Broadband Security Solutions for Protecting Your Connection & Computer

Broadband Security for Home and Small Office Computers

Part 2 of 2 - Solutions for Protecting Your Broadband Connection & Computer
<< Previous

Introduction

In the previous part of this series, (Learning About Security Breach Methods) we discussed at a high level many different ways in which criminals & fraudsters could use our computers and broadband connections against us. Having read all of this, you might be forgiven for wondering if, when there are so many determined attempted intrusions, connecting to the Internet at all is safe. Well, it can be if we are aware of the risks and take reasonable measures to protect our computers.

The technology with which to protect & secure our computer systems is freely available. It's only a question of knowing where to get it and how to configure and maintain it.

In this part of our security article, we touch on some key aspects of securing our computer systems and broadband connections.

Go to contents
Broadband security solutions

Contents

Objective

By the end of this article, you should be able to understand and implement appropriate and sufficient security measures to protect your computer and broadband connection from external and internal intrusion attempts.

Physical Security

No discussion on security would be complete without a statement of one of the most important (but often overlooked) aspects of computer security:- Physical Security.

How safe is your computer from being accidentally compromised by your work colleagues or, if at home, your loved ones? For example, one of the "pranks" played by several ex-fellow co-workers of mine was to send emails from another colleagues' workstation using their logon identity. Whilst these antics were always good natured and harmless fun, this type of intrusion could be more damaging for a business if the intent were more sinister in nature.

For home users where computers are frequently shared, are you aware of what gets downloaded & installed on the home computer? One of the classic ways for spyware and trojans to get onto a computer is by "piggy backing" them onto mostly useless system utilities such as "download accelerators". Younger members of the family might be tempted to download and install these types of programs, thus unknowingly installing malware programs on the family computer.

There are some simple best practices to think about for home and office workstations:-

  1. In an office environment, never leave a workstation unsecured whilst logged on. In most operating systems, it is an easy thing to lock a workstation when you are away from it. (In Windows XP, pressing the Windows Key Windows Key + L instantly locks a workstation.
  2. At home, educate computer users in the risks of downloading and installing "free" software from the Internet. If in doubt, I find that the old phrases “If it looks too good to be true, it probably is” and /or “There is no such thing as a free lunch” work well! The reality is that no-one will give away "free" software. You either pay directly for quality software or you pay indirectly with unauthorised tracking of your computer habits.
top

Anti-Virus

By now, most people know that having some form of Anti-Virus software is essential. However, many virus infections still occur on computers running anti-virus programs. Why might this be?

The answer is almost always that the infecting virus was not recognised by the anti-virus software. Why? Because the anti-virus software had not been regularly updated to include details of the new threats. It is essential that anti-virus software be updated regularly with the latest virus information (sometimes called "definitions"). These updates are readily available from the anti-virus software vendors and most now have automatic update technology built in so that updates occur seamlessly in the background and with minimal fuss.

top

Firewalls

Having firewall protection gives you essential protection from both external and internal threats. Firewalls can protect you in the following ways:-

top

Windows XP Built in Firewall

Windows XP Built-In Firewall

Windows XP comes with its own built in firewall. In the latest service packs, the firewall option is ON by default however, it's worth knowing that the option is there and that it is enabled.

In the diagram, you will notice that the firewall is OFF. This is because, in the computer from which this screen was taken, we are using an alternative firewall (Norton). More on this below.

Bulldog
top

Other Software Based Firewalls - Norton

Norton Firewall
Broadband-help.com recommends: Norton Internet Security 2006

Norton antivirus ships with its own internal firewall protection.

The protection is more flexible than that provided with the default Windows XP offering. It allows specific rules to be set up for specific programs.

Norton isn't the only firewall out there. Some other popular ones are:-

The brand of firewall chosen isn't important compared to the need to actually have one installed!

top

Router Configuration

Router configuration example

The diagram shows a configuration screen from a hardware router (a DrayTek). The important things to note are the ability to configure block & pass rules for specific ports.

Router configuration can be quite complex and a detailed discussion is outside of the scope of this article. For most home users, it is often far simpler to install and configure software based firewalls such as Norton (above).

For businesses with perhaps many individual workstations connected to a single broadband router, it is important that effort is made to configure the router rules appropriate for your infrastructure. The investment in expertise to either hire in external resources or train internally is not a luxury but rather a necessity.

top

Diligence

So far, we've talked about technology solutions to computer intrusion. No computer security discussion would be complete without mentioning one of the most important aspects of being safe online. That is the area of "Diligence" (or, by another phrase, Common Sense).

