For years now I have resisted the temptation to get a high-speed Internet
connection for my home. I couldn't really justify the extra money when my
dial-up connection was more then adequate for my needs.
However, the primary
reason that I didn't get it was simply because I was concerned about my computer
being connected to the Internet all of the time. I mean with all of the stories
in the news these days about identify theft and fraud, I didn't really see the
need to take the chance of someone gaining access to my system and stealing my
personal information.
Recently, though, I became involved in a project for my company that requires
me to spend a lot more time online. I also have to review a number of large
documents, which means that my dial-up connection is no longer sufficient. So
now I MUST get a broadband connection.
I understand that there are products that I can purchase that would help
prevent anyone from gaining access to my PC, but I'm still nervous about it. I
discussed the matter with our IT guy and he assured me that everything would be
OK.
He said that most hackers won't even bother with me and focus mostly on
larger, more recognizable targets. He's kind of incompetent, though, and I don't
really respect his opinion in this area. So my question is, is what he's telling
me true? Will a firewall be enough to protect my PC from attack or is there
anything else I can do to make it more secure? Thank you.
One of the biggest misconceptions is that hackers will target only large
companies. The truth is computers get attacked for a variety of reasons. Some of
these include the following:
- Snooping: Reading private mail and other personal files.
- Destroying or corrupting computer data: Making files unusable, or making a
whole computer unusable.
- Stealing computer data: Taking credit card numbers, e-mail addresses,
company information and so on.
- Stopping computers from functioning properly: Blocking incoming traffic so
that intended users cannot get access, etc.
- Misusing computer resources: Sending spam without you knowing it, etc.
- Pranks: practical jokes, breaking in just because it's a challenge.
The bottom line, don't think your network is safe just because you're not
that important or well-known. Assuming that you aren't personally targeted,
moderately secure networks usually cause hackers to attack elsewhere. Yet
attacks can come from many different sources and your computer should be
equipped to deal with each of these types of attacks. For example, your network
firewall (like the one built into your router) is your first line of defense.
A hardware firewall shouldn't be your only defense though. Your PC should also
have a software firewall installed on it. The hardware firewall protects entry
on to your network; the software one will protect your PC itself. It doesn't end
there. Many threats, like virus, trojans and spyware must also be dealt with.
This is why anti-virus software such as Norton Anti-Virus and good spyware
detection packages such as Ad-Aware and Spybot Search and Destroy come in.
However, software alone can do only so much. You must also implement and
maintain good security practices. Computer criminals depend on you to implement
security casually. However, with a little effort, you can be moderately secure.
Remember, there is no way to anticipate or stop every possible attack on your
system, but there are steps you can take that will minimize your exposure. So
here are a few general security suggestions for making your online experience a
bit safer and more secure. You don't need to implement every one of these, but
the more you do, the more secure your network will be.
- Put a good hardware firewall between your computers and the Internet.
NETGEAR, D-Link and Linksys each make good and inexpensive routers. Most are
easily configurable and even provide VPN and
wireless capabilities.
- Use your router to control access using MAC addresses
filter (Media Access Control addresses). This limits which systems can gain
access to your system by only allowing systems you specify to use your network.
- Update your operating system and Web browser. For Windows users, install
"critical updates." If unsure whether an update applies to your computer, you
probably should install it.
- Run virus protection programs on all computers. Set the scan to examine all
hard disks and to continuously examine all incoming files. Check for anti-virus
updates frequently, daily if possible.
- Never leave a password at its default value. Passwords should not be simple:
use characters, numbers and symbols. It's better not to use names or dates you
find easy to remember: your birthday, your girlfriend's name and so on. This is
an example of a good password: kB!3ccsiiz_8 or 4*4zbmn-BXY
- If you have a wireless network, make sure your using WEP or WPA encryption. As with the
password, make sure your using a strong encryption key at the highest bit level
possible. Typically 128-bit. If your hardware supports it, I would further
suggest that you use WPA over WEP. For some information on the differences
between WPA and WEP you can refer this recent Q&A column.
- Never place your primary PC in your router's DMZ or
Demilitarized Zone. A PC at this address is wide open to the world. Unless you
have a reason to use it, your router's DMZ feature should be disabled. (By
default this feature is usually turned off.)
- Limit the shared folders on your network (or turn off file sharing
entirely).
- Turn up your Web browser's security. In Internet Explorer: Go to: Tools
> Internet Options > Security > Default Level > Security level for
this zone. With Internet selected in the top box, make sure the
slider is set to at least Medium. Internet pages will display with few
problems at this level. Setting the slider to High will be most secure,
but some pages will not display.
- Avoid sending personal information over the Internet. Credit cards are a
particular risk: Use a well-known payment system such as PayPal, or send credit
card numbers and the expiration date in separate e-mail messages. However, since
using your credit card online is sort of a way of life for many of us, I would
suggest that you at the very least limit the number of credit cards you use
online. Try to use only one for online purchases and give it a low credit line
($500-$1000). This way at least the damage is limited.
- When browsing, don't accept software — even with a certificate — unless it's
from a company you think is trustworthy.
- DO NOT respond to spam. DO NOT answer messages like "Click
on this link to be removed from our mailing list" — unless it is a company
to which you know you actually gave your e-mail address.
- Running a public server (for example one that hosts games for other people
to use, or one which serves Web pages for public viewing) causes additional
security concerns. Never do this using your primary PC. Use a system that can be
dedicated to the task and never use that system to store any personal
information. This also applies to applications like MIRC or KaZZaA. Try not to
use these on a system that contains personal information as these could also
expose you to risk.
- Finally, for the truly paranoid, remove your network from the Internet — or
turn it off altogether — when it's not being used. While this may be seen as
extreme, it is also unquestionably extremely secure.
I hope you find this helpful. Good Luck!
| Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today! |
IE 7
Firefox 2.0
