Are you inviting pirates in?How to reduce the risks from increased Internet connect The Internet Connect program in Mac OS X serves to allow the user to activate dial-up connections to the Internet via an ISP or VPN. It also provides a simple way to connect to an AirPort Network. time The Internet is increasingly becoming a staple in the home with more folks wanting to stay online all the time instead of dialing in each time they want to visit a Website or check e-mail. These persistent connections--whether by cable modem, DSL DSL in full Digital Subscriber Line Broadband digital communications connection that operates over standard copper telephone wires. It requires a DSL modem, which splits transmissions into two frequency bands: the lower frequencies for voice (ordinary or "all-you-can-eat" dial-up accounts--are a great way to stay wired. The problem is they almost always present the same target: an Internet Protocol (IP) Address that tells snoops SNOOPS - Craske, 1988. An extension of SCOOPS with meta-objects that can redirect messages to other objects. "SNOOPS: An Object-Oriented language Enhancement Supporting Dynamic Program Reeconfiguration", N. Craske, SIGPLAN Notices 26(10): 53-62 (Oct 1991). , crackers and other data thieves "I'm here!" Online, you're represented by your log-in name plus a numeric IP address used to identity a machine (or virtual one). The longer you're online, the easier it is for crackers to locate you and scan your system for vulnerabilities. Once they find an opening, they can chew and spit out your data or use your computer to mount attacks on other machines without your knowledge. "When you're connected for five or 10 minutes or an hour with a dial-up, the next time you connect you have a different IP address, [which in turn protects your computer from intruders]," says Peter Tippett, co-chairman and chief technologist for ICSA See TruSecure. .net (www.icsa.net), a security assurance firm in geston, Virginia. "A home user with a persistent connection gets a scan within five days of connecting to the Internet;" he adds. On bigger sites, there's a lot more scanning going on. "We're ground zero; we get tested every five minutes." Home users can have the same vulnerabilities as big corporations with their own T3 line, but without the information technology department in the basement plugging their security holes. "You'll need to start worrying about those kinds of things yourself" says William J. Orvis, security specialist with the U.S. Department of Energy's Computer Incident Advisory Capability See CIAC. team (www.ciac.org). But don't push the "self-destruct" button just yet. Orvis and Tippett share expert tips on ways to reduce your risk without cutting the cord and heading off to a shack in the woods: 1. Turn off the computer when you aren't using it. This will reduce your exposure. 2. Turn off unneeded services that give other people access. "If you don't need to be a File Transfer Protocol A communications protocol used to transmit files without loss of data. A file transfer protocol can handle all types of files including binary files and ASCII text files. See Kermit, Zmodem and FTP. (FTP FTP in full file transfer protocol Internet protocol that allows a computer to send files to or receive files from another computer. Like many Internet resources, FTP works by means of a client-server architecture; the user runs client software to connect to ) server, turn that service off," says Orvis. (You can still reach other machines via FTP if you're not serving files that way.) 3. Ditto for Web servers (not your browser). "That's not usually a problem with a Windows or Mac box;" says Orvis, who points out that the newer versions of Windows do have Personal Web Server, and NT has Internet Information Server See IIS. (World-Wide Web) Internet Information Server - (IIS) Microsoft's web server and FTP server for Windows NT. IIS is intended to meet the needs of a range of users: from workgroups and departments on a corporate intranet to ISPs hosting websites that receive (IIS (Internet Information Services) Microsoft's Web server. IIS runs under the server versions of Windows, adding HTTP server capability to the Windows operating system. ). Special care should be taken with IIS because it is designed to service the "world" whereas the Personal Web Server only services you. Windows File and Printer Sharing An operational state in a computer that lets other users in the network copy files and use the printer. See file sharing. service can be a huge security hole. If you don't have more than one computer connected together in a home network you probably don't need to have this service turned on. Go to your Control Panel and choose Network/Configuration/File and Print Sharing to check your status box. If you do have a LAN (Local Area Network) A communications network that serves users within a confined geographical area. The "clients" are the user's workstations typically running Windows, although Mac and Linux clients are also used. , use the password option in File and