mr mark, with Navigator 4.06 I could NOT highlight anything on the Langa page, therefore no c&p. I did save the page as txt and got this [unedited]...
Winmag.com's Explorer - The Four Myths of Online Security - by Fred Langa
SEARCH
Winmag
Research
Center
Free Newsletters
Magazine Library
Editorial Calendar
Contact our
Circulation Dept.
REVIEWS
Winlist
Software Reviews
Systems Reviews
Hardware Reviews
Suite Spot
WINDOWS
Windows Workshop
Windows 98/95
Windows 2000/NT
Special Reports
HotSpots
Newsletters
Columns
HELP
Hot Fixes
Tips
WinTune
BrowserTune
Discussions
Win98 Forum
Downloads
Letters to the Ed.
Contact Us
Editorial Staff
Sales Staff
Ad Sales Info
Privacy Statement
Byte.com
CMPmetrics
Data Communications
File Mine
InformationWeek
InternetWeek
Network Computing
Planet IT
TechShopper
TechWeb News
Tele.com
WebTools
Winmag.com
EXPLORER
February 14, 2000
Fred Langa
The Four Myths of Online Security
Make sure your PC is really secure from 'Net-based hacker attacks --
without spending a dime.
Join in the Discussion
Related articles:
LangaList - 10-14-99
LangaList - 10-18-99
LangaList - 11-18-99
Tons of Networking Info
The Internet is a two-way street. Just as it?s easy for you to connect to
other sites, it also may be easy for others -- for hackers -- to connect
to your PC. In fact, by default, many PCs are set up with truly awful
online security settings that can leave the door to your system and your
hard drive unlocked and wide open!
The more time you spend online, the greater the odds that someone will
indeed try to crawl back through your Internet connection to get inside
your PC. And if a hacker finds a weakness or a security flaw in your
setup, he or she can launch a full-blown attack that can cause trouble
ranging from the merely annoying (slowing down or crashing your computer)
to major headaches (potentially reading files, stealing passwords, and
worse.)
But many people succumb to one or more of the following myths about online
security, and in doing so, leave themselves wide open to major trouble:
Myth #1: "I?m not on a network, so my PC is safe.? The Internet is a
network, and any Internet-enabled stand-alone PC will have some or all the
same networking protocols running that you?d find on a PC in (say) the
heart of a huge business setting. But a PC in a huge business setting
probably has corporate firewalls and a professional IT staff working to
keep it safe. In stark contrast, a PC in small business, home office, or a
laptop used in the field (away from corporate security measures), or a
personal-use home system may have a networking setup that?s wide-open,
totally vulnerable to hackers -- and you might not even know it. The
threat is very, very real: With today?s "always on" connections such as
cable modems and DSL, you can be virtually certain that at least two or
three or four (or more!) bonehead miscreant hackers will try to break into
your PC every single day!
Myth #2: "I just use dial-up connections, so my PC is safe.? Dial-up
connections come and go; each time you dial-up, you get a slightly
different ("dynamic?) numeric Internet protocol (IP) address. (Unless, of
course, your ISP has assigned you a static IP address.) That makes it
harder for a hacker to find you than if you have a "static IP? or an
always-on connection. But hacker tools have evolved to the point where
they can scan literally tens of thousands of IP addresses an hour. With so
many hackers scanning so many possible addresses, even dial-up connections
can and do come under threat of attack.
Myth #3: "I use an anti-virus app, so my PC is safe.? A good anti-virus
utility will indeed protect you -- against viruses and similar problems.
But it?ll do nothing to prevent a hacker from lifting information off your
system or crashing your PC. It?ll do nothing to prevent a malicious (but
programmatically legitimate) application from surreptitiously "phoning
home? and sending information about you or your PC back to some other site
or person. Anti-virus tools are just one small (but important) part of
online security.
Myth #4: "I use a firewall, so my PC is safe.? Firewalls are great, but if
your PC is inherently insecure in and of itself, then relying solely on an
add-on program to provide security puts all your figurative eggs in one
basket. If the firewall software has a flaw or a bug, or if anything goes
wrong with it, you?re toast. Plus, some firewalls are useless against
viruses or similar apps; most do absolutely nothing about malicious apps
that quietly send data about you or your system back to an outside source;
and some firewalls actually can make things worse because they advertise
their presence to hackers, inviting specialized attacks designed to defeat
that particular kind of firewall.
But there are solutions. Using tools you already have, and for free, you
can vastly improve your online security -- and that?s what this week's
Explorer column is about: I?ll cover the essentials of how to set up your
Internet connections so as not to needlessly create security holes. In
future columns, we'll talk about other techniques and products (some also
completely free!) you can add to further reduce security problems.
With the secure networking foundation I?ll show you in a moment, any
firewalls or other products you use will only add to an already-safe
setup. And, if there proves to be a problem with your firewall or security
software, you won?t be left totally exposed to hackers. You won?t have all
your security "eggs? in one basket!
Because this is a column and not a full-blown feature article, I?ll be
moving along fast: Check the References listings to follow up on any steps
or concepts that aren?t clear to you.
A One-Minute Primer In Networking Basics
If geekspeak makes your eyes glaze over, you may wish to skip to the next
section. But reading this will only take a minute, and will help you
understand the "why? of the information in the next section:
In simplified form, you can envision that your working connections have
three levels or "layers.? The deepest layer is the one that physically
connects you to a network you?re trying to reach -- and it involves
hardware. For dial-up, it?s the "Dial-Up Adapter? that lets your PC?s
networking plumbing talk to your modem. On a LAN, it?s the "Network
Adapter? software that lets your PC talk to your network card. DSL, cable,
and similar systems also usually use a network card. A PC can have one or
more hardware adapters simultaneously running, side by side: For example,
I have a PC connected to a cable modem; it?s also on my office LAN, and is
connected to a dial-up modem. That system has two network adapters and a
dial-up adapter in its networking setup.
