a service of StratVantage Consulting, LLC
Basic Home Networking Security
Whether you have a dial-up Internet account and a
modem or a broadband DSL or Cable modem connection, you need to
be concerned about security. It is a common misconception that dial-up
customers don’t need to worry about CyberAttacks. However, every
Internet user these days needs to be concerned about avoiding attacks
that could inconvenience or incapacitate your home machine.
- Types of Threats
- Secure Home Networking Practices
- The Basic Home Network Security Toolkit
- To Learn More . . .
Types of Threats
The threats facing Internet users today include:
Malware – This generic term refers to viruses, worms, or
any executable code that has a bad intent. A virus may wipe out
your hard drive, or a worm may email everyone you know and infect
their computers. The first line of defense against malware is up-to-date
antivirus software. Equally important is making sure to keep up
with software and operating system patches which vendors provide
to address security flaws.
System Compromises – When a cracker compromises your system,
he or she is able to do anything on the computer that you can, including
deleting files or stealing information (like your Quicken files!).
Deploying defensive systems like firewalls as well as keeping up
with software patches are important steps you can take to prevent
Denial of Service Attacks – This class of CyberAttack is
rapidly become the most popular choice of Internet miscreants. It
involves flooding a target Web site with bogus page requests, eventually
slowing it significantly or even crashing it. Crackers often enlist
unguarded home computers that have broadband connections in their
attacks, turning them into so-called zombies. Typically, the cracker
has full control over the zombie computer. Good security practices
can prevent having your computer being enlisted in a denial of service
Private Network Compromises – These attacks are much more
rare, but much more dangerous than the other types of threats. By
compromising your home computer, a cracker could gain access to
your work network, wreaking untold damage. To prevent this, disable
any automatic logon scripts and never store user IDs or passwords
in a disk file.
Secure Home Networking Practices
There are several things you should do even before you look at
adding additional security tools to your system:
- Don’t leave your system on all the time – If you have
a broadband connection, it’s tempting to leave your computer on
constantly. However, the longer a computer is on, and the longer
it is left unattended, the more likely it is that a cracker can
- Use a Secure Password – This is especially important
if you have a Windows NT or 2000 computer, which are more desired
targets for crackers. You can follow these
rules for creating a secure password you can remember.
- Do Not Save Account Information on Your Computer – And
don’t post passwords on your monitor either, especially if you
have children who may bring friends into your house.
- Back Up Your System Regularly – If a virus or a cracker
wipes out your hard drive, there’s probably a lot you would miss.
Back up your system to Zip drives, tape units, or CDs on a regular
- Do Not Open Attachments From Strangers – In fact, be
suspicious of unexpected attachments from people you know. Many
malware programs use Microsoft Outlook address books to spread
their infection. Check About.com's Infected
Attachments Center if you're at all suspicious of an attachment.
- Check Your Security Regularly – Just because you’re state-of-the-art
secure now doesn’t mean you will always be. Check out your home
security practices on a regular basis, at least twice a year.
- Be Sure Your Family or Household Members Know What to Do
– Educate household members on good security practice and on what
to do if there is a security incident. For example, make sure
they know how to respond if your antivirus software alerts them
to a virus.
The Basic Home Network Security Toolkit
In addition to the preceding good security practices, every home
networker should employ additional security tools. Regardless of
your type of connection, and whether or not you access your work
network from home, you should have these basic security tools installed
and in good working order:
- Up-To-Date Antivirus Software
- The Latest Patches for Your Software
- A Software Firewall
- A Hardware Firewall (for broadband users)
Each tool is considered in more detail in the following sections.
Up-To-Date Antivirus Software
All machines should have antivirus software, which is your inexpensive
first line of defense against malware. Most antivirus software vendors
sell you a package that includes free updates for a year. After
the year is over, be sure to purchase continued antivirus updates.
A virus signatures file contains information that enables your
antivirus software to identify viruses and worms and eliminate them.
Since new malware appears on the Internet almost daily, you should
make sure your signatures are up to date, at least weekly. To be
really secure, update your signatures daily.