Print Sharing to make your machines harder to target. (And pick difficult passwords!) Use NT's advanced security features. "Control what protocols are allowed," says Orvis. If you have a Web server, you can tell IIS to only serve machines at certain addresses. On a Mac, if you have file sharing on, use a password. If you think you might need such services in the future, wait until the future. Stick the CD back in and add whatever new feature it is when the time comes Adv. 1. when the time comes - at the appropriate time; "we'll get to this question in due course" in due course, in due season, in due time, in good time . Otherwise; leave it off. See how your computer handles a scan by visiting ICSA.net's Security SnapShot (www2.icsa.net/preview/portal.portal_authcheck), which requires signing in, and Gibson Research Corp's Shields Up (http://grc.com/x/ne.dll?bh0bkyd2). 3. Get the safest version of your operating system. Check the security pages at your operating system creator's site for notes on versions. The earliest versions of Windows 95 (95 "zero" and 95a) had easily breakable passwords, according to Tippett. Get 95b or above. 4. Get all patches now, and keep up with new ones. Go to your operating system vendor's site and check for security patches regularly. Get patches only directly from the vendor's site. Some vendors use mailing lists to keep users up to date. "If you're not on the mailing list, it wouldn't hurt to go back every week or two;" Orvis says. "Go get the patch and don't put off installing it for six months" 5. Put a firewall on your machine. A firewall is software that sits between your machine and the Internet like a checkpoint at an international border. The idea is that the firewall will stop hostile packets, but, like any checkpoint, it can be overwhelmed. If you have more serious security concerns than the average user, you may want a hardware/software firewall--a separate computer with a software firewall sitting between your machine and the Internet. Some ISPs provide free firewall software to their customers. If yours doesn't, check the provider's Website for comments or advice. There are many firewalls available. Two that come well recommended are: Black Ice Defender ($39.95, Network Ice Corp.; www.blackice.com) and ConSeal ($49.95, Signal 9 Corp.; www.signal9.com). Learn more about firewalls at Gibson Research Corp. (http://grc.com/su-firewalls.htm) or CIAC (www.ciac.org/ciac-/ToolsUnixFirewalls.html) or ICSA. net (www.icsa.net/). Cable modem and DSL risks There's more of a risk if your local neighborhood is your local neighborhood. When you have cable modem or DSL, your physical neighborhood is your network People can click on the Network Neighborhood icon and see your hard drive. If someone were sophisticated enough, according to Tippett, they could monitor the traffic on the network as they can in companies. Many of the solutions are the same as for persistent connections, including turning off File and Printer Sharing, which will make your hard drive disappear from your neighbors' screens. Your connection's installer might even turn it off for you. "The majority of customers will ask the installer to turn it off;" says Harris Schwartz, director of security for Road Runner, a cable modem company. If you must leave it on, use a password. What else can you do to keep inquiring minds out of your personal affairs? Only send sensitive data over a connection locked with SSL (Secure Sockets Layer) The leading security protocol on the Internet. Developed by Netscape, SSL is widely used to do two things: to validate the identity of a Web site and to create an encrypted connection for sending credit card and other personal data. , the Secure Sockets Layer (networking, security) Secure Sockets Layer - (SSL) A protocol designed by Netscape Communications Corporation to provide secure communications over the Internet using asymmetric key encryption. that makes the lock icon on the browser screen close. And use encryption for sensitive business intelligence. "If you're doing business with your company and you worry about your neighbors seeing it, then your company could make the connection encrypted;" says Tippet tip·pet n. 1. A covering for the shoulders, as of fur, with long ends that hang in front. 2. A long stole worn by members of the Anglican clergy. 3. A long hanging part, as of a sleeve, hood, or cape. . Both you and the company can use PGP (Pretty Good Privacy) A data encryption program from PGP Corporation, Palo Alto, CA (www.pgp.com). Published as freeware in 1991 and widely used around the world for encrypting e-mail messages and securing files, PGP is available for commercial use and as freeware for (Pretty Good Privacy) or SMIME SMIME Secure Multipurpose Internet Mail Extension SMIME Security Multipurpose Internet Mail Extension (Secure MIME). Whether you use DSL, cable modem or unlimited dial-up, take the necessary steps to ensure that you don't pay for your time online with the keys to your computer. |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion