten times the strength of the default firmware for better connectivity.

(Optional): If you have a software firewall, be sure to monitor the programs that you allow outgoing access. Don’t trust things that require keyboard/mouse hooks.

Step Five: Ongoing Security Procedures

Now you have a pretty good setup through Windows XP and should remain fairly secure. However, no matter how well you set up a network and a system, it can always be exploited. Be sure to follow the directions below to help minimize the chance you will be hacked:

-Run a full anti-virus scan every other day. Let it run while you sleep.
-Update the anti-virus definitions every week, at least.
-Scan your system everyday for spyware/adware. Let it run while you sleep.
-Stay on top of Windows Updates. Download and install them constantly.
-Check technical sites like AnandTech or Slashdot once in awhile for potential hardware/software exploits that Windows Update doesn’t catch immediately.
-Don’t use peer-to-peer file sharing (I named sample programs and services, but they are all censored. I can only hope you know what LW, KZ, and BT stand for.) Obtain your files legally to minimize risk. Never install pirated software. I realize that everyone on the board probably does (including me), but your risk goes up if you do this on the same machine you play poker on. You have been warned.
-If you run a server for anything (FTP, streaming audio/video, etc), buy another cheap computer and use that for those operations, or buy a computer solely for online poker with no other functionality.

I hope this guide helps you in setting up a secure computer and network to protect yourself. While some of the steps may seem a bit extreme, this is meant to be a top-to-bottom guide to protect you to the fullest extent. It’s up to you on how much you want to follow, if at all.

Comments and suggestions welcome in PM or as a reply to this post. Constructive criticism is welcome, but please direct the flames to a forum like OOT.

[Freakin]

If this not's good enough for a sticky, I don't know what is.

This should be stickied, either in Comp help, or Internet

[Elevens]

[ QUOTE ]
If this not's good enough for a sticky, I don't know what is.

This should be stickied, either in Comp help, or Internet

[/ QUOTE ]

[Kneel B4 Zod]

is there anyway to know if there is already a trojan on my PC?

[Wake up CALL]

[ QUOTE ]
is there anyway to know if there is already a trojan on my PC?

[/ QUOTE ]

yes,

Log onto your PC, open all your poker accounts. Go to sleep, in the morning if you are busted you had a trojan.

Enjoy

[Knockwurst]

[ QUOTE ]
[ QUOTE ]
If this not's good enough for a sticky, I don't know what is.

This should be stickied, either in Comp help, or Internet

[/ QUOTE ]

[/ QUOTE ]

[ColdCaller]

[ QUOTE ]
is there anyway to know if there is already a trojan on my PC?

[/ QUOTE ]

Unless anti-virus programs catch it or you can manually remove it by thoroughly analyzing msconfig and your configuration files, then no. That's why I recommend backing up data and reformatting.

[Kneel B4 Zod]

[ QUOTE ]
[ QUOTE ]
is there anyway to know if there is already a trojan on my PC?

[/ QUOTE ]

Unless anti-virus programs catch it or you can manually remove it by thoroughly analyzing msconfig and your configuration files, then no. That's why I recommend backing up data and reformatting.

[/ QUOTE ]

this is a worry for me. I have 2 routers (one vonage, one lynksys) with a basic WEP password. The admin password on the router is set to whatever the default password is. I have zone alarm on my PC, but I carelessly let my Mcafee subscription run out a few weeks ago.(so it still runs, but has not been updated recently).

The only reason I have to suspect something weird is going on is this:

When I put my PC on standby, it sometimes 'wakes up' in the middle of the night by itself. When I turn go it, it sometimes gives some weird message about another user being logged on (!). but no files have ever been changed, no money has gone missing from any account, etc. this has been going on for a little while (at least a few weeks). this is either my Dell acting wierd, or a trojan being very obvious as to it's presence on my pc.