Article about Internet and Computer security

Install and Use a File Encryption Program and Access Controls (10)

2007-12-30T20:19:00.001-08:00

Let’s return to your living space and our original analogy. Think about your checkbook, your insurance policies, perhaps your birth certificate or passport, and other important documents you have at home. Where are they? They’re probably stored in a filing cabinet or a safe, either of which that can be or is routinely locked. Why do you store these important items in a locked container?

Without realizing it, you are satisfying one of the three components of information security – confidentiality. Confidentiality means keeping secrets secret. Only those who are supposed to see that information should have access to it. You are keeping information sensitive to you and others away from those who should not be able to get to it, for example a family member or an intruder. By the way, the other two components of information security are integrity (Has my information changed?) and availability (Can I get to my information whenever I need it?).

You further protect information confidentiality when you enforce it by using an access control device, namely the lock on your filing cabinet or safe. This device stands between the information and those seeking access, and it grants access to all who have the combination, the key, or whatever tool unlocks the container. When several layers of access control devices are used (called “defense in depth”) – you might also find that these containers are themselves in locked rooms. Would-be intruders must pass through several levels of protection before finally gaining access to the information they seek.

Now, think back to your home computer. The problem is to control access to files and folders. The access control device here is the access control list or ACL. ACLs define who can perform actions on a file or folder: reading and writing, for example. ACLs are equivalent to a locked filing cabinet for paper documents.

Different computer systems provide different types of ACLs. Some have fine-grained controls while others have virtually none. The key is to use all the controls that are available on your computer.

Frequently, vendors define ACLs that are overly permissive. This satisfies their need to ensure that access limitations don’t get in the way of using their systems. Your challenge is to tighten those ACLs so that they properly restrict access to only those who need access. This means that you need to modify the ACLs from the settings set by the vendor. We’ll talk more about how to do this shortly.

Returning to the home environment, do you remember a time when adults in your house wanted to say something to one another in front of their children but in such a way that the children couldn’t understand what was being said? Perhaps they spelled their message or used Pig Latin (ig-pay Atin-lay) to conceal the meaning. This worked for a while, until the children learned to spell or could otherwise understand what was being said. What’s really happening here?

Very simply, the adults could not control who could hear their conversation. It was inconvenient or perhaps impossible for them to go to another room where they couldn’t be heard. They had to talk in a way that only those who knew the concealing scheme could understand what was being said.

On a computer, when access to information can’t be limited, such for an e-commerce transaction over the Internet, that information is concealed through a mathematical process called encryption. Encryption transforms information from one form (readable text) to another (encrypted text). Its intent is to hide information from those who have neither the transformation method nor the particulars (the decryption keys) to transform the encrypted text into readable text. The encrypted text appears to be gibberish and remains so for people who don’t have the scheme and the keys.

Back on the home front, the children eventually learned how to spell and perhaps also learned the trick to using Pig Latin. They can now understand the conversations the adults are having. While they could also understand the conversations held weeks, months, or even years before, the information in those conversations is no longer important. The encryption scheme – spelling or Pig Latin – is strong enough to guard the information during its useful lifetime.

Computer-based encryption schemes must also withstand the test of time. For example, if a credit card encryption scheme needs six months of computer time to break, the resulting clear text credit card number is probably still valid and, therefore, useful to an intruder. In this case, the encryption scheme isn’t strong enough to guard the information for its entire useful lifetime.

So, to guard paper or computer files, you need to limit who has access to them by using the access control devices, whether filing cabinets and safes for paper or access control lists for information on a computer system. For assets whose access cannot be sufficiently limited, you need to encrypt them strongly enough so that the time it takes to decrypt them is longer than their useful life.

Now, what can you do?

First, if more than one person uses your computer, you can adjust the ACLs that control access to sensitive files and folders. Your goal is to allow the correct type of access to the files and folders that each user needs, and nothing more. The steps below help you to decide how to adjust the ACLs for files and folders:

The Who test: Who – which users – need access to files besides you?

The Access test: What type of access do they need? Read? Write?

The Files/Folders test: Which files and folders need special access? Just like your firewall rules, your general policy should be to limit access to only you first, and then grant access beyond that where needed.

By applying the WAF tests, you can limit access to sensitive files on your computer to only those who need it.

Setting proper ACLs is not a trivial task. Be prepared to repeat it a few times until you get it right for the way your computer is used. It’s worth the time spent, but know that it may take longer than you expect.

For very sensitive files and for files that are on a laptop, don’t rely solely on file and folder ACLs. You need to go further and use encryption.

Some vendors provide encryption with their systems right from the start. This means that all you have to do is follow the vendor’s instructions on how to use those features, but be certain to use them.

On systems where encryption is not included, you need to install additional encryption programs. For encryption programs that you download from the Internet, be sure to follow the instructions in Task 7 - Use Care When Downloading and Installing Programs. Also follow the instructions in Task 6 - Use Strong Passwords for additional guidance on passwords required by encryption programs.

There are free and commercial encryption programs, and in most cases, the free versions suffice. However, commercial programs may provide more features and may keep up better with newer and, therefore, stronger encryption methods. If you rely on a laptop computer, you should consider purchasing a commercial file encryption programs.

Whether paper files around your living space or files and folders on your computer, limit access where you can. On your computer, use encryption programs either when you can’t restrict access to the extent that you’d like or when you want even more security protecting your computer files and folders.

http://www.cert.org/homeusers/HomeComputerSecurity/

Install and Use a Hardware Firewall (9)

2007-12-30T20:17:00.000-08:00

Complement your firewall program by installing a hardware firewall. Together, these two firewalls stand between your home computer and the Internet. This is another place where your money is well spent.

Please go to Task 4 - Install and Use a Firewall Program to learn more about firewalls. That section concentrates primarily on firewall programs, but much of the information applies to hardware firewalls as well. To find out what hardware firewall products are available, search the Internet with your web browser.

http://www.cert.org/homeusers/HomeComputerSecurity/

Use Care When Downloading and Installing Programs (8)

2007-12-30T20:16:00.000-08:00

When you buy an appliance, you give little thought to it doing you or your house any harm. Why? Because there are organizations like Underwriters Laboratories that set standards and certify products. When you see a certifier’s label, you have more confidence that a product will be safer than a competing product that does not carry the same label. You’re willing to accept the risk because you believe the product has met some standards and has been certified by a respected authority.

Unfortunately, the Internet is not the same. There are neither standards nor many certification organizations. Anyone who writes a program can distribute it through any means available, such as through the web or by sending you a copy. Speaking of that, have you ever received a CD-ROM in the mail? How do you know that it contains what the label says? The answer is: you don’t know. More importantly, it’s difficult to know.

No matter how you acquire a program, it runs on your computer at the mercy of the program’s author. Anything, any operation, any task that you can do, this program can also do. If you’re allowed to remove any file, the program can too. If you can send email, the program can too. If you can install or remove a program, the program can too. Anything you can do, the intruder can do also, through the program you’ve just installed and run.

Sometimes there’s no explanation of what a program is supposed to do or what it actually does. There may be no user’s guide. There may be no way to contact the author. You’re on your own, trying to weigh a program’s benefits against the risk of the harm that it might cause.

What’s the problem you’re trying to solve here? You are trying to determine if the program you’ve just found satisfies your needs (say it provides a service that you want or you’re just experimenting) without causing harm to your computer and ultimately the information you have on the computer. How do you decide if a program is what it says it is? How do you gauge the risk to you and your computer by running this program?

You address these same risk issues when you purchase an appliance; you may just not have realized that’s what you were doing. When you make that purchase, you buy from either a local store you know or a national chain with an established reputation. If there’s a problem with your purchase, you can take it back to the store and exchange it or get your money back. If it causes you harm, you can seek relief through the legal system. The reputation of the merchant, the refund/return policy, and the availability of the legal system reduce your risk to a point where you make the purchase.

