Lock Down Your PC

3. Network Defense

You meet the biggest threat to your computer when you connect it to the Internet. Given the huge volume of well-crafted worms and infectious spam, it's a wonder more computers haven't turned into zombies obeying the commands of malicious hackers. Here's how to prevent your PC from joining the digital undead.

Put a firewall on every PC: Regardless of its connection type--dial-up, broadband, or wireless--any computer that connects to the Internet needs a firewall to protect it from attacks over the network and rogue programs sending data out. In fact, your best bet is to use two firewalls: an external, hardware firewall, such as the kind built into most wired and wireless routers (and some cable or DSL modems); and a software firewall that runs on your PC, watching your applications.

In addition to blocking unsolicited incoming and outgoing traffic, hardware firewalls provide Network Address Translation. NAT, in combination with the router's built-in Dynamic Host Control Protocol (DHCP) server, masks your true IP address from computers outside your local network, making your PC nearly impossible to target. Because hardware firewalls are the first line of defense against incoming attacks, properly configuring them in accordance with the manufacturer's documentation is crucial. In particular, you have to create a strong administrator password to prevent someone from taking control of your firewall.

Software firewalls protect you from inside threats--viruses, Trojan horses, and spyware--that may come to reside on your PC. For more details on both types of firewalls, including a list of four free software firewalls, see the December 2003 Internet Tips column.

Whitfield Diffie, Chief Security Officer, Sun Microsystems: "To protect yourself fully, the right thing to do is to replace Windows with a Unix-like operating system, like Linux, Mac OS, or Solaris."
Photograph: Eric Butler
Spurn spyware: If new programs unexpectedly show up in your taskbar or browser toolbar, you've probably been stung by some form of adware or spyware. To avoid spyware, watch out for unwanted components while installing freebies, and use free anti-spyware utilities like PepiMK Software's Spybot Search & Destroy and Lavasoft's Ad-aware. Commercial keylogging software--spyware installed on your PC by a boss, spouse, or other snoop when you're not around--is harder to detect and remove. See this month's Internet Tips for advice on tracking it down and removing it.

Boost wireless network security: Wireless networks are a wonderful innovation, but they're also a security nightmare because they have no boundaries. Anybody who lives, walks, or drives within radio range of your wireless hub can probably hitchhike on your wireless LAN, if you never change its default settings. Here are a few basic steps for safer wireless networking:

  • Set your wireless access point or router so it won't broadcast its SSID (the access point's name). Most access points are set by default to send a short announcement every few seconds to any computer within range. If you turn yours off, passers-by might bypass your Wi-Fi.
  • Change the default SSID. Even if your router isn't broadcasting its SSID, the default ones used by major manufacturers are common knowledge to people experienced at borrowing connections from others. Changing even one character of this name makes it harder for unauthorized users to tap into your broadband.
  • Encrypt your connection with WPA (the newer, more secure method) or WEP (an older, less secure, but still useful scheme). The toughest level of protection your access point can handle, and a hard-to-guess passphrase, will stop all but the most determined data snoops. If your access point or router lacks WPA, you might be able to get it with a firmware upgrade from the manufacturer.
  • Enable media access control filtering. Each wired or Wi-Fi network card has a unique MAC address. You can set your access point to grant wireless network access only to computers with MAC addresses you specify (see the April 2003 Internet Tips for more MAC filtering advice).
  • Be careful when you use public wireless networks. Other users can easily capture your passwords when you check your e-mail, and they can also read e-mail messages and other data you transmit or receive. If your office has a VPN, by all means use it whenever you're on a public Wi-Fi network. If a VPN isn't possible, ask your ISP about secure mail server log-in options, or use a secure Web-based e-mail interface. If you have Windows file sharing turned on, your café co-denizens can browse those shared files and folders; to prevent this, you'll need to disable file sharing, remove the shared resources, or block access with a software firewall.

Browse more securely: Internet Explorer is the world's most widely used Web browser. Advertisers, spammers, and con artists have learned to take full advantage of its ability to shower you with pop-up ads and "helpers" that hijack your home page, install adware, or steal data.

You can block many of these threats by boosting IE's security and refusing to install the ActiveX controls that Web sites ask you to download (see the September 2003 Internet Tips for specific steps to tighten IE's security settings). Better yet: Switch to an alternative browser that doesn't support ActiveX controls, such as Mozilla.org's Mozilla or Opera Software's Opera.

Don't mess with spam: Your e-mail in-box is probably the most dangerous thing on your computer, harboring viruses, worms, and phishing attacks--messages designed to trick you into revealing passwords, credit card numbers, and other personal information. Here are a couple of ways to reduce your vulnerability:

  • Use an antispam program, such as the PC World Best Buy, Sunbelt Software's IHateSpam for Outlook, to block most spam.
  • Never launch a file that's attached to an e-mail message unless you are absolutely sure it's safe.
  • Configure Windows to keep virus-bearing attachments from masquerading as safe file types. In the Control Panel, open Folder Options, click the View tab, uncheck Hide extensions for known file types under 'Advanced settings', and click OK.

Process-monitoring utilities, such as the freeware TCPView from Sysinternals, can show you which programs have made connections to the Internet, and which are just listening for them.
Process-monitoring utilities, such as the freeware TCPView from Sysinternals, can show you which programs have made connections to the Internet, and which are just listening for them.
Figure out which program is blabbing: Even if your computer seems not to be doing anything, you might see modem lights blinking. Often this is just because an automated process is downloading software updates or performing some other housekeeping procedure. But occasionally, it can indicate that your PC has been taken over by an outsider, and is communicating with its digital overlord.

With Windows XP, you can nail down the programs and find out who they're talking to. While connected to the Internet, choose Start, Run, enter cmd in the 'Open' field, click OK, and then enter the command netstat -no; in response, Windows will list all the active network connections, including your IP address, the destination IP address, and the process identifier (PID) number of the program on your computer that is making the connection. Every running program, even if it is running in the background, gets a unique PID. (In case you're curious, the address 127.0.0.1, which shows up frequently in these lists, just means "your PC".)

In this screen shot

Until Windows XP, without a special utility you couldn't figure out which programs were communicating with other computers over the Internet. Now you can use the command line and Task Manager.
, one program, using PID number 476, has connections open to three different computers. To figure out which program is associated with a particular PID, you need to see the Processes list in Task Manager (press Ctrl-Alt-Del and click Task Manager). Select the Processes tab. Scanning down the PID column for the system in the screen shot reveals that PID 476 is none other than the IM software Trillian (whew). Sysinternals' free TCPView utility will show you the same thing in one handy utility, as will most firewalls' application logs.

If you see a program whose name you don't recognize, don't panic: Many Windows components have oddball names. Check the WinTasks Process Library, or look up the file name on Google; if you discover a worm or Trojan horse, update your antivirus software, cut off your online and network connections (pull the cord out of the back of your PC if you have to), and do the most thorough scan possible. In an extremely rare, worst-case scenario, you may not be able to remove the malware; you might have to format your hard drive and reinstall Windows from scratch.

Subscribe to the Security Watch Newsletter

Comments