Some antivirus software can be set to automatically update the
virus signatures at a certain time each day. Some, like Norton,
can also scan emails before they are put into your inbox
The following commercial antivirus software packages are readily
available either in stores or over the Internet:
- Symantec’s Norton Antivirus 2002 ($49.95)
- McAfee VirusScan Online (2 year subscription $49.90)
- Computer Associates eTrust InoculateIT ($19.95)
The Latest Patches For Your Software
If you use Microsoft software, you can use the Microsoft Windows
Update service at: windowsupdate.Microsoft.com.
The service will identify any required or optional software patches
for your particular system.
The Personal Security Advisor, a free program from Microsoft created
by Shavlik Technologies, can scan your computer for security vulnerabilities
and notify you of the patches you need: www.securemicrosoft.com/scan/start.asp.
Shavlik also has more advanced programs that can actually automatically
update your software with the latest fixes: www.shavlik.com/security/.
A Software Firewall
A software firewall is a program you install on each of your home
computers. All communications with the Internet and with other computers
on your home network, if you have one, must pass through the firewall.
You can determine which programs on your computer you want to access
the Internet (you may be surprised at how many do contact the Internet
behind the scenes) but, more important, you can prevent other computers
on the Internet from accessing your computer.
The best firewalls will notify you if a program you previously
allowed to access the Internet has changed, either due to a software
update or due to modification by a virus or worm.
If you have a software firewall, but no hardware firewall, be sure
the firewall blocks access to your computer on the following ports:
Most hardware firewalls already take care of blocking this access.
See your software firewall's manual for information about blocking
If your organization supports Virtual Private Networking (VPN)
for home users, you’ll want to make sure your software firewall
supports the type of VPN they use.
Gibson Research’s reviews
of personal firewalls are very helpful in deciding which firewall
Note: Gibson does not recommend using one of
the most popular firewalls, Black Ice Defender.
Note: Microsoft’s Office XP Service Pack 1 is incompatible
with Zone Alarm.
A Hardware Firewall
If you access the Internet using a broadband connection (such as
a DSL line or a Cable modem), a software firewall is just part of
the picture. Since broadband users are typically connected to the
Internet longer than dial-up users, and since their high speed connection
makes them more of a target, broadband users should also have a
hardware-based firewall, which sits between you and your DSL router
or Cable modem and protects your home network.
Although a software firewall will keep bad guys from accessing
protected computers on your home network, a hardware firewall can
make your home computer or network invisible to miscreants, and
so they won’t even try to attack. They do this by preventing any
probing of Internet connections, and by translating the IP address
of your computer so all computers on your home network appear to
the Internet as the same address.
The best hardware firewalls will notify you, usually via email,
if an intruder tries a probe or an attack. Some firewalls also offer
wireless connections, although even the best built-in wireless security
protection is insecure. If you want to add wireless network access,
plan on running some other kind of encryption or other security
If your organization supports Virtual Private Networking (VPN)
for home users, you’ll want to make sure your hardware firewall
supports the type of VPN they use.
If you have more than one computer at home, you may want to consider
a hardware firewall/router combination that has more than one port.
The award-winning Linksys unit is probably the most popular of
What to Do If You're Attacked
Once you have the proper defenses in place, you're likely to see
some activity reported by your firewall program. One of the most
likely kinds of incidents is called a port scan.
What You Can Do About Port Scans
You may find that your firewall software reports as many as 15-20
random port scans a day. In order to understand what a port scan
is, you first need to understand what a port is. Ports are connection
points to the TCP/IP networking software of a computer. Think of
them as sockets that other computers can connect communications
Pretty much all communication over the Internet originates from
a specific port on one computer and connects to a specific port
on another computer. There are over 65,000 ports available, but
a handful of ports are very commonly used. Among them are port 80
for Web services, ports 20 and 21 for FTP services, and port 25
or 110 for email services. Here
is a list of commonly used port numbers.