Apply these same practices when you buy a program. You should

Learn as much as you can about the product and what it does before you purchase it.

Understand the refund/return policy before you make your purchase.

Buy from a local store that you already know or a national chain with an established reputation.

Presently, it is not as clear what the legal system’s role is for a program that causes harm or does not work as advertised. In the meantime, the LUB practices are a good first step.

Today’s Internet has a feature that standard products don’t have, or at least have but to a lesser extent. This feature is free programs. There is a multitude of free programs available for all types of systems, with more available each day. The challenge is to decide which programs deserve your confidence and are, therefore, worth the risk of installing and running on your home computer.

So then, how do you decide if a program is worth it? To decide if you should install and run a program on your home computer, follow these steps:

The Do test: What does the program do? You should be able to read a clear description of what the program does. This description could be on the web site where you can download it or on the CD-ROM you use to install it. You need to realize that that if the program was written with malicious intent, the author/intruder isn’t going to tell you that the program will harm your system. They will probably try to mislead you. So, learn what you can, but consider the source and consider whether you can trust that information.

The Changes test: What files are installed and what other changes are made on your system when you install and run the program? Again, to do this test, you may have to ask the author/intruder how their program changes your system. Consider the source.

The Author test: Who is the author? (Can you use email, telephone, letter, or some other means to contact them?) Once you get this information, use it to try to contact them to verify that the contact information works. Your interactions with them may give you more clues about the program and its potential effects on your computer and you.

The Learn test: Has anybody else used this program, and what can you learn from him or her? Try some Internet searches using your web browser. Somebody has probably used this program before you, so learn what you can before you install it.

If you can’t determine these things – the DCAL tests for short – about the program you’d like to install, then strongly consider whether it’s worth the risk. Only you can decide what’s best. Whatever you do, be prepared to rebuild your computer from scratch in case the program goes awry and destroys it. Task 5 - Make Backups of Important Files and Folders tells you how to make a copy of your important information should you need it.

Your anti-virus program prevents some of the problems caused by downloading and installing programs. However, you need to remember that there’s a lag between recognizing a virus and when your computer also knows about it. Even if that nifty program you’ve just downloaded doesn’t contain a virus, it may behave in an unexpected way. You should continue to exercise care and do your homework when downloading, installing, and running new programs.

http://www.cert.org/homeusers/HomeComputerSecurity/

Use Strong Passwords (7)

2007-12-30T20:15:00.000-08:00

Your living space has doors and windows, and perhaps most of the time they’re locked. For each lock that uses a key, chances are that each key is different. You know to lock up and not to share the keys with strangers, and probably not with most of your friends. You should not hide keys under the mat or in a flowerpot on your front porch.

Passwords for computers are much the same. For each computer and service you use (online purchasing, for example), you should have a password. Each password should be unique and unrelated to any of your other passwords. You shouldn’t write them down nor should you share them with anyone, even your best friends.

Take a look at your front door key. It’s pretty complicated. There are lots of notches and grooves. If there weren’t so many possible variations, a thief could easily make a key for every possible combination and then try each on your front door. This trial-and-error method, (for computers, called brute force) is likely to be effective even if it takes a long time. Nonetheless, no matter how complicated, if the thief gets hold of your key, he or she can copy it and use that copy to open your door.

A password can also be complicated. Most schemes let you use any combination of letters, both upper and lower case, and numbers; and some also let you use punctuation marks. Lengths can vary. You can create a password to be as complicated as you want. The key (no pun intended) is to be able to remember this password whenever you need it without having to write it down to jog your memory.

Like the thief at your door, computer intruders also use trial-and-error, or brute-force techniques, to discover passwords. By bombarding a login scheme with all the words in a dictionary, they may “discover” the password that unlocks it. If they know something about you, such as your spouse’s name, the kind of car you drive, or your interests, clever intruders can narrow the range of possible passwords and try those first. They are often successful. Even slight variations, such as adding a digit onto the end of a word or replacing the letter o (oh) with the digit 0 (zero), don’t protect passwords. Intruders know we use tricks like this to make our passwords more difficult to guess.

Just like the front door key, even a complicated password can be copied and the copy reused. Remember the earlier discussion about information on the Internet being in the clear? Suppose that really strong password you took a long time to create – the one that’s 14 characters long and contains 6 letters, 4 numbers, and 4 punctuation marks, all in random order – goes across the Internet in the clear. An intruder may be able to see it, save it, and use it. This is called sniffing and it is a common intruder practice.

The point is that you need to follow the practice of using a unique password with every account you have. Below is a set of steps that you can use to help you create passwords for your accounts:

The Strong test: Is the password as strong (meaning length and content) as the rules allow?

The Unique test: Is the password unique and unrelated to any of your other passwords?

The Practical test: Can you remember it without having to write it down?

The Recent test: Have you changed it recently?

In spite of the SUPR tests, you need to be aware that sniffing happens, and even the best of passwords can be captured and used by an intruder.

You should use passwords not only on your home computer but also for services you use elsewhere on the Internet. All should have the strongest passwords you can use and remember, and each password should be unique and unrelated to all other passwords. A strong password is a password that is longer than it is short, that uses combinations of uppercase and lowercase letters, numbers, and punctuation, and that is usually not a word found in a dictionary. Also remember that no matter how strong a password is, it can still be captured if an intruder can see it “in the clear” somewhere on the Internet. (See the Information in the Clear section.)

http://www.cert.org/homeusers/HomeComputerSecurity/

Make Backups of Important Files and Folders (6)

2007-12-30T20:14:00.000-08:00

Whether you know it or not, you’ve divided everything you own into two broad categories: those items you can replace and those you can’t. For the items you can’t replace, you’ve probably stored them in a safe place, either somewhere in your living space or elsewhere, in a lockbox at a bank, for example. In either case, you’ve probably also bought insurance that provides the funds you’d need to buy replacements. Your insurance policy covers almost everything you own.

On your home computer, have you similarly divided everything into the same categories? What have you done about the items – files in this case – that you can’t replace? Examples are the files that make up your checking account records, that novel you’ve been writing for the past few years, and those pictures you took last summer with your digital camera. What happens if your computer malfunctions or is destroyed by a successful attacker? Are those files gone forever?

Now think about your car for a moment. Do you have a spare tire? Is it inflated? When was the last time you used it? Can you imagine buying a car without a spare tire? Even if you bought a used car without a spare, how soon did you buy a spare so that you’d have one when you needed it?

Think back to your home computer. Do you have a “spare tire,” meaning a way to continue computing when you have a “blowout” caused by a malfunction or an intruder? Said another way, can you back up your files onto some other media so that you can recover them if you need to? If you’d never buy a car without a spare tire, why did you buy a computer without a device to back up your files?

When deciding what to do about backing up files on your computer, ask these questions:

The Files question: What files should you back up? The files you select are those that you can neither easily recreate nor reinstall from somewhere else, such as the CD-ROMs or the floppy disks that came with your computer.

Be realistic. That check register you printed does not constitute a backup from which you can easily recreate the files needed by your checking account program. You’re probably not going to re-enter all that data if the files are destroyed. Just as you protect your irreplaceable valuables, back up the files you cannot replace, easily or otherwise.

The Often question: How often should you back them up? In the best of all cases, you should back up a file every time it changes. If you don’t, you’ll have to reintroduce all the changes that happened since your last backup. Just as you store your precious jewelry in a lockbox at the local bank lest the lucky robber find it in your jewelry box, you need to store your files safely (back them up) after every use (change in the file) lest an intruder destroys the file or there’s a system catastrophe.

The Media question: Where should you back them up to; that is, what media should you use to hold backed up files? The answer is: whatever you have. It’s a question of how many of that media you have to use and how convenient it is. For example, most computers have a floppy disk drive. You could back up your irreplaceable files to floppies. That process just takes lots of time and may not be as convenient as using another media. Larger capacity removable disk drives and writable CD-ROMs also work well, take less time, and are more convenient.

