a service of StratVantage Consulting, LLC

Basic Home Networking Security

Whether you have a dial-up Internet account and a modem or a broadband DSL or Cable modem connection, you need to be concerned about security. It is a common misconception that dial-up customers don’t need to worry about CyberAttacks. However, every Internet user these days needs to be concerned about avoiding attacks that could inconvenience or incapacitate your home machine.

• Types of Threats
• Secure Home Networking Practices
• The Basic Home Network Security Toolkit
• To Learn More . . .

Types of Threats

The threats facing Internet users today include:

Malware – This generic term refers to viruses, worms, or any executable code that has a bad intent. A virus may wipe out your hard drive, or a worm may email everyone you know and infect their computers. The first line of defense against malware is up-to-date antivirus software. Equally important is making sure to keep up with software and operating system patches which vendors provide to address security flaws.

System Compromises – When a cracker compromises your system, he or she is able to do anything on the computer that you can, including deleting files or stealing information (like your Quicken files!). Deploying defensive systems like firewalls as well as keeping up with software patches are important steps you can take to prevent system compromises.

Denial of Service Attacks – This class of CyberAttack is rapidly become the most popular choice of Internet miscreants. It involves flooding a target Web site with bogus page requests, eventually slowing it significantly or even crashing it. Crackers often enlist unguarded home computers that have broadband connections in their attacks, turning them into so-called zombies. Typically, the cracker has full control over the zombie computer. Good security practices can prevent having your computer being enlisted in a denial of service attack.

Private Network Compromises – These attacks are much more rare, but much more dangerous than the other types of threats. By compromising your home computer, a cracker could gain access to your work network, wreaking untold damage. To prevent this, disable any automatic logon scripts and never store user IDs or passwords in a disk file.

Secure Home Networking Practices

There are several things you should do even before you look at adding additional security tools to your system:

• Don’t leave your system on all the time – If you have a broadband connection, it’s tempting to leave your computer on constantly. However, the longer a computer is on, and the longer it is left unattended, the more likely it is that a cracker can compromise it.
  
  
• Use a Secure Password – This is especially important if you have a Windows NT or 2000 computer, which are more desired targets for crackers. You can follow these rules for creating a secure password you can remember.

• Do Not Save Account Information on Your Computer – And don’t post passwords on your monitor either, especially if you have children who may bring friends into your house.

• Back Up Your System Regularly – If a virus or a cracker wipes out your hard drive, there’s probably a lot you would miss. Back up your system to Zip drives, tape units, or CDs on a regular basis.

• Do Not Open Attachments From Strangers – In fact, be suspicious of unexpected attachments from people you know. Many malware programs use Microsoft Outlook address books to spread their infection. Check About.com's Infected Attachments Center if you're at all suspicious of an attachment.

• Crank Up the Security on Your Programs – If you use Microsoft Internet Explorer or Microsoft Outlook, this is even more important. Use the settings of these programs and any other software you have to set the highest security levels. In Microsoft Word for Windows 2000, Excel 2000, and PowerPoint 2000 select Tools, Macro, Security, and set security to Medium or High.
  
  
• If you run Microsoft Internet Information Server -- Consider not running it. If you must, use the Internet Services Manager and set "Execute Permissions" to "None" for the following directories:
  
  
  • Scripts
  • IISAdmin
  • IISSamples
  • MSADC
  • IISHelp
  • Webpub
  • Printers
  • Cache
    
    

  Use the Internet Services Manager to stop the SMTP Virtual Server, which makes your PC act as a mail server.
  

• Disable File Sharing – If you do not want to disable Microsoft Windows’ file sharing features, be sure that every share has a secure password for use. You should also make sure you have a hardware firewall if you are a broadband user.
  
  
• Rename Your Administrator Account – If you use Microsoft Windows NT or 2000, rename the administrator account, and be sure it has a secure password. Crackers typically will try to break in to the admin account. Also, disable your guest account and anonymous FTP. If you don’t really need it, do not run Internet Information Server, Microsoft’s Web server.

• Check Your Security Regularly – Just because you’re state-of-the-art secure now doesn’t mean you will always be. Check out your home security practices on a regular basis, at least twice a year.

• Be Sure Your Family or Household Members Know What to Do – Educate household members on good security practice and on what to do if there is a security incident. For example, make sure they know how to respond if your antivirus software alerts them to a virus.

