|
Whether
you have a dial-up Internet account and a modem or a broadband DSL
or Cable modem connection, you need to be concerned about security.
It is a common misconception that dial-up customers don’t need
to worry about CyberAttacks. However, every Internet user these
days needs to be concerned about avoiding attacks that could inconvenience
or incapacitate your home machine.
Types
of Threats
Secure Home Networking Practices
The Basic Home Network Security Toolkit
- The
threats facing Internet users today include:
Malware – This generic term refers to viruses, worms, or
any executable code that has a bad intent. A virus may wipe out
your hard drive, or a worm may e-mail everyone you know and infect
their computers. The first line of defense against malware is
up-to-date antivirus software. Equally important is making sure
to keep up with software and operating system patches which vendors
provide to address security flaws.
- System
Compromises – When a cracker compromises your system,
he or she is able to do anything on the computer that you can,
including deleting files or stealing information (like your Quicken
files!). Deploying defensive systems like firewalls as well as
keeping up with software patches are important steps you can take
to prevent system compromises.
- Denial
of Service Attacks – This class of CyberAttack is rapidly
become the most popular choice of Internet miscreants. It involves
flooding a target Web site with bogus page requests, eventually
slowing it significantly or even crashing it. Crackers often enlist
unguarded home computers that have broadband connections in their
attacks, turning them into so-called zombies. Typically, the cracker
has full control over the zombie computer. Good security practices
can prevent having your computer being enlisted in a denial of
service attack.
- Private
Network Compromises – These attacks are much more rare,
but much more dangerous than the other types of threats. By compromising
your home computer, a cracker could gain access to your work network,
wreaking untold damage. To prevent this, disable any automatic
logon scripts and never store user IDs or passwords in a disk
file.
Secure
Home Networking Practices
There are several things you should do even before you look at adding
additional security tools to your system:
- Don’t
leave your system on all the time – If you have a broadband
connection, it’s tempting to leave your computer on constantly.
However, the longer a computer is on, and the longer it is left
unattended, the more likely it is that a cracker can compromise
it.
- Use
a Secure Password – This is especially important if you
have a Windows NT or 2000 computer, which are more desired targets
for crackers. You can follow these rules for creating a secure
password you can remember.
- Do
Not Save Account Information on Your Computer – And don’t
post passwords on your monitor either, especially if you have
children who may bring friends into your house.
- Back
Up Your System Regularly – If a virus or a cracker wipes
out your hard drive, there’s probably a lot you would miss.
Back up your system to Zip drives, tape units, or CDs on a regular
basis.
- Do
Not Open Attachments From Strangers – In fact, be suspicious
of unexpected attachments from people you know. Many malware programs
use Microsoft Outlook address books to spread their infection.
Check About.com's Infected Attachments Center if you're at all
suspicious of an attachment.
- Crank
Up the Security on Your Programs – If you use Microsoft
Internet Explorer or Microsoft Outlook, this is even more important.
Use the settings of these programs and any other software you
have to set the highest security levels. In Microsoft Word for
Windows 2000, Excel 2000, and PowerPoint 2000 select Tools, Macro,
Security, and set security to Medium or High.
- Disable
File Sharing – If you do not want to disable Microsoft
Windows’ file sharing features, be sure that every share
has a secure password for use. You should also make sure you have
a hardware firewall if you are a broadband user.
- Rename
Your Administrator Account – If you use Microsoft Windows
NT or 2000, rename the administrator account, and be sure it has
a secure password. Crackers typically will try to break in to
the admin account. Also, disable your guest account and anonymous
FTP. If you don’t really need it, do not run Internet Information
Server, Microsoft’s Web server.
Check Your Security Regularly – Just because you’re
state-of-the-art secure now doesn’t mean you will always
be. Check out your home security practices on a regular basis,
at least twice a year.
- Be
Sure Your Family or Household Members Know What to Do –
Educate household members on good security practice and on what
to do if there is a security incident. For example, make sure
they know how to respond if your antivirus software alerts them
to a virus.
The
Basic Home Network Security Toolkit
In addition
to the preceding good security practices, every home networker should
employ additional security tools. Regardless of your type of connection,
and whether or not you access your work network from home, you should
have these basic security tools installed and in good working order:
Up-To-Date
Antivirus Software
The
Latest Patches for Your Software
A
Software Firewall
A
Hardware Firewall (for broadband users)
- Up-To-Date
Antivirus Software
All machines should have antivirus software, which is your inexpensive
first line of defense against malware. Most antivirus software
vendors sell you a package that includes free updates for a year.
After the year is over, be sure to purchase continued antivirus
updates.
A virus signatures file contains information that enables your
antivirus software to identify viruses and worms and eliminate
them. Since new malware appears on the Internet almost daily,
you should make sure your signatures are up to date, at least
weekly. To be really secure, update your signatures daily.
Some antivirus software can be set to automatically update the
virus signatures at a certain time each day. Some, like Norton,
can also scan emails before they are put into your inbox
The following commercial antivirus software packages are readily
available either in stores or over the Internet:
Symantec’s
Norton Antivirus
McAfee
VirusScan Online
Computer
Associates
eTrust InoculateIT
- The
Latest Patches For Your Software
If you use Microsoft software, you can use the Microsoft Windows
Update service at: windowsupdate.Microsoft.com. The service will
identify any required or optional software patches for your particular
system.