If you don’t have a backup device, there are alternatives. There are Internet services that let you back up your files to another Internet computer. Some of these services provide “transparent access” to the backups. That is, they look like another hard drive attached to your computer. You use the file copy scheme that your computer provides to back up files and recover them from backed up storage. To find these services, do some Internet searches using your browser.

Remember that the information you transfer across the Internet could be viewed and captured by others; that is, the information is in the clear. Be sensitive to that if you use an Internet-based backup computer. In addition, you need to be able to trust the information when you recover a file from that service.

The Store question: Where should you store that media once it contains your backed up files? No matter how you back up your files, you need to be concerned about where those backed up copies live.

You already know that intruders try to break into your home computer to gain access to your files and your computer’s resources. Another way to gain access to the same information is by stealing your backups. It is more difficult, though, since a robber must physically be where your backups are, whereas an intruder can access your home computer from literally anywhere in the world. The key is to know where the media is that contains your backed up files.

Just like important papers stored in a fireproof container at your house, you also need to be concerned about your backups being destroyed if your living space is destroyed or damaged. This means that you ought to keep a copy of your backed up files in a fireproof container or somewhere beyond your living space, your office for example. It is the eternal compromise between security and usability. If you need to recover a file and the backed up copies are at the office, that’s inconvenient. However, while storing them at home is more convenient and more usable, they share the same risks that your computer faces should your living space be destroyed. Be aware of the issues and make a conscious decision, perhaps keeping copies in both places.

If you have that spare tire for your car or a lockbox for your valuables, you’ve already planned for the worst that can happen around your living space. Continue that good practice by backing up your critical files onto media that you can safely store elsewhere. Do those backups often enough that you can capture the changes you’ve made. With the FOMS questions, you have a structured approach to use to back up your critical files. You’ve now planned for the worst.

As you computerize the routine aspects of your daily life, making backup copies of important files and folders becomes critical. Even if you can’t store the backup copies in a fireproof container or somewhere outside your home, make backups anyway. Any backup is better than none.

http://www.cert.org/homeusers/HomeComputerSecurity/

Install and Use a Firewall Program (5)

2007-12-30T20:12:00.000-08:00

This section describes a firewall, its importance to your home computer strategy, and a way to think about the job you need to do. We’re going to depart from our “computer-is-like-a-house-and-the-things-in-it” analogy to use another that you are probably also familiar with: an office building.
Have you ever visited a business where you first stopped at the reception desk to interact with a security guard? That guard’s job is to assess everybody who wishes to enter or leave the building to decide if they should continue on or be stopped. The guard keeps the unwanted out and permits only appropriate people and objects to enter and leave the business’s premises.

Let’s dig deeper into this analogy. When someone enters a building, the security guard usually greets them. If they have an appropriate identification badge, they show it to the guard or swipe it through a reader. If all is OK, they pass through the guard’s checkpoint. However, if something’s wrong or if they are a visitor, they must first stop at the guard desk.

The guard asks whom they wish to see. The guard may also ask for identification such as a driver’s license or their company ID. The guard reviews the list of expected guests to see if this person is approved to visit the party in question. If the guard decides everything is all right, the visitor may pass. The visitor usually signs a logbook with their name, the company they represent, whom they are seeing, and the time of day.

On a computer, the firewall acts much like a guard when it looks at network traffic destined for or received from another computer. The firewall determines if that traffic should continue on to its destination or be stopped. The firewall “guard” is important because it keeps the unwanted out and permits only appropriate traffic to enter and leave the computer.

To do this job, the firewall has to look at every piece of information – every packet – that tries to enter or leave a computer. Each packet is labeled with where it came from and where it wants to go. Some packets are allowed to go anywhere (the employee with the ID badge) while others can only go to specific places (visitors for a specific person). If the firewall allows the packet to proceed (being acceptable according to the rules), it moves the packet on its way to the destination. In most cases, the firewall records where the packet came from, where it’s going, and when it was seen. For people entering a building, this is similar to the ID card system keeping track of who enters or the visitor signing the visitor’s log.

The building’s guard may do a few more tasks before deciding that the person can pass. If the person is a visitor and is not on the visitors list, the guard calls the employee being visited to announce the visitor’s arrival and to ask if they may pass. If the employee accepts the visitor, they may proceed. The guard may also give the visitor a badge that identifies them as a visitor. That badge may limit where in the building they can go and indicate if they need to be escorted. Finally, no matter whether the person is a visitor or an employee, the guard may inspect their briefcase or computer case before they pass.

The firewall can also check whether a given packet should pass, allowing the computer’s user to respond to unanticipated network traffic (just as the guard does with the unexpected visitor). Individual packets can be allowed to pass, or the firewall can be changed to allow all future packets of the same type to pass. Some firewalls have advanced capabilities that make it possible to direct packets to a different destination and perhaps even have their contents concealed inside other packets (similar to the visitor being escorted). Finally, firewalls can filter packets based not only on their point of origin or destination, but also on their content (inspecting the briefcase or computer case before being allowed to pass).

Back to the office building, when employees leave the building, they may also have to swipe their ID card to show that they’ve left. A visitor signs out and returns their temporary badge. Both may be subject to having their possessions inspected before being allowed to leave.

Firewalls can also recognize and record when a computer-to-computer connection ends. If the connection was temporary (like a visitor), the firewall rules can change to deny future similar connections until the system’s user authorizes them (just as visitors must re-identify themselves and be re-approved by an employee). Finally, outgoing connections can also be filtered according to content (again, similar to inspecting possessions at the exit).

What does this all mean? It means that with a firewall, you can control which packets are allowed to enter your home computer and which are allowed to leave. That’s the easy part.

The hard part is deciding the details about the packets that are allowed to enter and exit your home computer. If your firewall supports content filtering, you also need to learn which content to allow and which not to allow. To help you get a handle on this harder task, let’s return to our security guard analogy.

Imagine that you are that security guard and it’s your first day on the job. You have to decide who’s allowed in, who’s allowed out, and what people can bring into and take out of the building. How do you do this?

One strategy is to be very conservative: let no one in or out and let no possessions in or out. This is very simple, very easy to achieve, but not particularly helpful to the business if none of its employees or visitors can get in or out. Nor is it helpful if they can’t bring anything with them. With this type of strategy, your tenure as a security guard may be short-lived.

If you try this, you quickly learn that you need to change your strategy to allow people in and out only if they have acceptable identification and possessions using some agreed-to criteria. Add the requirement that if you don’t meet the precise criteria for admittance, you don’t get in.

With most firewalls, you can do the same thing. You can program your firewall to let nothing in and nothing out. Period. This is a deny-all firewall strategy and it does work, though it effectively disconnects you from the Internet. It is impractical for most home computers.

You can do what the security guard did: review each packet (employee or visitor) to see where it’s coming from and where it’s going. Some firewall products let you easily review each packet so that you can decide what to do with it. When you are shopping for a firewall, look for this review feature because it can be quite helpful. Practically speaking, it isn’t easy to decide which traffic is all right and which is not all right. Any feature that makes this job easier helps you achieve your goal of securing your home computer.

Just like the security guard who learns that anybody with a company photo ID is allowed to pass, you too can create firewall rules that allow traffic to pass without reviewing each packet each time. For example, you may choose to allow your Internet browsers to visit any web site. This rule would define the source of that traffic to be your browsers (Netscape Navigator and Microsoft Internet Explorer, for example) and the destination location to be any web server. This means that anybody using your home computer could visit any Internet web site, as long as that web server used the well-known standard locations.

Now that you have an idea of what your firewall security guard is trying to do, you need a method for gathering information and programming your firewall. Here is a set of steps to use to do just that:

The Program test: What’s the program that wants to make a connection to the Internet? Although many programs may need to make the same type of connection to the same Internet destination, you need to know the name of each. Avoid general rules that allow all programs to make a connection. This often results in unwanted and unchecked behavior.

