6.4 Online Safety You May Not Have Considered

‚   ‚   ‚  

6.3 Firewalls

No doubt you've heard about all the evils that lurk online: viruses that wipe out data on your computer, hackers that break into your system, or spyware that surreptitiously tracks what you type. It's enough to make you consider unplugging from the global network and settling for Solitaire on your PC.

A better option is to employ a firewall ‚ a valuable piece of software that guards your computer when you're online. Essentially, firewalls erect a barrier around you while you surf the Internet, blocking malicious intruders from gaining access to your PC. Here are some hints on how to use firewalls ‚ both the one built into Windows XP and a sophisticated version you can download.

6.3.1 A Basic Firewall

For basic PC protection when you're on the Internet, turn on XP's built-in Internet Connection Firewall (ICF). ICF provides nuts-and-bolts security by stopping any inbound Internet traffic you didn't request. In other words, if you want to visit a Web site, check email, or download a file, the firewall lets that data through; but if a hacker tries to sneak onto your system, the firewall makes like J-Lo's personal bodyguard and blocks the way.

Be forewarned that ICF has one very serious drawback: It doesn't protect you against Trojans , which are programs that let someone else take control of your PC. Using a Trojan, a hacker could copy your files or use your PC to launch attacks against other computers. (XP's built-in firewall can't stop Trojans since it only blocks incoming Internet traffic, and Trojans work by making outbound connections from your PC. To stop Trojans, you need to download a firewall like ZoneAlarm, Section 6.3.3.)


Note: If several computers are sharing an Internet connection through a single PC, only the PC that directly accesses the Internet should run ICF. If you do run ICF on the other computers, you can cause connection problems that could block your Internet access or prevent your computers from communicating.

To turn on XP's built-in firewall:

  1. Right-click My Network Places and choose Properties .

    You may have a My Network Places icon on your desktop, but if you don't, you can access it by opening Windows Explorer. My Network Places is near the bottom of the screen.

    ADD-IN ALERT
    Tracing and Monitoring Internet Traffic

    If you want to find out what path your communications take when you connect to a Web site, or figure out where an email message actually came from, here are a few utilities that let you trace your electronic steps across the Internet (when you visit a site, you actually get there via a series a routers , devices that carry Internet traffic). Aside from impressing your geek friends at parties, you can use this info to figure out why Internet communication sometimes takes longer than snail mail.

    VisualRoute . VisualRoute traces the path of data on a world map, so you can see the geographical journey your connection is making. It can also identify the geographical location of any Web site, telling you, for example, that your favorite Italian cooking site is actually based in Beijing. VisualRoute also includes a tool for troubleshooting email problems. ($50 shareware; http://www.visualware.com).)

    NetScan Tools . This suite of tools includes a variety of enhanced Internet utilities for handling commands like Traceroute (which traces the path data takes over the Internet) and Ping (which checks whether an Internet server or Web site is up and running). It can also help you find the names of people who run any Web site. Best of all, NetScan Tools lets you accomplish all this by clicking friendly icons. ($25 shareware; at http://www. netscantools .com).)

    Internet Toolbox . This program lives up to its name ‚ it provides a full kit of network tools. Besides Traceroute, Ping, and similar utilities (described above), Internet Toolbox also has a feature called Connections Watcher, which lets you see who has connected to your computer (either from the Internet or a local network), and what machines you're connected to on the Internet. Other network monitoring tools include Host Monitor, which maintains a log of which machines and servers on your network are working (or not). ($24.95 shareware; http://www.idylesoftware.com).)


  2. In the Network Connections folder that appears, right-click the Internet connection you want to protect with XP's firewall and then choose Properties Advanced .

    If you use more than one Internet connection, you need to set up a firewall for each of them.

  3. In the Advanced tab of the dialog box shown in Figure 6-10, turn on "Protect my computer and network by limiting or preventing access to this computer from the Internet." Click OK .

    That's it. The firewall is now at its post protecting your PC.

Figure 6-10. Activate XP's built-in Internet connection firewall by checking the top choice in this dialog box. The firewall stops unsolicited Internet traffic from getting through to your PC.


6.3.2 How to Bypass XP's Firewall

If you want to run a Web or email server and also use XP's Internet Connection Firewall, you need to tweak some settings because ICF doesn't automatically allow inbound Internet traffic to reach those servers.

Thankfully, there's a way to bypass the firewall and let your Web or email server do their work, while still blocking other kinds of inbound Internet traffic. The solution is fairly straightforward: You can tell ICF to allow only specific types of traffic, such as a Web server, email server, or FTP server. Meanwhile, all unwanted traffic remains blocked from reaching your PC.

To trigger this feature, right-click My Network Places, and choose Properties. Then right-click your Internet connection and choose Properties Advanced Services. (Make sure the connection already uses XP's firewall, as described in the previous hint.) The Advanced Settings dialog box, shown in Figure 6-11, appears. Select the services you want and click OK.

Figure 6-11. You can allow specific services and traffic to bypass the firewall using this dialog box; just select the ones you want to grant the right of way. For maximum, the-Pope-is-coming-to-your-town security, only allow those services you absolutely need (see Table 6-2 for advice).


Table 6-2 lists the services you can let bypass the firewall, and describes what each service does. Note that "msmsgs" ‚ which refers to Windows Messenger ‚ may or may not appear in the dialog box. If you've used Windows Messenger or Outlook Express (which uses some Messenger components ), it should appear. Unlike all the other services listed, Windows Messenger is turned on by Microsoft. All the others are turned off until you decide to turn them on.

