A Beartooth Bullets / Shooters Forum Primer on Internet Security By MikeG
While this isn’t the usual topic of conversation on the Shooter’s Forum, it comes up from time to time, and is certainly an important thing in this day and age. If you are reading this article, then you need to know some basic Internet security.
While no short article can possibly address all of the ins and outs of computer security, some basic precautions can make your computer much less likely to be hacked. A dedicated hacker can get into about anything, but much like locking your car or house, taking security precautions encourages the miscreants to go elsewhere.
Any true security system is built in layers, and Internet security is no exception. Each level will discuss an overview of threats and the minimum precautions you may wish to take.
Firewalls:
Firewalls can be hardware or software. Anyone on a cable modem, DSL, or other high speed access simply must have a hardware firewall. These are often sold as ‘cable modem routers’ or such, and cost is very reasonable, approx. $50 for a 4-port version and approx. $100 for an 8-port version. An example would be the LinkSys BEFSR41 EtherFast® Cable/DSL Router with 4-Port Switch. The box, when set up correctly, blocks incoming traffic (except web pages that you have selected to visit, and mail you want to download, etc.) and also allows you to hook up multiple computers in your house to the same cable modem or DSL connection (well worth the price just to be able to hook up multiple computers).
To set up correctly, check the manufacturer’s instructions. You will want to ensure that it has been reset to factory defaults, upload any patches from the manufacturer, then before you hook it to the cable modem / DSL, change the administrative password.
Home computers on high-speed Internet connections are very attractive targets for hackers, as they can be used to send out tremendous amounts of email, viruses, etc. Computers on dial-up networks cannot use hardware firewalls, but are much less vulnerable, anyway, because their machines are simply less attractive (sort of like driving a rusted-out Pinto, you can park it pretty much anywhere you want).
Software firewalls such as ZoneLabs’ ZoneAlarm Pro, Symantec’s Norton Personal Firewall, and built-in firewalls like those found in Red Hat Linux, Windows XP, and Apple OS 10 serve the same function. For those on dial-up, this is the only choice. Some of them can be used in conjunction with a hardware firewall. My personal recommendation is to use a hardware firewall if you can, regardless of the capabilities of any software firewall you may have. Remember – layers – if the operating system has a problem, will the software firewall provide 100% protection? Hardware firewalls are simple ‘dumb’ boxes without a lot of things to go wrong. I’d rather stop suspicious traffic before my computer ever saw it.
Software firewalls may contain other features that make them attractive. For example, ZoneAlarm Pro includes pop-up blocking, cookie / cache management, interfaces with your chose anti-virus software to ensure that it is up to date, and reports on any programs on your computer that may try to send out information to the Internet or send mail faster than a certain rate (which might indicate that a virus has taken over your computer). Note that there is a free version of ZoneAlarm which is a firewall only, for those on a budget.
Pop-up blockers/cookie management/spyware
One significant advantage to using pop-up blocking software is that it will speed up Internet access for those on dialup. Your computer simply won’t waste time loading garbage you don’t want to see anyway – win/win. Banner ads, little jumping stick men, etc., all contribute to the amount of time it takes to load a page. There are a number of free pop-up blockers available, with varying degrees of effectiveness.
A simple trick to prevent pop-ups is to disable _JavaScript and/or ActiveX in your browser. However – some sites will require those functions to work correctly. For example, anything that you ‘log in’ to will very likely need to use _JavaScript, such as a bank or any ‘e-commerce’ site where you are trying to purchase something with a credit card. So, you’ll need either a browser or pop-up blocker that lets you be selective about which sites you turn this feature on for.
‘Cookies’ are little bits of information that are stored on your computer when you visit a site, and serve many useful functions, such as keeping track of whether you are logged in or not, and what pages you may have already visited. Unfortunately, they can also be used to ‘spy’ on you by storing information about your visits and reporting this later – hence the term ‘spyware.’ You may have cookies on your computer from sites you never were aware that you ‘visited’ – this can happen due to advertising that appears (the advertisements being from completely different sites, even though this may not be obvious at all). Those are called ‘third-party cookies’ and it is almost never a good idea to allow those to be placed on your computer.
A number of free programs can be used to search for cookies and spyware on your computer. At a minimum, your browser should be set to delete cookies after a certain time period, just to keep your computer’s hard drive from filling up with garbage. AdAware from www.lavasoft.de is a free program that I have used to search for and clean up cookies and spyware on my computer. However, like virus protection, it is a never-ending battle to keep up with the hackers, and far better to prevent exposure than to clean up later.
As a personal note, since I started running ZoneAlarm, the amount of spyware and such on my computer has plummeted to nearly zero.