The Location test: What’s the Internet location of the computer system to which your computer wants to connect? Locations consist of an address and a port number. Sometimes a program is allowed to connect to any Internet location, such as a web browser connecting to any web server. Again, you want to limit programs so that they only connect to specific locations where possible.

The Allowed test: Is this connection allowed or denied? Your firewall rules will contain some of each.

The Temporary test: Is this connection temporary or permanent? For example, if you’re going to connect to this specific location more than five times each time you use the computer, you probably want to make the connection permanent. This means that you ought to add a rule to your firewall rules. If you aren’t going to make this connection often, you should define it as temporary.

With each connection, apply the PLAT tests to get the information you need to build a firewall rule. The answer to the PLAT tests tells you if you need to include a new firewall rule for this new connection. For most firewall programs, you can temporarily allow a connection but avoid making it permanent by not including it in your rules. Where possible, allow only temporary connections.

As you run each program on your home computer, you’ll learn how it uses the Internet. Slowly you’ll begin to build the set of rules that define what traffic is allowed into and out of your computer. By only letting in and out what you approve and denying all else, you will strike a practical balance between allowing everything and allowing nothing in or out.

Along the way, you may come across exceptions to your rules. For example, you might decide that anybody who uses your home computer can visit any web site except a chosen few web sites. This is analogous to the security guard letting every employee pass except a few who need more attention first.

To do this with firewall rules, the exception rules must be listed before the general rules. For example, this means that the web sites whose connections are not allowed must be listed before the rules that allow all connections to any web site.

Why? Most firewall programs search their rules starting from the first through the last. When the firewall finds a rule that matches the packet being examined, the firewall honors it, does what the rule says, and looks no further. For example, if the firewall finds the general rule allowing any web site connections first, it honors this rule and doesn’t look further for rules that might deny such a connection. So, the order of firewall rules is important.

Many firewalls can be programmed to require a password before changing the rules. This extra level of protection safeguards against unwanted changes no matter their source, that is, you, an intruder, or another user. Follow the guidance in Task 6 - Use Strong Passwords when assigning a password to your firewall.

Finally, make a backup of your firewall rules. You’ve probably taken a lot of time to build and tune them to match how your home computer is used. These rules are important to your computer’s security, so back them up using the guidance in Task 5 - Make Backups of Important Files and Folders.

Firewalls come in two general types: hardware and software (programs). The software versions also come in two types: free versions and commercial versions (ones that you purchase). At a minimum, you should use one of the free versions on your home computer. This is especially important if you have a laptop that you connect to your home network as well as a network at a hotel, a conference, or your office.

If you can afford a hardware firewall, you should install one of these too. We’ve recommended this as something to do later. (Firewall programs are Task 4 on our list of recommended actions, and hardware firewalls are Task 8.) The same issues apply to the hardware versions that apply to the software versions. Many can also be password protected against unwanted changes. Search the Internet with your browser to see what’s available and what they cost. The price of hardware firewalls is coming down as the demand grows.

A firewall is your security guard that stands between your home computer and the Internet. It lets you control which traffic your computer accepts. It also controls which of your programs can connect to the Internet. With a firewall, you define which connections between your computer and other computers on the Internet are allowed and which are denied. There are free firewall products that provide the capabilities you need to secure your home computer. Commercial versions have even more features that can further protect your computer.

Firewalls are an important part of your home computer’s security defenses

http://www.cert.org/homeusers/HomeComputerSecurity/

Use Care When Reading Email with Attachments (4)

2007-12-30T20:11:00.000-08:00

We’ve all heard stories about people receiving an item in the mail that in some way caused them harm. We’ve heard of letter bombs and exploding packages, and in 2001, we learned about Anthrax-laden letters. Although their frequency is low, they do make news.

These unsolicited items are sent to unsuspecting recipients. They may contain a return address, a provocative envelope, or something else that encourages its receiver to open it. This technique is called social engineering. Because we are trusting and curious, social engineering is often effective.

In the case of the Anthrax letters addressed to United States senators, the envelopes contained a school’s return address as an inducement to open them. What government official wouldn’t want to serve their constituency by reading and responding to a letter supposedly sent by a class at a school, especially an elementary school? By opening the letter and subsequently spreading its lethal contents, the recipient complied with the wishes of the sender, a key foundation of social engineering. In the pre-Anthrax letter days, a mail handler might have given little thought to the contents of the letter or the validity of the return address. Those days are behind us.

You probably receive lots of mail each day, much of it unsolicited and containing unfamiliar but plausible return addresses. Some of this mail uses social engineering to tell you of a contest that you may have won or the details of a product that you might like. The sender is trying to encourage you to open the letter, read its contents, and interact with them in some way that is financially beneficial – to them. Even today, many of us open letters to learn what we’ve won or what fantastic deal awaits us. Since there are few consequences, there’s no harm in opening them.

Email-borne viruses and worms operate much the same way, except there are consequences, sometimes significant ones. Malicious email often contains a return address of someone we know and often has a provocative Subject line. This is social engineering at its finest – something we want to read from someone we know.

Email viruses and worms are fairly common. If you’ve not received one, chances are you will. Here are steps you can use to help you decide what to do with every email message with an attachment that you receive. You should only read a message that passes all of these tests.

The Know test: Is the email from someone that you know?

The Received test: Have you received email from this sender before?

The Expect test: Were you expecting email with an attachment from this sender?

The Sense test: Does email from the sender with the contents as described in the Subject line and the name of the attachment(s) make sense? For example, would you expect the sender – let’s say your Mother – to send you an email message with the Subject line “Here you have, ;o)” that contains a message with attachment – let’s say AnnaKournikova.jpg.vbs? A message like that probably doesn’t make sense. In fact, it happens to be an instance of the Anna Kournikova worm, and reading it can damage your system.

The Virus test: Does this email contain a virus? To determine this, you need to install and use an anti-virus program. That task is described in Task 1 - Install and Use Anti-Virus Programs.

You should apply these five tests – KRESV – to every piece of email with an attachment that you receive. If any test fails, toss that email. If they all pass, then you still need to exercise care and watch for unexpected results as you read it.

Now, given the KRESV tests, imagine that you want to send email with an attachment to someone with whom you’ve never corresponded – what should you do? Here’s a set of steps to follow to begin an email dialogue with someone.

Since the recipient doesn’t already Know you, you need to send them an introductory email. It must not contain an attachment. Basically, you’re introducing yourself and asking their permission to send email with an attachment that they may otherwise be suspicious of. Tell them who you are, what you’d like to do, and ask for permission to continue.

This introductory email qualifies as the mail Received from you.

Hopefully, they’ll respond; and if they do, honor their wishes. If they choose not to receive email with an attachment from you, don’t send one. If you never hear from them, try your introductory email one more time.

If they accept your offer to receive email with an attachment, send it off. They will Know you and will have Received email from you before. They will also Expect this email with an attachment, so you’ve satisfied the first three requirements of the KRESV tests.

Whatever you send should make Sense to them. Don’t use a provocative Subject line or any other social engineering practice to encourage them to read your email.

Check the attachments for Viruses. This is again based on having virus-checking programs, and we’ll discuss that later.

The KRESV tests help you focus on the most important issues when sending and receiving email with attachments. Use it every time you send email, but be aware that there is no foolproof scheme for working with email, or security in general. You still need to exercise care. While an anti-virus program alerts you to many viruses that may find their way to your home computer, there will always be a lag between when a virus is discovered and when anti-virus program vendors provide the new virus signature. This means that you shouldn’t rely entirely on your anti-virus programs. You must continue to exercise care when reading email.

http://www.cert.org/homeusers/HomeComputerSecurity/

Keep Your System Patched (3)

2007-12-30T20:10:00.000-08:00

If one of your appliances broke, you’d probably try to have it repaired. You’d call a repairperson whom you hope could do the job. You’d get an estimate and then you’d either get it fixed or replace it. Your goal is to somehow restore the functions that the appliance provides.