Now that we are becoming more aware of the ways in which online fraud and crime occurs, it is easier for us to spot intrusion attempts and respond appropriately. Our Common Sense should tell us that it is risky to download dubious "free" software from the Internet. Also, our Common Sense should tell us to respond NO to any popup windows asking if we would like to install such & such ActiveX control (more on this later).

Our Common Sense (Diligence) and awareness should be our first line of defence against attempted computer security breaches.

top

Web Browser

The tool we choose to browse the Internet with can have a significant impact on the security risks that we run whilst online.

Criminals and hackers are always trying to find devious new ways to exploit security gaps in Internet Browsers.

Any software of more than trivial complexity will always have bugs. This is an accepted fact of software development (hence why we have alpha, beta and release phases to software development. Anyone ever heard of a "service pack"? Well this is additional testimony to this fact). It is these bugs (or perhaps omissions) that leave us open to security exploits.

The most popular Internet Browser currently on the market is Microsoft Internet Explorer (IE). Being the most popular browser, it has become the focal point for intrusion attempts by hackers. As such, Microsoft does its best to keep up with the exploits and releases patches frequently and where appropriate. You download these patches via the Microsoft Windows Update facility.

The security breaches in Microsoft IE don't make it a bad browser (although version 6.x seems to have been around for ever and is starting to show its age) but the fact is that, when looking at pure statistics, IE users run a higher risk of a security breach.

top

Choosing a Web Browser

We can work around the security risks of IE as there are several excellent alternative browsers out there:-

top

Cookies

Cookies are small text files placed on your computer when you visit a website. They are used for things like login pages and statistical tracking.

Cookies are usually fairly benign but can be used to track your internet activity without your consent. Most reputable websites will have a privacy policy (click here to read ours) explaining how and why they use cookies.

top

Active Components (Java & ActiveX)

Firstly, what are "Active Components"? They are components that are designed to deliver rich functionality. They achieve this by bypassing the limitations of browser technology and installing as separate programs on a computer. A good example is Macromedia's Flash Player which is installed on almost every computer. It allows for delivery of rich and interactive multimedia content in small file sizes appropriate for internet delivery.

Components can exist as either "ActiveX" (Microsoft's IE technology) or as Java Applets (Sun technology, supported by most browsers including IE).

Whilst components can deliver enriched user experiences, they can be, by their very nature of being programs be exploited to mediate intrusion attempts from outside sources. Both ActiveX and Java are capable of running under security contexts that have "elevated privileges" to a computer file system. Simply put this means that they can potentially have access to the files on a computer!

How can we manage components? The industry has put in place standards that help us decide what is a good as opposed to bad component. It works like this:- An author of a component signs up to a voluntary code of practice that states that they are "trustworthy". A component author is deemed "trustworthy" against criteria put in place by the major technology vendors.

A "trustworthy" component author then "signs" their component with a digital signature confirming their identity. This is basically to re-assure users that, should a component mess up a computer system, the component author can be identified, located and ultimately held responsible.

Components (specifically ActiveX components) therefore fall into two categories:-

Trusted
Means that a component has been digitally signed and it's author can be held responsible for malicious activity on a computer system.
Un-trusted
Means that the component author has not confirmed their identity and cannot be held to account for malicious activity on a computer system.

To demonstrate how the system works, let's take an example.

Example Scenario of a Successful Intrusion Using ActiveX Technology

As a software author, I have the tools and capability to create an "ActiveX" component. Using this technology, I could create a control and place it on my website. (Let's call my imaginary website http://www.im-a-nasty-villian.com - Purveyor of all things nasty and villainous). It would take me about a day to write such a component.

You find my website whilst doing some innocent research using your favourite search engine.

Using IE, you click the link in the search engine and head towards my website. On arriving, the home page loads and you are confronted with a popup that says something like “Alert:- this webpage is attempting to download an unsigned ActiveX control to your computer. Do you want to allow this? Yes | No (Recommended)”

You are sick and tired of Popup Windows on the Internet and just want rid of these annoyances. You therefore click YES without reading the notice in detail.

As a criminal (still hypothetical remember :) ), it's pay day for me! My component that you've very kindly installed on your computer now has full access to your files. Exciting for me! Where to first then? Perhaps have look in your Outlook files, maybe lots of personal / bank information in there! Perhaps I'll just search your hard drives looking for personal letters instead!

Alternatively / additionally, I could write a small process that just captures and forwards your key strokes on your keyboard without your knowledge.

Once I have the information that I'm looking for, I'm going to send it across the internet to a remote database using a fairly inconspicuous IP port that wouldn't show up in your firewall software (if you have any!).