The
Personal Security Advisor, a free program from Microsoft created
by Shavlik Technologies, can scan your computer for security vulnerabilities
and notify you of the patches you need: www.securemicrosoft.com/scan/start.asp.
Shavlik also has more advanced programs that can actually automatically
update your software with the latest fixes: www.shavlik.com/security/.
- A
Software Firewall
A software firewall is a program you install on each of your home
computers. All communications with the Internet and with other
computers on your home network, if you have one, must pass through
the firewall. You can determine which programs on your computer
you want to access the Internet (you may be surprised at how many
do contact the Internet behind the scenes) but, more important,
you can prevent other computers on the Internet from accessing
your computer.
The best firewalls will notify you if a program you previously
allowed to access the Internet has changed, either due to a software
update or due to modification by a virus or worm.
If you have a software firewall, but no hardware firewall, be
sure the firewall blocks access to your computer on the following
ports:
- 23
- 68
- 111
- 113
- 137
- 138
- 139
Most software firewalls already take care of blocking this access.
See your software firewall's manual for information about blocking
these ports.
Gibson
Research’s reviews of personal firewalls are very
helpful in deciding which firewall to buy.
-
Here
are some links to some well known software firewalls:
- A
Hardware Firewall
If you access the Internet using a broadband connection (such
as a DSL line or a Cable modem), a software firewall is just part
of the picture. Since broadband users are typically connected
to the Internet longer than dial-up users, and since their high
speed connection makes them more of a target, broadband users
should also have a hardware-based firewall, which sits between
you and your DSL router or Cable modem and protects your home
network.
Although
a software firewall will keep bad guys from accessing protected
computers on your home network, a hardware firewall can make your
home computer or network invisible to miscreants, and so they
won’t even try to attack. They do this by preventing any
probing of Internet connections, and by translating the IP address
of your computer so all computers on your home network appear
to the Internet as the same address.
The
best hardware firewalls will notify you, usually via email, if
an intruder tries a probe or an attack. Some firewalls also offer
wireless connections, although even the best built-in wireless
security protection is insecure. If you want to add wireless network
access, plan on running some other kind of encryption or other
security scheme.
If
you have more than one computer at home, you may want to consider
a hardware firewall/router combination that has more than one
port.
- What
to Do If You're Attacked
Once you have the proper defenses in place, you're likely to see
some activity reported by your firewall program. One of the most
likely kinds of incidents is called a port scan.
- What
You Can Do About Port Scans
You may find that your firewall software reports as many as 15-20
random port scans a day. In order to understand what a port scan
is, you first need to understand what a port is. Ports are connection
points to the TCP/IP networking software of a computer. Think
of them as sockets that other computers can connect communications
lines to.
Pretty much all communication over the Internet originates from
a specific port on one computer and connects to a specific port
on another computer. There are over 65,000 ports available, but
a handful of ports are very commonly used. Among them are port
80 for Web services, ports 20 and 21 for FTP services, and port
25 or 110 for email services. Here is a list of commonly used
port numbers.
A port scan is an attempt to determine whether a particular port
on your computer accepts a connection. Port scanning software
used by crackers rapidly attempts to connect to many or all of
the ports on your computer. It's akin to burglars trying all the
door handles in your neighborhood looking for one that will let
them in.
When a cracker scans your ports, if you are not running a service
on a port and your computer is listening for a connection to that
port, the response to the port scan will indicate that the port
is not open. Thus, a port scan by itself is not a dangerous thing.
It merely means someone is jiggling the door handles on your computer.
Without a firewall, however, it is impossible to close all the
ports on your computer. If you have a Windows computer, there
are a great many ports open that you probably are completely unaware
of. For example, port 139 is used by file and print sharing and
port 135 is the end-point Mapper used by the Domain Name System
(DNS). And of course, if your email software is running, port
25 will be listening for new email. This is why you must have
a firewall in any home system configuration. The right hardware
or software firewall can even make it look like there's no computer
at all at your network address while still allowing your Internet
software to work.
So why is your firewall reporting port scans? There are some legitimate
causes for port scanning, such as the equivalent of someone dialing
a wrong telephone number, or your ISP scanning its network looking
for computers that may have been compromised. However, in most
cases port scanning is done by people who are probing your computer
(and probably many others in your network neighborhood) for vulnerabilities.
However, if your firewall or intrusion detection software reports
a scan coming from the same IP address to hundreds of ports on
your computer, this is most likely a cracker at work. You should
consider reporting this activity to your Internet Service Provider
(ISP). Although port scans are not illegal, they are probably
a violation of your ISP's Acceptable Use Policy.
- What
You Should Do If Your System is Compromised
If, despite following the precautions outlined here, your system
is broken into, your first concern should be to make sure your
computer has not been turned into a "zombie," a computer
under the control of a cracker that is used to attack other computers.
The easiest way to prevent your computer from damaging others
is to disconnect it from the Internet. This should be your first
step if you suspect your computer has been compromised.
If
you think you will want to pursue legal remedies after an attack,
it is very important that you preserve the evidence of the attack.
Contact
Internet Xtreme Immediately on 5964 3344 and we will advise
you as what to do.
If
you require more information don't hesitate in contacting us HERE
Please
report any broken links HERE
|
Return
to Network Solutions