What do you do when a software “appliance” – a program – or the operating system itself breaks? How do you restore the functions that they provide? Do you know whom to call or even where to look to determine what to do next?

Most vendors provide patches that are supposed to fix bugs in their products. Frequently these patches do what they’re supposed to do. However, sometimes a patch fixes one problem but causes another. For example, did you ever have a repairperson fix an appliance but in the process, they scratched the floor or damaged a countertop during their visit? For a computer, the repair cycle might have to be repeated until a patch completely fixes a problem.

Vendors often provide free patches on their web sites. When you purchase programs, it’s a good idea to see if and how the vendor supplies patches, and if and how they provide a way to ask questions about their products. Just as appliance vendors often sell extended warranties for their products, some software vendors may also sell support for theirs.

Have you ever received a recall notice for your car or another product you’ve purchased? Vendors send these notices to product owners when a safety-related problem has been discovered. Registering your purchase through the warranty card gives the vendor the information they need to contact you if there is a recall.

Program vendors also provide a recall-like service. You can receive patch notices through email by subscribing to mailing lists operated by the programs’ vendors. Through this type of service, you can learn about problems with your computer even before you discover them and, hopefully, before intruders have the chance to exploit them. Consult the vendor’s web site to see how to get email notices about patches as soon as they’re available.

Some vendors have gone beyond mailing lists. They provide programs bundled with their systems that automatically contact their web sites looking for patches specifically for your home computer. These automatic updates tell you when patches are available, download them, and even install them. You can tailor the update features to do only want you want, such as just telling you something new is waiting but doing nothing more.

While the patching process is getting easier, even to the point where it can be completely automated, it is not yet foolproof. In some cases, installing a patch can cause another seemingly unrelated program to break. The challenge is to do as much homework as you can to learn what a patch is supposed to do and what problems it might cause once you’ve installed it.

This is a hard job. Often, the vendors don’t tell you about problems their patches can cause. Why? Because it is simply impossible to test all possible programs with all possible patches to discover unexpected side effects. Imagine doing that job and then continuing to do that for each new program and patch that comes along. Vendors rely on their customers to tell them when something unexpected happens once a patch is installed. So, if this happens to you, let them know.

Imagine then that you’ve either found a patch on the vendor’s site or you’ve received notice that a patch is available. What do you do next? Follow the steps below to evaluate a patch before you install it:

The Affected test: Does this patch affect one of the programs on your computer? If it doesn’t affect your computer, you’re done. Whew!

The Break test: Can you tell from the vendor’s web site or the patch’s description if installing it breaks something else that you care about? If installation does break something, then you have to decide how to proceed. Try notifying the vendor of the program that might break to learn what their strategy is for addressing this problem. Also, use your web browser to learn if anyone else has experienced this problem and what he or she did about it.

The Undo test: Can you undo the patch? That is, can you restore your computer to the way it was before you installed the patch? Currently, vendors are building most patches with an uninstall feature that enables you to remove a patch that has unwanted consequences. In addition, some computers also come with features that help you restore them to a previously known and working state should there be a problem. You need to know what your computer provides so that you can undo a patch if necessary.

Recall from the Introduction that intruders exploit vulnerabilities to gain access to home computers. How do intruders find out about these vulnerabilities? In many cases, they read the same vendor mailing lists and use the same automatic notification schemes that you use. This means that you need to evaluate and install patches on your home computer as soon as they’re available. The longer a vulnerability is known, the greater the chances are that an intruder will find it on your home computer and exploit it. With the ABU tests, you can quickly evaluate and install patches to keep intruders off your home computer.

One last thing: patches are usually distributed as programs. This means that you need to use the DCAL steps described in Task 7 - Use Care When Downloading and Installing Programs before loading and installing a patch. Intruders often take advantage of vulnerabilities wherever they may be. In many cases, the vulnerabilities they exploit may have patches, but those patches were not installed. For your home computer, make time to keep your programs patched wherever possible. If you can’t patch a program, shop around for an equivalent program and use it until the original program is fixed or you’ve abandoned it in favor of something more reliable.

You can spend money on maintenance where you get patches for programs, but that’s usually not necessary. Since most vendors provide free patches, mailing lists, and automatic updates, keeping your computer patched usually only costs you time

http://www.cert.org/homeusers/HomeComputerSecurity/

Install and Use Anti-Virus Programs (2)

2007-12-30T20:09:00.000-08:00

If someone rang your doorbell and wanted to come into your living space to sell you something or to use your telephone, you’d need to make a decision whether or not to let them in. If they were a neighbor or someone you knew, you’d probably let them in. If you didn’t know them but believed their story and found them to be otherwise acceptable, say they were neat and clean and not threatening, you’d probably also let them in, but you’d watch them closely while they were in your space.

What are you doing here? You are profiling this person and then deciding what to do based on that profile. It’s your responsibility to be concerned about who enters your living space. Further, if you have children, you’ve probably also taught them how to deal with strangers who come to your door.

Anti-virus programs work much the same way. These programs look at the contents of each file, searching for specific patterns that match a profile – called a virus signature – of something known to be harmful. For each file that matches a signature, the anti-virus program typically provides several options on how to respond, such as removing the offending patterns or destroying the file.

To understand how anti-virus programs work, think about scam artists – people who visit your home to try to get you to buy a phony product or service, or to let them in. Once inside, they may try to steal your valuables or try to harm you in some way.

There are a variety of ways you might find out about a specific scam artist lurking in your neighborhood. Perhaps you see a television report or read a newspaper article about them. They might include pictures and excerpts of the story the scam artist uses to scam their victims. The news report gives you a profile of someone you need to be on the lookout for. You watch for that person until either the story fades away or you hear that they’ve been caught.

Anti-virus programs work much the same way. When the anti-virus program vendors learn about a new virus, they provide an updated set of virus signatures that include that new one. Through features provided by the updated anti-virus program, your home computer also automatically learns of this new virus and begins checking each file for it, along with checking for all the older viruses. However, unlike scam artists, viruses never completely fade away. Their signatures remain part of the master version of all virus signatures.

Suppose a scam artist was at your front door. What would you do? Perhaps you’d not encourage them to come in nor buy their product but, at the same time, you’d try not to upset them. You’d politely listen to their story and then send them on their way. After you closed the door, you may call the police or the telephone number given in the report that initially brought them to your attention.

With viruses, you often have the chance to react to them when they’ve been discovered on your home computer. Depending upon the specific characteristics of the virus, you might be able to clean the infected file. Or you might be forced to destroy the file and load a new copy from your backups or original distribution media. Your options depend upon your choice of anti-virus program and the virus that’s been detected.

In your living space, you look at those who come to your door and you look at what you receive in the mail. These are two of the ways that items can get into your living space, so you examine them, sometimes closely, sometimes not.

Viruses can reach your computer in many ways, through floppy disks, CD-ROMs, email, web sites, and downloaded files. All need to be checked for viruses each time you use them. In other words, when you insert a floppy disk into the drive, check it for viruses. When you receive email, check it for viruses (remember to use the KRESV tests described in Task 3 - Use Care When Reading Email with Attachments). When you download a file from the Internet, check it for viruses before using it. Your anti-virus program may let you specify all of these as places to check for viruses each time you operate on them. Your anti-virus program may also do this automatically. All you need to do is to open or run the file to cause it to be checked.

Just as you walk around your living space to see if everything is OK, you also need to “walk” around your home computer to see if there are any viruses lurking about. Most anti-virus programs let you schedule periodic exams of all files on your home computer on a regular basis, daily for example. If you leave your computer turned on over night, think about scheduling a full-system review during that time.