The middle networking layer is made up of the communication protocols or
"languages? that your system uses to talk to other networks. The
Internet?s lingua franca is "TCP/IP.? Other commonly used protocols are
NetBEUI and IPX/SPX. These protocols also can operate side-by-side: Any
protocol can simultaneously be tied (or "bound?) to one or more hardware
adapters; likewise a hardware adapter may simultaneously be bound to
multiple protocols.
The topmost layer is the networking services -- the logons, the "print and
file sharing,? the "client? software that sits on top of the rest of the
plumbing and lets you do the things you want to do on the network.
Unfortunately, they?re a two-way street, so they may also let hackers do
what they want to do!
So, the trick to making your PC secure is to ensure that any dangerous
settings or services (such as "print and file sharing?) are never
needlessly connected to a protocol or adapter that?s accessible from the
Internet at large, where hackers might exploit them. In other words, by
carefully selecting what gets "bound? to what, you can ensure that
inherently unsafe services and protocols are simply not accessible to or
from your Internet connection.
How to Make Your Connections Safe
The information I?ll present here isn?t dangerous, but it?s always a good
idea to make a backup of critical data on your system before you start
making any system changes; and to write down what your settings were so
you can restore things if you need to. If you?re on a LAN or if you have
special networking needs (such as the need to connect remotely to a
corporate LAN or VPN from a home office) talk to your network
administrator before implementing any changes.
Let?s start by examining your networking setup: Right-click Network
Neighborhood and select Properties. (Or click the Network icon in Control
Panel, which is the same thing.)
What we?ll now do is remove the parts of your networking setup that make
it easy for someone to connect to your PC via the Internet?s protocol:
TCP/IP:
If you don?t have a dial-up connection, skip to the next paragraph.
Otherwise, double click Dial-Up Adapter, then Bindings. UNcheck anything
in the bindings box except TCP/IP; then click OK. Next, in the main
network dialog, double-click the item labeled "TCP/IP -> Dial-Up Adapter.?
(You may have to scroll down in the window to see it. Also, if a Dial Up
Adapter is the only adapter in your system, it may simply say "TCP/IP.?)
You may get a warning from Windows about the danger of changing these
settings; ignore the warning -- the real danger is in not changing these
settings. After you dismiss the warning dialog box, click on the Bindings
tab. In the Bindings box, if "Client for Microsoft Windows? and/or "File
and printer sharing for Microsoft networks? are present and checked,
UNcheck them, and click OK. If they were the only things TCP/IP was bound
to, you?ll get a warning that states: "TCP/IP is no longer bound to any
drivers? and asks whether you want to select one. Answer "No.? You do not
want clients or sharing services bound to TCP/IP.
If you have a network card or cards in your system, for each card click on
the TCP/IP label. For example, in my system, which uses an inexpensive
Realtek brand network interface card (NIC), I?d click on "TCP/IP ->
Realtek RT8029(as) PCI Ethernet NIC.? Click the bindings tab, and be sure
that "Client for Microsoft networks? and "File and printer sharing for
Microsoft networks? are UNchecked.
But what if you?re on a LAN and want to share your files or printers
locally? The solution is to add another, non-Internet protocol -- IPX/SPX
or NetBEUI. Add the appropriate Microsoft Networking Client, click on
"File and Print Sharing,? and enable print sharing, file sharing, or both.
Now go back and examine the bindings for every adapter and every protocol
in your system. Make sure that the "Client for Microsoft Windows? and
"File and printer sharing for Microsoft networks? are present and checked
only for IPX/SPX and/or NetBEUI. At the same time, be sure they are not
checked for TCP/IP. Then, repeat the same process on all the other PCs on
the LAN. In this way your PCs will use only vanilla TCP/IP for
communicating over the Internet, and will use a non-Internet protocol for
printer and file sharing among themselves. Because Internet hackers must
use TCP/IP, they?ll have a much harder time trying to get at your shared
files or printers. That makes your PC and your LAN is now much more secure
than it was before.
Note that any changes you make to your networking setup may reset your
bindings and other settings even in areas you didn?t touch. Any time you
(or any software you install) make any changes to your networking setup,
step through the process above to make sure that your TCP/IP connections
remain clean and unbound to client software or print and file sharing
services.
AOL is notorious for this: It adds its own (often unnecessary) adapters to
your networking setup, and may improperly alter your bindings. Some users
report that after installing AOL, their print and file sharing was bound
to TCP/IP -- offering their files and printers to anyone who wanted to try
to connect! The trick is to, either avoid AOL altogether, or to check
manually each and every networking element to ensure that nothing is bound
to your outbound TCP/IP connections after you install AOL.
There?s lots more you can do to improve your networking security, and
we?ll cover that in future columns. But the above steps will eliminate the
most common and glaring network security problems for Windows PCs, and
give you a more secure foundation for all your online activities. Once
you?ve learned the process, the whole thing takes only a minute to set up
or check, requires absolutely no add-on software, and best of all, it's
totally free!
Try the steps above, and then join the discussion. Winmag.com readers are
famous for being both knowledgeable and helpful. If you have questions
about networking, ask them in the forum, and I or someone else will try to
help. Plus, share your tips, tricks, and suggestions for making your PC
more secure. Join in!
References
LangaList - Free Internet Security Check
LangaList - Another Free Internet Security Check
LangaList - Yet Another Great Free Security Test
Shields Up! Windows Networking 101
Free Personal Firewall Software
Tons of Networking Info
Join in the Discussion |
