Securing Your Network
Introduction
Over the years as computers have evolved and the Internet has become more and more popular, the need for security has grown also.
What is network security?
By definition Network Security is the protection of networks and their services from unauthorized modification, destruction, or disclosure, and provision of assurance that the network performs its critical functions correctly and there are no harmful side-effects. Basically meaning that network security makes sure that you are the ONLY one how can use and gain access to your network. Which helps you to keep intruders or hackers from getting to your information on your computer.
Why is network security important?
Today, people do a lot of tasks online. People can do banking and shopping right from their computer. With these privileges comes the need to input important information(such as credit card numbers and account numbers) into web pages where you don't know who's reading the information on the other side or who is spying on what you do from a separate location. The
How easy is it to break into your computer?
As the Internet has grown so has the intelligence and capabilities of hackers. Software programs have become more and more complicated making it harder to find a small hole or virus. Without proper security software, all it takes is for you to download a free virus-filled application off the Internet and run it. However, even with proper security software hackers can develop new methods of getting into your computer, which makes it of the most importance to constantly update your security software.
Passwords
Passwords are keys you use to access safeguarded information, such as personal information, online accounts, banking information, etc. In the online world, passwords are the main way of keeping hackers away from your information. It's the hardest thing for another person to find out. Without passwords, what would protect our information online? E-mail addresses? How easy is it to figure out your friends email address? It is important to make sure that your password is something that nobody else will not be able to figure out easily. For example, you shouldn't make your password your name since all of your friends will be able to login to your online accounts and see your information.
Strong Passwords
What makes a strong password? There is a lot of criteria to include when making a strong password.
- Length -- All passwords should be long. Most places where you input a password will give you a number range of characters to include in the password. It always best to include the MAXIMUM number of characters. The longer the password the more possibilities a hacker has to go through before he/she gets to your password. If there is no range acknowledged, it is best to include 14 or more characters. Some places let you include a [space] as a character in the passwords. It is best to take advantage of that and create a password of multiple words.
- Characters -- Make sure to use all types of characters. The more different types of symbols used the harder it will be for a hacker to determine your password. Sometimes the place where you enter a password will tell you what characters/symbols you can use in your password. If you cannot use a wide variety of characters it is important to make the password longer to get the same degree of safety from it. It also important to use uncommon characters.
- Think of making a password as choosing a word/phrase to use in hangman. The more unique the letters, the harder it will be for somebody to figure out. Make sure to use phrases that you will be able to remember, but others will not be able to figure out.
Passwords to avoid
There are certain types of passwords that you want to make sure NOT to use.
- Avoid using passwords that have repeating characters such as "222222", "123456", "abcdef" or adjacent letters on your keyboard such as "asdfgh" or "qwerty"
- Purposely mistaking look-alike symbols such as "l"(L) for "1"(one). Or words like "P@ssw0rd" that just look like the same word. Hackers are smart enough not to be fooled by these.
- Do not use parts of your login name, real name, birthday, social security number, credit card number, or other important information that you are already trying to protect with that password.
- Do not use words that exist in dictionaries of any language. Hackers have very good software that can quickly go through dictionaries of any language as well as backwards words, common misspellings, and substitutions.
- Do not use the same password for anything more than once. If a hacker gets access to one of your passwords he/she will keep note of that password and try to use it later again.
Password Protecting Your Computer
It is important to password-protect your computer in certain places. You want to make sure that when you login to your computer, it asks you for a password so that not just anybody can login to your computer. Read the How To Create Password For Login for steps on setting up your login password.
It also important to make sure that once your computer becomes idle and the screen saver comes on that it prompts for a password when returning from idle. This is important so that if you get up from your computer and go do something else that nobody else can come and sit down at your computer and look around. To create a password protected idle return follow the steps laid out in How To Password Protect Idle Return
Router Settings
Filters
Most routers allow you to set one of two different types of filtering, IP or Mac Address. Use IP Filters to deny LAN IP addresses access to the Internet. This type of filter involves entering the IP addresses of the computers on your network so that Internet access can ONLY be granted to those computers. Mac Address filtering is similar. However, IP addresses are assigned to computers and MAC addresses are assigned to network hardware. In MAC address filtering you simply enter the MAC addresses of the network hardware used on each computer into a list and the router will only grant Internet access to those pieces of hardware. Mac address filtering is more specific, because computers can carry more than one MAC address. For example, a computer may carry an Ethernet card MAC address as well as a wireless card MAC address, so you could disable the computers wireless access, but not the wired access.