Some anti-virus programs have more advanced features that extend their recognition capabilities beyond virus signatures. Sometimes a file won’t match any of the known signatures, but it may have some of the characteristics of a virus. This is comparable to getting that “there’s something not quite right here, so I’m not going to let them in” feeling as you greet someone at your door. These heuristic tests, as they’re called, help you to keep up with new viruses that aren’t yet defined in your list of virus signatures.

An anti-virus program is frequently an add-on to your home computer, though your newly purchased computer might include a trial version. At some point, say after 60 days, you must purchase it to continue using it. To decide whether to make that purchase or to look elsewhere, use these steps for evaluating anti-virus programs:

The Demand test: Can you check a file on demand, for example, when you want to send an attachment as part of the KRESV tests?

The Update test: Can you update the virus signatures automatically? Daily is best.

The Respond test: What are all the ways that you can respond to an infected file? Can the virus checker clean a file?

The Check test: Can you check every file that gets to your home computer, no matter how it gets there, and can those checks be automated?

The Heuristics test: Does the virus checker do heuristics tests? How are these defined?

These tests – the DURCH tests – help you compare anti-virus programs. Once you’ve made your selection, install it and use all of its capabilities all of the time.

Intruders are the most successful in attacking all computers – not just home computers – when they use viruses and worms. Installing an anti-virus program and keeping it up to date is among the best defenses for your home computer. If your financial resources are limited, they are better spent purchasing a commercial anti-virus program than anything else.

http://www.cert.org/homeusers/HomeComputerSecurity/

Thinking About Securing Your Home Computer (1)

2007-12-30T19:52:00.000-08:00

Before diving into the tasks you need to do to secure your home computer, let’s first think about the problem by relating it to something you already know how to do. In this way, you can apply your experience to this new area.
So, think of your computer as you would your house, your apartment, or your condo. What do you know about how that living space works, what do you routinely do to keep it secure, and what have you installed to improve its security? (We’ll use this “computer-is-like-a-house-and-the-things-in-it” analogy throughout, departing only a few times to make a point.)
For example, you know that if you have a loud conversation, folks outside your space can probably hear you. You also routinely lock the doors and close the windows when you leave, and you don’t give the keys to just anyone. Some of you may install a security system to complement your practices. All of these are part of living in your home.
Let’s now apply similar thinking to your home computer. Email, instant messaging, and most web traffic go across the Internet in the clear; that is, anyone who can capture that information can read it. These are things you ought to know. You should always select and use strong passwords and exercise due care when reading all email, especially the unsolicited variety. These are things you ought to do. Finally, you can add a firewall, an anti-virus program, patches, and file encryption to improve the level of security on your home computer, and we’ll call these things you ought to install.
The rest of this document describes the things you ought to know, do, and install to improve the security of your home computer.

http://www.cert.org/homeusers/HomeComputerSecurity/

Computer Security 101 (continued)

2007-12-30T19:30:00.000-08:00

The Internet uses DNS (domain name system) to translate the name to its true IP address to properly route the communications. For instance, you may simply enter “yahoo.com” into your web browser. That information is sent to a DNS server which checks its database and translates the address to something like 64.58.79.230 which the computers can understand and use to get the communication to its intended destination.

DNS servers are scattered all over the Internet rather than having a single, central database. This helps to protect the Internet by not providing a single point of failure that could take down everything. It also helps speed up processing and reduce the time it takes for translating the names by dividing the workload among many servers and placing those servers around the globe.

In this way, you get your address translated at a DNS server within miles of your location which you share with a few thousand hosts rather than having to communicate with a central server half way around the planet that millions of people are trying to use.

Your ISP (Internet Service Provider) most likely has their own DNS servers. Depending on the size of the ISP they may have more than one DNS server and they may be scattered around the globe as well for the same reasons cited above. An ISP has the equipment and owns or leases the telecommunications lines necessary to establish a presence on the Internet. In turn, they offer access through their equipment and telecommunication lines to users for a fee.

The largest ISP’s own the major conduits of the Internet referred to as the “backbone”. Picture it the way a spinal cord goes through your backbone and acts as the central pipeline for communications on your nervous system. Your nervous system branches off into smaller paths until it gets to the individual nerve endings similar to the way Internet communications branch from the backbone to the smaller ISP’s and finally down to your individual host on the network.

If something happens to one of the companies that provide the telecommunications lines that make up the backbone it can affect huge portions of the Internet because a great many smaller ISP’s that utilize that portion of the backbone will be affected as well.

This introduction should give you a better understanding of how the Internet is structured with the backbone providers supplying communications access to the ISP’s who in turn supply that access to the individual users such as yourself. It should also have helped you understand how your computer relates with the millions of other “hosts” on the Internet and how the DNS system is used to translate “plain-English” names to addresses that can be routed to their proper destinations. In the next installment we will cover TCPIP, DHCP, NAT and other fun Internet acronyms.

http://netsecurity.about.com/cs/compsecurity101/a/aa112903_2.htm

Computer Security 101

2007-12-30T19:28:00.000-08:00

Lesson 1

In order to better secure your home computer or home network it helps if you have some basic knowledge of how it all works so you can understand what exactly you are securing and why. This will be the first in a 10-part series to help provide an overview of the terms and technology used and some of the tips, tricks, tools and techniques you can use to make sure your computer is secure.

To begin with, I want to provide some understanding of what these terms are so that when you read about the latest malicious code spreading through the Internet and how it gets into and infects your computer you will be able to decipher the techie terms and determine if this affects you or your computer and what steps you can or should take to prevent it.

For Part 1 of this series we will cover Hosts, DNS, ISP’s and Backbone.

The term “host” can be confusing because it has multiple meanings in the computer world. It is used to describe a computer or server that provides web pages. In this context it is said that the computer is “hosting” the web site. Host is also used to describe the companies that allow people to share their server hardware and Internet connection to share these as a service rather than every company or individual having to buy all their own equipment.

A “host” in the context of computers on the Internet is defined as any computer that has a live connection with the Internet. All computers on the Internet are peers to one another. They can all act as servers or as clients. You can run a web site on your computer just as easily as you can use your computer to view web sites from other computers. The Internet is nothing more than a global network of hosts communicating back and forth. Looked at in this way, all computers, or hosts, on the Internet are equal.

Each host has a unique address similar to the way street addressing works. It would not work to simply address a letter to Joe Smith. You have to also provide the street address- for example 1234 Main Street. However, there may be more than one 1234 Main Street in the world, so you must also provide the city- Anytown. Maybe there is a Joe Smith on 1234 Main Street in Anytown in more than one state- so you have to add that to the address as well. In this way, the postal system can work backward to get the mail to right destination. First they get it to the right state, then to the right city, then to the right delivery person for 1234 Main Street and finally to Joe Smith.

On the Internet, this is called your IP (Internet protocol) address. The IP address is made up of four blocks of three numbers between 0 and 255. Different ranges of IP addresses are owned by different companies or ISP’s (Internet service providers). By deciphering the IP address it can be funneled to the right host. First it goes to the owner of that range of addresses and can then be filtered down to the specific address its intended for.

I might name my computer “My Computer”, but there is no way for me to know how many other people named their computer “My Computer” so it would not work to try to send communications to “My Computer” any more than addressing a letter simply to “Joe Smith” would get delivered properly. With millions of hosts on the Internet it is virtually impossible for users to remember the addresses of each web site or host they want to communicate with though, so a system was created to let users access sites using names that are easier to recall.

http://netsecurity.about.com/cs/compsecurity101/a/aa112903.htm

OS X Security Utilities

2007-12-30T19:17:00.000-08:00

If you share a Mac with others, you may want to regularly—or occasionally—remove all traces of your activity: your browser cache files, your chat transcripts, or other files that show what you’ve done and where you’ve been on the Web. For instance, do you really want a co-worker to find out that you’ve been job-hunting?