In my database now, I have an ever increasing list of personal information such as bank & credit card numbers and other such information that I can either sell onto the criminal community for a profit or use directly for my own personal gain. Not bad for around a days work huh?

About the Example Above

Ok, scenario over. Chilling stuff huh? The concerning thing is that this is not just theory. It's happening for REAL, right now. Innocent users are victims of increasing levels of online fraud.

IE Security Settings

The diagram shows appropriate minimum security settings for IE version 6.

Unsigned ActiveX controls cannot be installed. However, if you use a shared computer, there are no reasons why other users can't turn this security down (especially if encouraged to do so by malicious websites). Please check this setting frequently or perhaps consider an alternative browser.

top

Scripting

JavaScript is the most popular scripting language for Internet Browsers. Almost all Internet Browsers (at least all of the graphical ones) support JavaScript.

We all take scripting for granted these days. We expect to see image rollovers, quick jump menus, moving menus and such like on most websites. All of these effects use scripting technologies to achieve the desired affect (i.e. to enrich the user experience).

If you've read this far, you'll be familiar enough with the authors style by now to know that, yes you guessed right, this technology can be exploited for intrusion too! On a relative importance, scripting attacks are relatively insignificant compared to the others thus far mentioned. However, attacks are still possible. Search the Internet for the keywords "Cross Site Scripting" for more information.

Scripting technologies have become so widespread and embeded into core functionality of our most beloved websites, that it is pretty much a requirement to have scripting enabled on Internet Browsers these days.

However, like all security related issues, it is worth being aware of the risk (albeit relatively minor).

top

Secure Browsing

In our section on part 1 of this feature Packet Sniffing (Eaves Dropping), we learnt how it is possible for a malicious hacker to intercept and exploit data travelling between our computer and a web server.

Example of HTTPS

To prevent eaves dropping on our personal information, we use secure web browsing that encrypts data between our browser and a web server.

We know that we are using a secure connection by two things:-

HTTPS in the Address & or title of the web browser
Highlighted in red in the diagram
An icon in the bottom right of the Internet Browser.
The diagram shows the popular padlock icon used in IE (Highlighted in red).

With secure web browsing, it's virtually impossible for hackers to intercept and find any meaningful data. This means that, with secure web browsing enabled, it's quite safe to bank & shop online in confidence.

top

EMail

Email is probably one of the least secure methods of communicating on the Internet. See our previous feature for more information.

There are two things that we can do with email:-

Don't send personal information by email
Items such as personal details (names, addresses etc) and especially bank / credit card data should never be sent by email.
Encrypt emails
Details of how to do this are outside the scope of this article. Perhaps we'll run a detailed feature in the future.
top

Further Encryption & Anonymous Surfing

When you use your Internet Connection you leave a trail of computer records that can be used to provide audit information of where you've been browsing, for how long and which pages. This even applies for https connections.

Your Internet Provider may be required to hold this information for a period of time. Whilst many people don't have a problem with others recording their online activities, for many this represents a fundamental intrusion of the right to privacy.

There are ways with which to maintain your privacy whilst online. Whilst not strictly security related (this relates more to privacy than anything else), it is mentioned here for completeness.

It is possible to avoid Internet usage recording by using commercial proxy servers. For more information, please read this for more information.

Whilst the service comes at a premium, it is useful to those of us who simply don't enjoy the thought of others being able to snoop on our online activities for either personal or commercial reasons.

top

Cleansing "Spyware"

Spyware is another potential avenue for unauthorised access into computer systems.

Getting "spyware" under control is a relatively simple affair. All we need to do is to run frequent scans of our computer systems using the right tools. Fortunately, the right tools come mostly free at the moment. Please see below for some alternatives:-

top

Conclusion & Recommendations

Having read this article and it's predecessor (Learning About Security Breach Methods), you should now be able to:-

The following recommendations for implementing computer security summarise the article:-

By having a basic understanding of computer security and knowing how to minimise our risks, we can now hopefully feel at greater ease whilst using and enjoying our broadband connections both at home and in the office.

top

Related Articles

<< Read the previous part (Learning About Security Breach Methods)
Page copy protected against web site content infringement by Copyscape
© Broadband-help.com 2008

This article is copyrighted. No part of this text can be reproduced without express permission of Broadband-help.com.

Home|About|News|Reviews|Broadband Deals|Compare|Tools|Contact Us|Privacy Policy|RSS|Site Map
© 2000 - 2008 Broadband-help.com
Design and software by Rolosoft.com