A port scan is an attempt to determine whether a particular port
on your computer accepts a connection. Port scanning software used
by crackers rapidly attempts to connect to many or all of the ports
on your computer. It's akin to burglars trying all the door handles
in your neighborhood looking for one that will let them in.
When a cracker scans your ports, if you are not running a service
on a port and your computer is listening for a connection to that
port, the response to the port scan will indicate that the port
is not open. Thus, a port scan by itself is not a dangerous thing.
It merely means someone is jiggling the door handles on your computer.
Without a firewall, however, it is impossible to close all the
ports on your computer. If you have a Windows computer, there are
a great many ports open that you probably are completely unaware
of. For example, port 139 is used by file and print sharing and
port 135 is the end-point Mapper used by the Domain Name System
(DNS). And of course, if your email software is running, port 25
will be listening for new email. This is why you must have a firewall
in any home system configuration. The right hardware or software
firewall can even make it look like there's no computer at all at
your network address while still allowing your Internet software
So why is your firewall reporting port scans? There are some legitimate
causes for port scanning, such as the equivalent of someone dialing
a wrong telephone number, or your ISP scanning its network looking
for computers that may have been compromised. However, in most cases
port scanning is done by people who are probing your computer (and
probably many others in your network neighborhood) for vulnerabilities.
However, if your firewall or intrusion detection software reports
a scan coming from the same IP address to hundreds of ports on your
computer, this is most likely a cracker at work. You should consider
reporting this activity to your Internet Service Provider (ISP).
Although port scans are not illegal, they are probably a violation
of your ISP's Acceptable Use Policy.
What You Should Do If Your System is Compromised
If, despite following the precautions outlined here, your system
is broken into, your first concern should be to make sure your computer
has not been turned into a "zombie," a computer under
the control of a cracker that is used to attack other computers.
The easiest way to prevent your computer from damaging others is
to disconnect it from the Internet. This should be your first step
if you suspect your computer has been compromised.
You next might consider whether to pursue law enforcement action
against the perpetrators. This is especially a consideration if
your computer was used to breach the security of your employer.
You can report Internet-related crime to law enforcement investigative
authorities at the local, state, or federal levels. The Department
of Justice and the FBI have resources to fight and prosecute computer
crime. You can report the incident to a local FBI office or, if
your area has one, the local FBI Infragard chapter. Infragard is
a public and private alliance to help protect our nation's vital
infrastructures, from dams and power plants to computers and telecommunications.
You can find the Infragard office nearest you at www.infragard.net/.
Infragard is one of the programs of the interagency National Infrastructure
Protection Center (NIPC). You can file a report with NIPC Watch
by calling 202-323-3205 or completing a form available at www.nipc.gov/.
If you think you will want to pursue legal remedies after an attack,
it is very important that you preserve the evidence of the attack.
See the issue of the StratVantage News Summary, You're
Hit What Next?, for more information about preserving evidence.
To Learn More . . .
The Stay Safe Online Campaign, an alliance of the FBI, Department
of Defense, Federal Trade Commission, Microsoft, Cisco Systems,
AT&T and more than 30 others offers a security self test,
advice for beginners and much more on their Web site: http://www.staysafeonline.info/.
For more detailed information, try StratVantage’s Security Resources
version 1.3 Revised 10/3/02
Interested? Drop us a line at support@CTOMentor.com and Burn
Emerging Tech Strategy – Permission Marketing – White
Papers – Newsletters
is a service of StratVantage Consulting,
Copyright © 2002, StratVantage Consulting, LLC. All rights reserved.
Please send all
comments to .
Can't Get Your Wireless Network to Work?
Don't Want to Share Your Internet Connection With Strangers?
We Can Help!
WiMAX Guys™ specialize in getting wireless networks working.
We're experienced, we're quick, and we won't cost you an arm
and a leg. Give us a call today and be surfing the Web from
your easy chair tomorrow.
CTOMentor on eBizQ:
Take Our Survey
on Home Network Use
For More Security Information
If you're not terrified about security, you're not paying attention.™