Virtual Server
Virtual Server is used to allow Internet users access to LAN services. Virtual Servers can be added to the list. They can also be scheduled and set on timers.
Parental Controls
Some routers allow you to create parental controls and forbid the access to certain web pages. You can enter specific URL's or domains, which are more general and forbid access to any web pages coming out of that domain.
DMZ
A {Definition|DMZ|Demilitarized Zone} is used to allow a single computer on the LAN to be exposed to the Internet. DMZ's are created by entering the IP address of a specific computer that you want to have access to the internet. DMZ's are used if you have a network of computers, but only want to have one exposed to the internet. DMZ's still allow communication between computers on the network.
Firewalls
Firewalls are the most important factor in securing your network and computer. They are the first place where a an incoming hacker hits. Firewalls manage the flow of traffic through your network and disable access to certain events that they "don't like" or that you tell them to not like. Firewalls are based on policies and trust zones. Trust zones differ the different places where signals and information are passed through the network from. The Internet has a very low trust zone therefore information from the Internet is watched more carefully with a tougher filter. Most routers have built-in firewalls that provide a good amount of protection. Combined with a windows firewall, the security should be good enough as long as you have good security software.
Windows Firewall
Windows has a firewall that comes with the operating system. It can be accessed from the Windows Firewall shortcut on the control panel. If you do not have any other firewall software installed on your computer it is vital to make sure the windows firewall is on. The following is a table about what windows firewall does and does not do:
| It Does: | It Doesn't: |
|---|---|
| Help block computer viruses, worms, and other malware. | Detect/Scan/Disable computer viruses, worms, and other malware. Separate security software is needed for that. Look at the Fixing Your Computer Outline for more information on those programs. |
| Ask for permission to block or unblock access requests to or from the Internet. | Prevent viruses or spyware from E-mail attachments that you have opened. |
| Creates a record(security log) of all traffic trying to connect to the Internet or other computers (both successful and unsuccessful attempts) | Block spam, spyware, or non-solicitating E-mails. Separate security programs are needed for that. Look at the Fixing Your Computer Outline for more information on those programs. |
E-mail Clients
Hackers have evolved to sending viruses in scamming E-mails. This can be very deadly since they have developed ways of replicating real E-mail from important companies that you would want to read. E-mail viruses come in all shapes and sizes from obvious fakes to exact replicas of real important E-mails. How do u protect yourself from these deadly attacks?
Junk Filtering/Folders
Almost all of today's E-mail clients contain junk/spam filtering. For the most part, these filters work well to detect obvious fakes, unimportant advertising ads, and some hardcore hacker copies. They also have safe lists and junk lists. If you get an E-mail in your inbox which is spam and the filter missed it, you can add it to the junk list and the next time you receive an E-mail from that address the filter will pick up on it and put it into the junk folder. Reversibly, if you get an E-mail that has been filtered into the spam folder, but you want to keep it, you can add it to the safe list and the filter will automatically never put E-mails from that address into the spam folder. This is why it is also important to look at the spam folder at the addresses and subjects from filtered E-mails.
| Of Note | This does NOT mean to open the E-mails in the junk/spam folder, for that my lead to viruses. Simply look at the titles and addresses. |
Some E-mail clients, such as Mozilla Thunderbird, let you create your own filter rules where you can specify automatic "junking" of E-mails containing specific words or phrases in places such as, subject, send address, body, header, footer, etc.
Detecting False E-mails
There are a few tricks to detecting fake E-mails.