The Basic Home Network Security Toolkit

In addition to the preceding good security practices, every home networker should employ additional security tools. Regardless of your type of connection, and whether or not you access your work network from home, you should have these basic security tools installed and in good working order:

• Up-To-Date Antivirus Software
• The Latest Patches for Your Software
• A Software Firewall
• A Hardware Firewall (for broadband users)

Each tool is considered in more detail in the following sections.

Up-To-Date Antivirus Software

All machines should have antivirus software, which is your inexpensive first line of defense against malware. Most antivirus software vendors sell you a package that includes free updates for a year. After the year is over, be sure to purchase continued antivirus updates.

A virus signatures file contains information that enables your antivirus software to identify viruses and worms and eliminate them. Since new malware appears on the Internet almost daily, you should make sure your signatures are up to date, at least weekly. To be really secure, update your signatures daily.

Some antivirus software can be set to automatically update the virus signatures at a certain time each day. Some, like Norton, can also scan emails before they are put into your inbox

The following commercial antivirus software packages are readily available either in stores or over the Internet:

• Symantec’s Norton Antivirus 2002 ($49.95)
• McAfee VirusScan Online (2 year subscription $49.90)
• Computer Associates eTrust InoculateIT ($19.95)

The Latest Patches For Your Software

If you use Microsoft software, you can use the Microsoft Windows Update service at: windowsupdate.Microsoft.com. The service will identify any required or optional software patches for your particular system.

The Personal Security Advisor, a free program from Microsoft created by Shavlik Technologies, can scan your computer for security vulnerabilities and notify you of the patches you need: www.securemicrosoft.com/scan/start.asp. Shavlik also has more advanced programs that can actually automatically update your software with the latest fixes: www.shavlik.com/security/.

A Software Firewall

A software firewall is a program you install on each of your home computers. All communications with the Internet and with other computers on your home network, if you have one, must pass through the firewall. You can determine which programs on your computer you want to access the Internet (you may be surprised at how many do contact the Internet behind the scenes) but, more important, you can prevent other computers on the Internet from accessing your computer.

The best firewalls will notify you if a program you previously allowed to access the Internet has changed, either due to a software update or due to modification by a virus or worm.

If you have a software firewall, but no hardware firewall, be sure the firewall blocks access to your computer on the following ports:

• 23
• 68
• 111
• 113
• 137
• 138
• 139

Most hardware firewalls already take care of blocking this access. See your software firewall's manual for information about blocking these ports.

If your organization supports Virtual Private Networking (VPN) for home users, you’ll want to make sure your software firewall supports the type of VPN they use.

Gibson Research’s reviews of personal firewalls are very helpful in deciding which firewall to buy.

Note: Gibson does not recommend using one of the most popular firewalls, Black Ice Defender.

Note: Microsoft’s Office XP Service Pack 1 is incompatible with Zone Alarm.

A Hardware Firewall

If you access the Internet using a broadband connection (such as a DSL line or a Cable modem), a software firewall is just part of the picture. Since broadband users are typically connected to the Internet longer than dial-up users, and since their high speed connection makes them more of a target, broadband users should also have a hardware-based firewall, which sits between you and your DSL router or Cable modem and protects your home network.

Although a software firewall will keep bad guys from accessing protected computers on your home network, a hardware firewall can make your home computer or network invisible to miscreants, and so they won’t even try to attack. They do this by preventing any probing of Internet connections, and by translating the IP address of your computer so all computers on your home network appear to the Internet as the same address.

The best hardware firewalls will notify you, usually via email, if an intruder tries a probe or an attack. Some firewalls also offer wireless connections, although even the best built-in wireless security protection is insecure. If you want to add wireless network access, plan on running some other kind of encryption or other security scheme.

If your organization supports Virtual Private Networking (VPN) for home users, you’ll want to make sure your hardware firewall supports the type of VPN they use.

If you have more than one computer at home, you may want to consider a hardware firewall/router combination that has more than one port.

The award-winning Linksys unit is probably the most popular of these units.

What to Do If You're Attacked

Once you have the proper defenses in place, you're likely to see some activity reported by your firewall program. One of the most likely kinds of incidents is called a port scan.

What You Can Do About Port Scans

You may find that your firewall software reports as many as 15-20 random port scans a day. In order to understand what a port scan is, you first need to understand what a port is. Ports are connection points to the TCP/IP networking software of a computer. Think of them as sockets that other computers can connect communications lines to.

