Print
Discuss
Send to friend
RSS feedsThe luxury of having an always-on broadband internet connection brings with it increased risks to your online security.
Primary risks
An always-on PC is an attractive target for those up to mischief on the internet. Risks include attempts to make use of services like shared drives that might have inadvertently been left open to the internet.
Technically, there are also potential problems when connected to the internet by modem, but with an always-on broadband connection, the threat is magnified. A broadband-connected PC tends to have the same internet protocol (IP) address for longer periods than a dial-up user, which gives attackers a 'sitting duck' target.
Debate rages about the relative security of different operating systems. While some are better than others, rarely should internet security be the primary factor when choosing an operating system. In any case, the basic steps in securing all operating systems are the same. Initial configuration and proper maintenance are equally important.
Disabling unnecessary services
The first step is to consider what services any PC you're connecting to the internet needs to provide. Do you need to run Internet Information Server (IIS) on Windows for serving web pages or file transfer protocol (ftp)?
Whenever you plan to connect a machine to the internet, and before you do, the first step should be to disable all unnecessary services.
As operating systems and server software spend more time in production, new security problems often come to light. These are usually publicised by organisations like CERT and on sites such as SecurityFocus.
Tracking these sites, responding to alerts and diligently applying security patches are all vital to maintaining system security. Once the operating system and server software are properly configured, the next step is adding a firewall, which limits network access to a particular system (or systems).
Packet filtering
The most basic type of firewall is a packet filter, which allows or rejects packets received based on the characteristics of the incoming packet - the IP address from which it claims to originate or the transmission control protocol port number to which it's bound, for example.
Packet filters don't inspect the data in a packet, nor do they understand the concept of a conversation (or 'connection'). Each packet is treated individually. A more sophisticated mechanism than packet filtering is 'stateful inspection'.
Besides basic packet filtering, the firewall tracks actual connections, such as the steps required to connect, request and download a web page. This allows more sophisticated filtering and tracking.
Both packet filtering and stateful inspection only monitor traffic as it arrives or passes, rejecting it or allowing it to continue to its destination.
Proxy firewalling sits in the traffic path and doesn't allow any traffic to pass through. A request for a web page on the other side of a proxy firewall goes to the firewall, but it's this that actually requests the page from the server behind, which it then returns to the client.
Windows and Linux have various options for firewalling. Windows 2000 includes packet-filtering functions, but these aren't trivial to administer, whereas Windows XP provides the Internet Connection Firewall, which offers a good basic level of protection and needs minimal configuration.
For all versions of Windows, a variety of third-party firewall tools are available. For single PCs or home networks, tools such as ZoneAlarm are ideal.
Linux 2.2 kernels provide packet filtering using IP Chains. The 2.4 series takes this further with the IP Tables tool, which provides full stateful inspection. There are several front-end interfaces to both IP Chains and IP Tables, which can be found at Freshmeat.
Red Hat and several other distributions include firewall setup in the installation process, which avoids the need for designing and editing rule sets by hand.
Once you've configured your firewall, it's a good idea to make sure that it's working. There are several free scanners available on the internet that'll sweep your machine (harmlessly) and report on what services and ports are open.
A very good example is scan.sygate.com, but there are a number of others. You can download tools to do this yourself and there are many Linux distributions that come with penetration testing tools like nmap, which provide an excellent auditing resource.
Advanced users, or those with more esoteric requirements, will need to learn how to construct firewall rule sets from scratch. But be careful before jumping into a detailed setup, as it's easy to inadvertently leave vulnerabilities open.
All Home Networks
del.icio.us
Digg this
reddit!