Browser:
The browser that you use (such as Internet Explorer, Netscape, Mozilla, Opera, and countless others) plays an important role in your Internet security. For starters, it is vital that you keep up to date with the latest releases. Microsoft’s Internet Explorer is well known for security holes…. If you aren’t running the latest version, you are begging for trouble. Learn to configure your browser for optimum security. Some browsers include pop-up blocking, etc., and some do a better job of things like cookie management than others.
Anti-Virus software:
A computer virus is a malicious program that ‘infects’ your computer’s operating system and may destroy data or allow others to take over control of you computer. If it sounds bad, well, I can assure you it is. Millions if not billions of dollars are spent each year combating viruses. Running a computer without anti-virus software is just guaranteed to cause problems, sooner or later.
An anti-virus program is only as good as the last update, so keep it updated. If the yearly subscription price seems steep – consider how much you’d like to rebuild your computer from scratch, and how often you’d like to do it.
Anti-virus programs can be greatly helped by some education on the part of the user. Most viruses spread through email, and opening email from people you don’t know, and especially email attachments, is begging for trouble. Even email from people you know should be carefully considered before you open attachments. Infected attachments can be executable programs (.exe, .cmd, .bat, .com), zip files (.zip), or scripts (.scr), or even Word or Excel (.doc, .xls) files with macros, and that’s not the entire list by any means. Pictures, by the way, are almost always in .jpg or .bmp formats, and I’m not aware of any picture formats that contain viruses. However, some virus programs try to disguise pictures by putting several extensions on the name, example ‘photo.jpg.scr‘. The extra ‘.scr’ means it’s not really a .jpg, it’s the last extension that counts.
One other consideration with anti-virus efforts is what you use to open your mail. A browser-based mail program won’t be vulnerable to the same security holes that Outlook Express is, for example. Outlook Express, by the way, is full of security holes, and if you are going to use it at all, be sure you are using the latest updates. Also – very important - turn off the ‘preview pane’ for all folders!!! This is a terrible security hole and it’s on by default for all folders.
Operating system
Although it may not be within the capability of the average computer user to change to a different operating system, it is vital to keep your computer’s operating system up to date with the latest security patches. Hackers target the most popular operating systems, as there are the most opportunities. And that means if you are running a Microsoft OS, you have a bulls-eye painted on your computer, plain and simple.
If you do have the occasion to get a new computer, you might give some consideration to either Linux or Apple. Viruses for Linux are rare, and virtually unheard of for the Mac.
Plain’ol scams
If you haven’t gotten email from the poor people in Nigeria, who only need access to your bank account to deposit millions of dollars (which of course they’ll share with you), then you haven’t been on the Internet very long. If it sounds too good to be true – then I can guarantee you, it surely is. The ‘delete’ key will prevent all sorts of problems. I delete lots of email without ever opening it. Misspelled words in the subject line, strange names, etc. – all clues that it’s probably just junk, or worse.
Physical security considerations
‘Wireless’ or 802.11 connections have become popular for many home users, and are also may be encountered in ‘Internet cafes’ or other ‘hotspots’. They are convenient – and very vulnerable to problems. If you are going to use wireless connectivity in the home, consider that your neighbors will likely have full and complete access to your network, as well as anyone driving down the street. If you don’t wish to provide Internet access to everyone in the neighborhood, then you’ll need to configure the router to accept traffic from only the computers in your house. However, this will still allow others to see your network traffic, so turn on encryption (which slows things down a bit). Personally – I went to the effort of wiring my house with Cat-6 cabling, that’s how much 802.11 bothers me from a security standpoint.
Public access points can’t encrypt traffic. If you are going to sit at Starbucks with a laptop and read your mail, be aware that someone with an 802.11 packet sniffer may well be able to get all of your account login and password information. Scary, yes! Use those places for general web surfing, or possibly get your mail via a direct cellular dialup like GPRS instead of on the general network everyone is using.
Wrap-up:
A layered approach to security is the best way to prevent problems. I take this even further – because no hardware/software is perfect, I use different brands for the different levels. Hardware firewall, software firewall, anti-virus, spyware cleanup, and browser are all from different vendors. A defect in one product will hopefully be caught by one of the other layers. In addition, the latest security patches are used for all software, and anything suspicious just goes right into the trash can.
No system is better than the user who is ‘driving’ it. Educate yourself and be smart about how you use your computer. Back up critical files and mail to removable media (ie. CDs) and store in a location away from your computer. Stay out of the ‘bad neighborhoods’ on the Internet (defined as anything you’d be embarrassed to have your mother see you visit), which will greatly decrease your chances of trouble. Not only can you help prevent problems, but you can reduce aggravations and get things done faster.
Hope this helps.
:: Comment On This Article/View Replies