Two programs, Webroot’s $30 MacWasher X and Allume Systems’ $30 Internet Cleanup streamline these tasks. Both provide one-click deletion of browser caches, cookies, and chat transcripts. Beyond these basics, the two programs clean up different types of files, and Internet Cleanup has additional features that can make your Web surfing safer and more enjoyable.

A Clean Sweep

MacWasher lets you delete a wide range of files: recent items in the Finder and in many common applications, log files, browser cache and history files, cookies, and much more. It’s straightforward to do this manually, depending on how much time and effort you’re willing to put in. But MacWasher simplifies the process down to a single click and lets you know how much hard disk space you’re saving in the process.

MacWasher’s additional features are for the truly paranoid—not only can it delete all traces of your activity, but it can also overwrite these files up to 35 times, so they can never be recovered. (It can’t do so with some programs, including the Firefox browser, as well as Mailsmith, Outlook Express and PowerMail e-mail clients.) You can create your own filters to delete specific files as required, such as temporary files or backups for specific programs. You can also schedule MacWasher to run automatically at specific times and have it wipe your Mac at the end of every day so secret agents who come into your office at night will be stymied.

A Privacy Package

Internet Cleanup takes a different approach. In addition to cleaning cache files, cookies, chat transcripts, browser history files and e-mail attachments. It also checks your Mac for spyware, although at press time, spyware had never been found on the Mac. Also, it contains a secure delete feature to “shred” documents, a pop-up window and ad blocker for Web pages, and a monitor that warns you when any programs try to access the Internet.

Unlike MacWasher, Internet Cleanup doesn’t let you select which programs it cleans beforehand, but after you start cleaning it lets you examine the files it plans to remove. You can then choose to delete them all, or only the ones you want to remove.

The NetBlockade feature in Internet Cleanup, which blocks pop-up windows and ads on Web pages, is very effective, and is the most useful tool in this program if you use a browser other than Safari. (Safari includes a basic pop-up blocker.) If you’re tired of seeing ads on Web pages, it lets you block ads, using a built-in list of URL patterns. You can also set your own patterns when advertisements still get through its filter. Be aware, though that by default, Internet Cleanup allows certain ads and pop-ups. Their URLs appear in a white list, which you can edit. One note: Internet Cleanup requires an administrator’s password for installation.

http://www.macworld.com/article/42333/2005/01/osxsecurityutilities.html

Internet Security Overview

2007-12-30T19:08:00.000-08:00

This is an overview of what an end user can do to protect their security and privacy when connected to the Internet. Layers of security are your best bet. Each step can be relatively simple and not too technical but taken together can provide significant security and privacy.

You do not need to take all of these steps all at once. Most people reading this article already have a computer, software and an Internet service provider. So some of the layers of defense may not apply to you right now. But a over a period of time as you face some of these choices you should keep these other options in mind.

Beginners... Start Here

New System Alert! A brand new computer may not have the latest "critical updates" for Microsoft Windows XP installed. Before connecting a new Windows XP based computer to the Internet, TURN ON the XP firewall (or install another firewall) for protection from new worms and go to the Windows update web page and download and install any "critical updates". DO NOT set up email accounts or download email until after you install and/or update anti-virus software and virus definitions. Note: These files may be big and take quite a while to download with a dial-up connection. Dial-up users should consider having their computer store download and install these updates before they take delivery of their new system.

Windows Critical Updates -- These are also known as patches. Use the update feature of Windows to download "critical updates" from Microsoft. These are updates that are needed to fix holes in Windows to protect your security and privacy. Go to Start > Control Panel > Windows Update; allow download of system checker; click on Scan for updates; if any Critical Updates or Service Packs are listed, download them. Automatic Updates -- After your first update session, this is the best way to go. Go to Start > My Computer > View System Information > Automatic Updates.

The Big 3 -- Personal Firewall, Anti-Virus and Anti-Spyware Software -- These are the must have Internet security software products. See our Freeware, Firewall, Anti-Virus and Anti-Spyware pages for choices and reviews. Also consider an Internet security suite that includes a firewall, anti-virus and other security and privacy features, see our Suites page for choices and reviews. A suite may be easier to install, use, update, and get support for than individual products.

Personal firewalls have two basic functions. They protect your system from unsolicited scans coming from the Internet. Secondly, they usually offer outbound control. An inbound scan may be looking for a Trojan horse on you system. Outbound controls watch for a Trojan horse or spyware trying to call out from your system. See our Firewall page.

Important Firewall Notes: If you are using Windows XP, it has a built in firewall that is incoming only. If you decide to use another firewall, be sure to turn off the one in XP. If you decide to try out several firewalls, be sure to fully uninstall one before installing another. Running two software firewalls on the same computer may cause problems. After installing a firewall, test it with an online security service to make sure that it is working correctly, see our Test page. Testing your firewall is the only sure way to tell that your computer is really being protected.

Anti-Virus software scans your hard disk to find and remove viruses. To some extent these products can also scan and may be able to remove worms and Trojan horses. To be effective, you should update the virus definitions using a vendor's automatic update service. Since most infections get into your system via email, be sure that the product you pick includes an email scanner and that it is compatible with your email software. Your friends and associates will appreciate it if you use a product that also checks your outgoing email for viruses. See our Anti-Virus page.

Important Anti-Virus Notes: Running two anti-virus programs on the same computer may cause problems. Be sure to fully uninstall one before installing another. Look for software that has an automatic update feature and that filters incoming and outgoing email. Outdated virus definitions are useless for new viruses. Unless you want to send your friends infected email, turn on the outgoing scanner too.

Anti-Spyware removes commercial Trojan horses often included with or hidden inside of freeware products and services. Unlike personal firewall and anti-virus software, it is ok two use two or more anti-spyware programs at the same time. In fact, many experts recommend doing it because no existing product can remove 100% of spyware currently in circulation. See our Anti-Spyware page for more information.

Next Steps

Your Internet service provider (ISP) should be your first line of defense. If you have a choice, choose an ISP that offers online virus, spam and content filters. This will reduce, but not eliminate, the amount of spam and the number of infected emails that you receive. The content filter is to protect your kids. If you do not have a choice or want to keep your current ISP, consider using an online email service that offers virus and spam filters. For more information, see our Broadband page.

Anti-Trojan software should be used in addition to, but not instead of, anti-virus software. Anti-Trojan products can identify and remove more Trojans than anti-virus software. For more information, see our Anti-Trojan page.

A variety of Privacy Software is available to clean your browser, stop spam, trip up phishing, filter content for kids, catch web bugs, manage cookies, and block banner, pop-up and pop-under ads. For more information, see our Privacy, Anti-Spam and Anti-Phishing pages.

Hardware Router For Firewall, Networking & Internet Connection Sharing

If you are connecting two or more computers to the Internet, you should use a low-cost hardware router with firewall features. The firewall features come in two flavors. Most use network address translation (NAT) which hides your small computer network. From the Internet, a hacker sees your router not your computers. Routers with stateful packet inspection (SPI) check the data going though the router as well providing additional protection. If you have or want a wireless router, be sure to use its security features; even if you do, they are less secure than wired versions. Another option is a wired or wireless router with a built in DSL or cable modem. For more information, see our Router, Wireless and Broadband pages. After installing a router, test it's firewall with an online security service to make sure that it is working correctly, see our Test page. Testing your firewall is the only sure way to tell that your computer is really being protected.

Important Router Notes: The best way to have two firewalls for two layers of protection is by using a hardware firewall between your modem and computer or small network plus a software firewall on each computer. As noted above, running two software firewalls on the same computer is not a good idea.

http://www.firewallguide.com/overview.htm#Articles

Internet Security Article

2007-12-28T20:50:00.000-08:00

Internet Security is something that has grown to be a main concern among society. Companies have come out with Identity Theft prevention services, but often, by the time you get those, it is already too late or doesn’t help. The purpose of this guide is to help you try and develop safe internet habits and to keep you as safe as possible from unwanted problems relating to your personal security.