- Look at the sent address. Spammers can create E-mail addresses that look very similar to corporate E-mail addresses, but might have one letter change or have a different phrase after the "@". For example, "do_not_reply@apple.com" is a real E-mail address, but "do_not_repy@apple.com" is not and neither is "do_not_reply@itunes.com". This is why it is important to pay attention to those details.
- Another trick that some spammers use is taking a screenshot of a real certified E-mail and then sending you an E-mail containing that picture. However, they are smart enough to make the blue underlined words actually links, just links to bad web pages. To notice this method right-click on the page somewhere where there is no link and if you get image options (such as "save image as") then it’s a fake.
- Slight details. Hackers can get very very close to replicating exact E-mails, but sometimes they run across a signature or image that they cannot copy, so they make their E-mail look close to it. These differences can be almost invisible, such as a missing horizontal line at the very bottom of an E-mail or a logo with a slightly different color. These are easier to notice by comparing them to real E-mails that you have gotten before and seeing if there are any differences.
Rootkits/Rootkit Scanning
Rootkits allow malware to hide in files that don't show up in Windows Explorer, Task Manager, and cannot be picked up by many current anti-virus programs. Rootkits invade your system by making deep system changes so that they cannot be detected as something "different" or out of the ordinary. Once rootkits are implemented in your system, they pull keyloggers and spyware onto your system without you even noticing until all of a sudden your computer crashes. There are certain programs out there that are capable of detecting and scanning for these rootkits. It is important to have this software on your computer so that this doesn't happen to you.
Rootkit Scanning Programs
RootkitRevealer
Rootkits work by changing API results so that a system view using APIs differs from the actual view in storage. RootkitRevealer scans your system at the highest level and then at the lowest level and compares the results. The highest level is the Windows API and the lowest level is the raw contents of a file system volume or Registry. The only time RootkitRevealer would not work would be if a rootkit or virus changed the RootkitRevealer files and the searching mechanism, so that it would not pickup that specific rootkit on the search. RootkitRevealer has a very simple interface where it will search through your computer and give you a list of items it found to be strange. Each result has a description putting into a category of things found wrong. For information on these result descriptions, look at RootkitRevealer Web Page.
How To Download RootkitRevealer
F-Secure BlackLight
BlackLight detects purposely hidden files that the user of a computer cannot see and offers options to remove them. BlackLight examines a system at a deep level, which enables it to detect objects that cannot be seen by common security software. Some key benefits of BlackLight:
- Can detect and eliminate active rootkits, which some common anti-virus scanners cannot detect.
- It does not give you a long list of problems or suspected objects. Therefore, making it more user-friendly.
- BlackLight can be used in the background while other programs are running while some other scanners require rebooting or will not let you do any other work while it is working.
BlackLight is not free. It comes within the F-Secure Internet Security 2006 Suite, but a free trial version of BlackLight is available on the BlackLight web page
Good Practices for Protection
- Run your virus scanner frequently. Many virus scanners today come with a scheduler that allows you to set automatic times for virus scanners to run. Some virus scanners come with a "Quick Scan" operation, which is good to run daily. However, make sure you run a full system scan twice a week at least.
- Run your antispyware scanners similarly as you would your virus scanners.
- Make sure your security software is up-to-date. Running virus scans well eventually get pointless, because hackers learn more new ways to hack peoples' computers. If the virus scanner does not know these new tricks, it will not notice when they appear on your system. That is why it is important to update software especially virus databases.
- Avoid suspicious web pages that you do not know about. Never download ANYTHING from a web page that you are not comfortable with. When you receive an E-mail from someone who you do not know, never click on any of the links or view any of the attachments. If your junk mail filter has not picked up on it make sure you let it know that that E-mail is junk.
- Try not to use Internet Explorer since most hackers favor that as their attack location. I recommend using Firefox.
- Cycle through passwords and do not use the same password and username combination for any 2 sites.
- Don't trust unsolicited E-mails from companies. If you receive and "important" E-mail from say your bank, never click on any of the links on the page. Always type the URL in yourself.
- Subscribe to a security-focused RSS feed to get up-to-date info on the latest threats. Try ones at Kaspersky or Sophos.
- Check for router firmware updates frequently.