Conclusion
IN THIS SECTION:
Security
Responsibility
Links
Security
Network security is an interesting thing. It can be complex to the point that entire legions of high paid “network security administrators” spend night and day securing a network against unauthorized intrusion from the outside world. It can be a team of two highly skilled people at UCSC, and most often, it can be you, a veritable army of one. It’s too bad the Army co-opted that phrase, because at a low budget operation, you are the computer hardware, networking, and security person. You won’t have a backup administrator, you might have access to the internet, but hopefully, you’ll have enough of your own common sense to make the right decisions.
Let’s get something clear right off the bat. Network security begins and ends with “strong” passwords. Strong, in this sense of the word, means a password that cannot be easily guessed, either by a persistent person or by an automated program attempting to find the right password using either a “dictionary attack” where common words are repeatedly tried in different combinations, or by a “brute force” attack, where every possible character combination is attempted.
The easiest way to make a password strong is to:
1. Make it obscure
2. Make it alphanumeric
3. Make it at least 7 letters
The easiest way to accomplish this is to think of a phrase and create the password string from it. For example:
My nuclear cat of 3 eyes is an ugly beast
can be a password: mnco3eiaub
using the first letter of each word and the number 3.
If the system will permit it, it is also advisable to use punctuation characters. A period or semicolon is probably your best choice.
A long, obscure, and alphanumeric password will foil simple attempts to guess the password, and will make a brute-force password attack nearly impossible.
Windows NT 4, Windows 2000, and Windows XP can be easily configured to require a password in order to log into the Windows operating system. Additionally, you can password protect the computer boot process itself through the BIOS (see the Hardware Tutorial) so that the computer requires a password when starting up.
Within the scope of our discussion, I recommended
early on in the configuration of the router that you make certain to change
the default password to access the router to a strong password. Many systems
have been hacked simply because the person attempting to gain unauthorized
access has tried the word “password” or “pass”
which is generally the default password for many hardware and software
systems.
Besides strong passwords, a connection to the Internet, through either
Broadband or dial-up poses other inherent risks to security.
Flaws in the operating system of the computer, generally
called “exploits,” or in Microsoft’s terms “known
vulnerabilities” also lead to ways in which somebody can remotely
break into computers connected to the internet. Microsoft operates a website,
http://windowsupdate.microsoft.com
that catalogues these vulnerabilities and allows you to download “critical
updates” which are software packages that fix these vulnerabilities.
In the life cycle of an operating system, at least several exploits are
found each month that are dangerous enough to warrant Microsoft releasing
a critical update. If you connect to the internet, you should check this
site for critical updates about once a month.
Placing a DSL or Cable router between your computers and the Internet is akin to placing a wall between yourself and the outside world. Just as gated communities let people who live inside them pass in and out of the protected area, so do firewalls selectively let information pass between the outside world and your computers on the inside of the network.
With this wall in place, the need to download critical updates is not necessarily reduced, but the chances of your computer being broken into are reduced because it is the router, not the computer, that is facing the outside world. Much exploitation found in the Windows operating system relates to vulnerabilities present especially when the computer is hooked to the internet directly, and not through a firewall.
Viruses spread through e-mail are unfortunately not blocked by a firewall, and can reach your mailbox faster than Microsoft can release a critical update patch (if the particular virus takes advantage of a Windows vulnerability).
To negate the risk of catching a nasty virus, there are two important steps to take. The first is to NOT USE OUTLOOK OR OUTLOOK EXPRESS. Both of these e-mail clients have the nasty habit of automatically opening e-mail attachments, thereby triggering viruses delivered by e-mail. The only fix Microsoft has offered so far is a draconian measure—denying you access to almost every file attachment you receive. This essentially renders Outlook and Outlook Express useless, but safe. The best solution is to use Eudora. The program is probably the best designed and easiest to use program out there, and the best part is, it’s free (basically). Eudora does not automatically open e-mail attachments, but warns you when you are about to open suspicious looking attachments. Eudora can also convert all of your old Outlook e-mail over to Eudora.
The second important step to take is to get virus scanning software. There is a perfectly valid argument/conspiracy theory that virus scanning companies engineer viruses so that you are forced to buy their software to protect your computer. Fine, perhaps it is a conspiracy. But, conspiracy or not, Windows is vulnerable to viruses. Norton Anti-Virus is the least hideous of the virus-scanning packages, but you do have to pay a yearly subscription fee in addition to buying the software itself.
I have listed several links relating to windows security, which should be considered, even when connecting to the internet over a dial-up connection.
I hate to muddy the linguistic waters and complicate your decision-making process, but the third way to protect your computer against viruses is to use an operating system such as Linux, which is free, and not subject to the plethora of viruses running around. The one major drawback to this decision is that, first, you should be fairly comfortable with hardware and software configuration, and second, you should be sure that Linux offers the applications that you need to provide to your users. Weighing the pros and cons of Linux warrants a discussion outside the realm of this particular tutorial, however there are excellent resources on the internet if you wish to attempt such an endeavor.
Your responsibility to the people
that you network
Lastly, and briefly, I want to emphasize an
important point that I feel is often overlooked. When you come to hook
people up to the internet, either though a high speed connection or a
dial-up, and teach them about the web and e-mail, it is also your responsibility
to ensure that they are at least mildly indoctrinated with a safe and
responsible attitude towards the internet in general. I think the primary
rule of thumb to keep in mind is that you rarely, if ever, are able to
surf anonymously. If you hook people up to the internet and they engage
in activities which are illegal in their local jurisdiction, they can
easily be tracked down and held responsible. Personal information should
not be given out over the internet without extreme caution. Credit card
numbers should only be given out over secure connections, and to reputable
vendors. More than anything, a cautious, conservative approach to the
internet is the best. Don’t start a training session with words
like “And now, let’s bid on E-bay.”
Links
DSL Reports-your guide to high speed internet connections, security, etc.
Security from the source of all this insecurity-Microsoft
A decent, third party Windows security site
One of the most comprehensive, user contributed networking sites on the web