Securing Your Internet Connection

• Do you have an "always on" Internet connection?
• Or even an "occasionally on" Internet connection? (Times have changed.)
• All You Need To Know
• Turn Off File Sharing Now
• Why you should turn your firewall on: A Security Check
• --For More on Firewalls
• --LAN and Hardware Firewalls
• Viruses and Spyware
• -- Norton/Symantec Antivirus for Macs and Windows
• -- Anti-Spyware Software for Windows
• For more information:

It's easy to think that no one could possibly be interested in your poor, slow, little Pentium (or iMac, for that matter), but that's simply not the case. Having a fast Internet connection that's "always on" when you want to surf the Web is great for you, but it's also great for hackers from around the world who have nothing better to do than sweep through thousands of random IP addresses looking for machines that they can exploit. And what they can do is really quite scary. Without any visible sign or warning, hackers can infiltrate your system to obtain personal information about you or to use your computer to disguise themselves when they attack other machines.

You need to consider securing your home computers even if you are only connected some of the time. You're vulnerable whenever you're connected.

CERT/CC on Using the Internet Securely answers any questions you might have using the Internet and being secure while you do it, including defining every relevant term: "This document gives home users an overview of the security risks and countermeasures associated with Internet connectivity, especially in the context of “always-on” or broadband access services (such as cable modems and DSL). However, much of the content is also relevant to traditional dial-up users (users who connect to the Internet using a modem)."

And Practically Networked Securing Your LAN page tells you what to do secure your LAN. Or your personal computer, if you don't have a LAN.

All you need to know about home network security:

CERT/CC's Using the Internet Securely; they are the experts on Internet security.

All you need to know to secure your home Internet connection for Windows Computers:

Practically Networked's Securing Your LAN page.

Got a Wireless Network at home?

Practically Networked's Securing Your Wireless LAN page,
also Daily Wireless's How to secure a WLAN.

How to set up your Home Network with Macs:

At This Particular Macintosh's How To page. And http://www.atpm.com/network/, threemacs.com's Mac networking pages, which are exceedingly complete, but a bit out of date. Their page on network security is very useful.

The first thing to do to protect your always-on-the-Internet personal computer from attack from the outside is turn sharing off on all your disk drives and printers. And you must do it right now. (Unless you have a LAN in your house, of course; in that case, you should put a password on all your drives.)

This is particularly important if you have a cable modem, because your computer is on a LAN with your neighbors, or if you have a wireless network in your house, which people outside your house may eavesdrop in on.

To turn off file and printer sharing in Windows: Double-click the My Computer icon on your desktop. Then right-click on the name of a drive, select Properties, click the Sharing tab, then click the Not Shared radio button. Repeat for each drive. Then double-click the Printers folder and repeat the same process for each printer. If you don't have a Sharing tab, then you're set; your operating system was installed without network sharing options.

To turn off file sharing in Macs: Open the Sharing Setup/Sharing (in Mac OS X) control panel. In the File Sharing/Personal File Sharing (Mac OS X) section, you should see the message "File sharing is off" with a Start button beside it or below it (Mac OS X). If you see a Stop button instead, click it. For Mac OS Classic, a dialog box will open asking "How many minutes until file sharing is disabled?" Select 0 and click OK.

If you have an always-on Internet connection, via a cable modem or DSL or IDSN line, you must use a filewall (a network protection tool that guards against and reports intrusions on your computer from the outside), and you must keep it running at all times.

To get an idea of what the firewall will do for you, run

Symantec's Internet Security Check

before and after you install a firewall. Running it might be just the thing you need to convince you to run one. This service checks the security of your computer's connection to the Internet by sending it various connection requests.

Both Windows and Macs now come with perfectly usable builtin firewalls.

• Windows Firewalls, from Microsoft
  • Windows 7 Firewalls, from Microsoft
  • Windows Vista Firewalls, from Microsoft
  • Windows XP Fireswalls, from Microsoft
  • firewallguide.com Personal Firewall Reviews
• Mac Firewalls, from MacWorld (including some info on outside firewalls, though the builtin ones work fine)
  • Mac OS X 10.5, 10.6 Application Firewall, from Apple
  • Snow Leopard Firewall, from Mac Most, a video tutorial (with a transcript), very good. (But I don't agree with his conclusions; I think firewalls are always useful!)
  • Protect Your Mac with Tiger's Firewall, from the Mac Observer

Need help interpreting your firewall's logs?

Check out Robert Graham's "FAQ: Firewall Forensics (What am I seeing?)" page: http://www.linuxsecurity.com/resource_files/firewalls/firewall-seen.html

If you have a home LAN and use NAT (Network Address Translation) hardware/software, you can run a firewall on/with the NAT that will protect all of your other machines. For more information including links to lists of available broadband cable/DSL routers, see Home LANs and Sharing Your Internet Connection.

Or you can get a "firewall appliance" -- hardware firewall. Turnkey Network Appliances has a short definition:
http://www.firewall-servers.com/what_are_firewall_servers.html

If the ongoing spate of Windows/Web/email viruses and worms hasn't already scared you enough to install antivirus software on all your personal computers, both Windows and Macs, maybe it's because you've been lucky and haven't been inflicted with one yet. Don't depend on luck — install the ACCC Network Service's Kit highly rated and easy to update Symantec/Norton AntiVirus, SAV/NAV. The UIC license agreement for SAV/NAV allows it to be installed on any computer belonging to any member of the UIC community, on campus or off.

But just installing SAV/NAV isn't enough -- you have to keep its "virus definitions" up-to-date. To do that, run LiveUpdate on a regular basis, say once a week, and also whenever you hear about a new virus or worm. You can either run LiveUpdate by hand, or schedule it to run automatically on a regular basis. See the SAV/NAV Web pages for instructions.

Spyware is another name for adware -- advertising supported software. Actually, they aren't exactly the same. Spyware is software (or hardware) that gathers information about a person or organization without their knowledge. Adware, on the other hand, is a software application in which ads are displayed while the program is running. (Click on the links to see the whatis.com definitions of the terms.) Advertisers are usually interested in how the user reacts to their ad, so adware often has a spyware component.

Adware can also slow your Windows computer down to a crawl.

The Spychecker.com Web site has all you need to know about spyware:

• What is spyware?
• Freeware anti-spy tools for Windows. The most widely used and recommended are Ad-Aware and Spybot - Search & Destroy.

The ACCC's Virus and Spyware Removal CD for Windows contains Stinger, Spybot, and Symantec Antivirus; you can download it for free from the University of Illinois Webstore.

CERT/CC Vulnerabilities, Incidents, and Fixes

Want to know what's going on in computer security? CERT (Computer Emergency Response Team) is the place to go in the US. CERT was formed by the US Department of Defense in 1988, "to address computer security concerns of research users of the Internet". The CERT Coordination Center (CERT/CC) is in the Software Engineering Institute (SEI), Carnegie Mellon University, Pittsburgh, PA.

See also CERT/CC's Home Network Security

This document answers any questions you might have using the Internet and being secure while you do it, including defining every relevant term.