Pretty much all communication over the Internet originates from a specific port on one computer and connects to a specific port on another computer. There are over 65,000 ports available, but a handful of ports are very commonly used. Among them are port 80 for Web services, ports 20 and 21 for FTP services, and port 25 or 110 for email services. Here is a list of commonly used port numbers.

A port scan is an attempt to determine whether a particular port on your computer accepts a connection. Port scanning software used by crackers rapidly attempts to connect to many or all of the ports on your computer. It's akin to burglars trying all the door handles in your neighborhood looking for one that will let them in.

When a cracker scans your ports, if you are not running a service on a port and your computer is listening for a connection to that port, the response to the port scan will indicate that the port is not open. Thus, a port scan by itself is not a dangerous thing. It merely means someone is jiggling the door handles on your computer.

Without a firewall, however, it is impossible to close all the ports on your computer. If you have a Windows computer, there are a great many ports open that you probably are completely unaware of. For example, port 139 is used by file and print sharing and port 135 is the end-point Mapper used by the Domain Name System (DNS). And of course, if your email software is running, port 25 will be listening for new email. This is why you must have a firewall in any home system configuration. The right hardware or software firewall can even make it look like there's no computer at all at your network address while still allowing your Internet software to work.

So why is your firewall reporting port scans? There are some legitimate causes for port scanning, such as the equivalent of someone dialing a wrong telephone number, or your ISP scanning its network looking for computers that may have been compromised. However, in most cases port scanning is done by people who are probing your computer (and probably many others in your network neighborhood) for vulnerabilities. However, if your firewall or intrusion detection software reports a scan coming from the same IP address to hundreds of ports on your computer, this is most likely a cracker at work. You should consider reporting this activity to your Internet Service Provider (ISP). Although port scans are not illegal, they are probably a violation of your ISP's Acceptable Use Policy.

What You Should Do If Your System is Compromised

If, despite following the precautions outlined here, your system is broken into, your first concern should be to make sure your computer has not been turned into a "zombie," a computer under the control of a cracker that is used to attack other computers. The easiest way to prevent your computer from damaging others is to disconnect it from the Internet. This should be your first step if you suspect your computer has been compromised.

You next might consider whether to pursue law enforcement action against the perpetrators. This is especially a consideration if your computer was used to breach the security of your employer. You can report Internet-related crime to law enforcement investigative authorities at the local, state, or federal levels. The Department of Justice and the FBI have resources to fight and prosecute computer crime. You can report the incident to a local FBI office or, if your area has one, the local FBI Infragard chapter. Infragard is a public and private alliance to help protect our nation's vital infrastructures, from dams and power plants to computers and telecommunications. You can find the Infragard office nearest you at www.infragard.net/. Infragard is one of the programs of the interagency National Infrastructure Protection Center (NIPC). You can file a report with NIPC Watch by calling 202-323-3205 or completing a form available at www.nipc.gov/.

If you think you will want to pursue legal remedies after an attack, it is very important that you preserve the evidence of the attack. See the issue of the StratVantage News Summary, You're Hit What Next?, for more information about preserving evidence.

To Learn More . . .

The Stay Safe Online Campaign, an alliance of the FBI, Department of Defense, Federal Trade Commission, Microsoft, Cisco Systems, AT&T and more than 30 others offers a security self test, advice for beginners and much more on their Web site: http://www.staysafeonline.info/.

For more detailed information, try StratVantage’s Security Resources Directory: www.stratvantage.com/security/.

version 1.3 Revised 10/3/02

Interested? Drop us a line at support@CTOMentor.com and Burn Your Inbox™.

Emerging Tech Strategy – Permission Marketing – White Papers – Newsletters

is a service of StratVantage Consulting, LLC.
Copyright © 2002, StratVantage Consulting, LLC. All rights reserved.

Please send all comments to .

CTOMentor on eBizQ:

CTOMentor's white paper, Peer-to-Peer Computing and Business Networks: More Than Meets the Ear, is now featured on eBizQ's site. eBizQ is the insider's guide to e-business.

Take Our Survey on Home Network Use

With the increased penetration of broadband connections, more and more workers are accessing their work networks from home. We'd like to invite you to participate in a survey on home use of your organization's network resources. This 9 question survey takes only a couple of minutes to complete. You can check back after March 1st to see results on this site.

Take the survey.

For More Security Information

Get more information about security from StratVantage's Security Resources Directory.

If you're not terrified about security, you're not paying attention.™