Many of you probably hear on the news, every so often, “A popular website has been compromised and many people have had their personal data stolen!” When a website is compromised, it puts thousands at risk for one of many possible types of identity theft. It is rare that a site is hacked to this extent: usually, the data is collected through look alike sites, through spyware, or through other means of collection; most of which happen on a single-user basis. It makes many people nervous when giving out personal information to anyone online because they are not sure what can really happen, and they do not have all the facts.

The goal of this article is to help you understand internet security, so you can protect yourself from thieves. We will take a look at how you can protect yourself, what websites are doing to protect you, and what laws are in place to help protect you. The best way to be safe is to understand what common tricks are, and how to avoid getting exploited.

There are two important terms, which are very commonly misused (even among the “experts” at Microsoft), that need to be defined, so you do not get confused later in the article. These words are:
Hacker and Cracker

Official Definition: http://en.wikipedia.org/wiki/Hacker
Hackers are commonly thought of as the bad guys, the people who make your computer go as slow as heck, and the people who steal your identity. In reality, they are actually the opposite. Hackers are the good guys who test security vulnerabilities and fix them. Government agencies, software companies (including Microsoft), and internet security companies employ hundreds of hackers (a few too little, maybe!) to test their software before its release. They try to hack the software to make sure that when it ships, people are not going to be able to use it for malicious purposes.

As a webmaster, even I am a hacker. I have to know how to test my website’s security so the bad guys don’t get through. I also have to ensure that when I make a website for a customer, that any data on the site is safe, secure, and that everything related to security is quite bulletproof. When I use the term “hacking” in this article, it refers to the testing of security, whether for good or bad, for sake of common terminology.

Cracker is a term that isn’t used much outside of the security world. A cracker is someone who exploits holes in a program for malicious use. For example, the people who create game keygens are crackers, meaning what they do is illegal. For continuity, I will refer to both hackers and crackers as hackers, unless a distinction needs to be made; most people think of the two as the same.

Let’s also get a common stereotype out of the way. Hackers are not always some teenager working out of their garage. Most hackers are professional people who know what they are doing. The only reason the “My 15 year old neighbor is a hacker” myth is around is that teenagers tend to be more vocal about what they accomplish. Let’s face it, there are thousands of viruses out there (to be exact, Symantec currently protects users from 69,481 viruses), and a very limited number of the authors ever get caught. Of the very few who do get caught, most of them are probably teenagers. The reason for this is quite simple: they have big mouths. They go to school and yell “Guess what! I cracked Microsoft’s web server this weekend!” and someone gets a sizable reward when they turn the youngster in. Professional hackers tend to be more covert about their actions, and therefore, rarely get caught (until they get too greedy).

A Brief History of Cracking / Hacking
Until the early 1980s, hacking had not been a household term. Prior to this time, the Personal Computer was not a widely available or feasible option for most home users. Most of the computer market consisted of million dollar mainframes the size of a warehouse, which only government and major corporations could afford. Finally in the Mid-1980s, personal computers finally became affordable to most users, and began to find their way into the home.

In 1983, a movie called “War Games” portrayed a teenager who could hack just about anything in the world. He was able to hack through his schools computer network, as well as many other malicious tasks. This movie caught the imagination of the teenagers who saw it, and sparked an evolution of hackers.

This shift caught the computing industry by surprise, so they were unprepared to take on the new breed of hacker. With time, the teenagers gained experience and many gang-like groups of hackers formed. They started to share their exploits with friends in the group, and word got around quick. Almost overnight, hacking came to the forefront of personal computer uses.

At first, hackers mainly wished to gain access to systems, not to damage them. The first hacker to be prosecuted in the United States was Pat Riddle. Pat had been known to regularly gain unauthorized access to U.S. Department of Defense computers; a major problem to the security of the United States. He was arrested, but could not be charged with anything relating to hacking, because at the time, there were no anti-hacking laws. He was charged with theft of phone service instead, putting him in jail for a very limited period of time.

To prevent similar problems in the future, the Computer Fraud and Abuse Act was passed in 1984. It provided a legal means to prosecute hackers for certain things. A more in depth detail of laws and regulations will be covered later in the article.

http://www.pcmech.com/article/internet-security-article/

Internet Security with Firewall

2007-12-28T20:38:00.001-08:00

A Firewall is an important perimeter defense tool that protects your network from attacks. Security tools like Firewalls, VPN, and Proxy Servers generate a huge quantity of traffic logs, which can be mined to generate a wealth of security information reports.

ManageEngine Firewall Analyzer is a web-based, cross-platform, log analysis tool that helps network administrators and managed security service providers (MSSP) to understand how bandwidth is being used in their network. Firewall Analyzer analyzes logs received from different firewalls and generates useful reports and graphs. Trend analysis, capacity planning, policy enforcement, and security compromises are some of the critical decisions that are made simpler using Firewall Analyzer.

Benefits of using Firewall Analyzer:

Employee Internet Monitoring:

Website accessed by the employees in your organization.
Protocols used by them for communication.
Working Hour and Non-Working Hour internet usage details and trends
Firewall Rules used by your employees and their usage pattern.
Get notification as when an employee tries to access restricted sites.
To identify internet abuse, and excessive internet usage.
Get notified on anomalies like sudden spike in internet usage.
Keep tabs of employee internet transactions that are leading to attacks / virus in your environment.
Compare current internet usage with your historical data to enable you to make firewall policy changes.
Get live internet bandwidth graphs with finer details of inbound and outbound traffic flows.

Data Center Security and Enterprise Security:

Firewall Analyzer is used in Data Centers, Security Operation Centers to monitor firewall's and intrusion detection systems to obtain insights like the following:

Get to know who is contacting your servers from where, when, and how.
Identify your busy servers and do capacity planning.
Obtain an executive summary of your network security posture like number & type of attacks, viruses, failed logons, security events and denied events.
Get to know who was denied access in your network, with respect to each server and their protocols. Thus feeling reassured that your firewall rules are working.
Get to know your firewalls rules in action and their usage trend.
Get to know the protocol usage trend in your servers.
See your network in action through nice readable, intuitive graphs.
Get notified on anomaly events like sudden spike in the number of connections in your servers and traffic usage in your servers.
Get Live Internet Bandwidth Graphs with Inbound and Outbound split-up.
Obtain events split-up of your servers based on severity and get notified on emergency / critical events on your servers.
Get to know the amount of traffic through your site-to-site VPN.
Identify the busy tunnel and do capacity planning.
Remove / reduce the unnecessary traffic going through your VPN tunnel by cleaning up your rules.
Detect your network configuration errors like wrong DNS etc.

Log Management for Compliance:

Firewall Analyzer can collect, archive, analyze, and report on all the firewall logs which can prove useful during your network audits for meeting regulatory compliance.

Store / Archive logs for years together, to meet your compliance needs.
Get compliance reports like successful logins, logoff and failed logins.
Store your individual firewall log records and do historical trend analysis using the archived firewall logs whenever required.
Automatic log reception from firewalls without the use of probes or agent installations.

Managed Firewall Services Support for MSSP:

Firewall Analyzer offers profitable Managed Firewall Services for Managed Security Service Providers (MSSP), which will help you to track intrusions, manage user website access, audit traffic and also help you to manage your customer's network bandwidth usage efficiently.

Centralized log management for heterogeneous devices.
Manage multiple firewalls from the single installation.
User-specific firewall views, whereby you as an administrator can assign customers to their respective firewalls and each customer will have access to only his respective firewall details.
Create custom dashboard views which could be based on the different geographical locations or nature of business or any other specific requirements of your customer.

http://manageengine.adventnet.com/products/firewal