Table 6-2. Services that Can Bypass the Firewall

Service

What it Does

FTP Server

Allows others to connect to an FTP server on your PC.

Incoming Connection VPN (L2TP)

Allows access to a Virtual Private Network (VPN) using the L2TP tunneling technology. A VPN is a secure way of connecting to a network over the Internet. L2TP is a specific security technology for VPNs.

Incoming Connection VPN (PPTP)

Allows access to a Virtual Private Network using the PPTP tunneling technology.

Internet Mail Access Protocol Version 3 (IMAP3)

Allows others to connect to an IMAP3 email server on your PC to retrieve email.

Internet Mail Access Protocol Version 4 (IMAP4)

Allows others to connect to an IMAP4 email server on your PC to retrieve email.

Internet Mail Server (SMTP)

Allows others to use a Simple Mail Transfer Protocol (SMTP) server on your PC to send email.

IP Security (IKE)

Allows use of the Internet Key Exchange security technology. Only turn this on if you use software that specifically requires it.

msmsgs

Allows use of Windows Messenger, plus any software that uses its components, such as Outlook Express.

Post-Office Protocol Version 3 (POP3)

Allows others to connect to a POP3 email server on your PC to retrieve email.

Remote Desktop

Allows others to connect to your PC and take control of your desktop using XP Professional's Remote Desktop feature. (This is only available in XP's Professional edition.)

Secure Web Server (HTTPS)

Allows others to connect to a Web server on your PC that uses the HTTPS security protocol.

Telnet Server

Allows others to use a Telnet server on your PC to use your PC's resources.

Web Server (HTTP)

Allows others to connect to a Web server on your PC.


You can allow any service to bypass XP's firewall, not just the ones that first appear on ICF's Services list. To add a new service to the list, click the Add button on the screen shown in Figure 6-11. Enter the name of the service you want to bypass the firewall, the IP address of the PC on your network that hosts that service, and the port number the service uses. If you're not sure what ports the service requires, you can find a complete list of port numbers and what they're used for at http://www.iana.org/assignments/port- numbers . For more information about ports, jump to Sidebar 6-6.

6.3.3 A Better Firewall: ZoneAlarm

XP's built-in firewall has one very serious deficiency: It can't monitor and block outbound traffic from your PC to the Internet. And since Trojans do their damage by installing themselves on your system and allowing others to take control of your PC, XP's firewall doesn't protect you against these surreptitious invaders .

However, there is a firewall that blocks Trojans: ZoneAlarm. Available from ZoneLabs (http://www.zonealarm.com), this firewall comes in three delicious flavors: a free version and two for-pay versions with different levels of protection.

  • ZoneAlarm , the free version, offers excellent protection against inbound threats, stopping Trojans and alerting you when someone is probing your computer. It also provides specific information about the intruder.

  • ZoneAlarm Plus also protects you against email- borne worms and viruses, and offers far superior intruder tracking and reporting. Cost: $39.95.

  • ZoneAlarm Pro does everything its brothers do, plus it gives you control over cookies, stops pop-up ads, and controls rogue ActiveX Controls and JavaScript applets. Cost: $49.95.

At a minimum, try ZoneAlarm. But if you really want more control in protecting your PC from would-be attackers , it's worth paying for one of the more robust versions. Figure 6-12 displays a record of activity that ZoneAlarm Pro has monitored and blocked.

Figure 6-12. Besides keeping your PC safe by blocking certain kinds of Internet traffic, ZoneAlarm Pro also keeps a log of potential intruders and of all activity between the Internet and your PC.


6.3.4 Testing Your Security with Shield's Up

Do you really know how secure your PC is? Probably not. But there's a free online tool that probes your PC for online security vulnerabilities: Shield's Up. Offered by the Gibson Research Corporation, Shield's Up tests your computer to see if it can make connections to some of the most well-known and exposed elements of your PC.

To test your computer using Shield's Up, go to http://www.grc.com and click the Shield's Up link. Once the site runs its tests, it shows you the results and explains what the reports mean ‚ where you're vulnerable (see the box below), and how serious those vulnerabilities are. Figure 6-13 shows the results of probing one particularly well- guarded machine.

Figure 6-13. Shield's Up reports that this PC is operating in "stealth mode," meaning it's not vulnerable to most Internet-based attacks.


Gibson Research Corporation's Web site also has lots of useful information about Internet security, as well as free and for-pay software you can download to help block your Internet ports.

UP TO SPEED
Vulnerable Areas: NetBIOS and Internet Ports

Your PC has a couple of areas that are particularly tempting to hackers: the NetBIOS and the Internet ports. While security software ought to help you protect these things, you'll be better prepared to deploy protection if you understand what you're guarding.

Your PC's NetBIOS (Network Basic Input/Output System) is software that allows your computer to work with other computers on a network. Needless to say, it's important to guard your NetBIOS from unauthorized visitors . If someone did reach the NetBIOS, they would have crucial access

to many areas of your PC, including your programs and files.

Internet ports aren't physical objects; they're virtual connections your computer uses to send and receive data over the Internet. Different Internet services use different ports. For example, you use port 80 to communicate with Web servers when you surf the Web. And the infamous Back Orifice Trojan, which can give malicious hackers complete control over your PC, uses a variety of ports, including 31337 and 31338.



Tip: Once you've seen your vulnerabilities, install a firewall and do another round of tests to see if the firewall makes a difference.


Windows XP Power Hound
Windows XP Power Hound: Teach Yourself New Tricks
ISBN: 0596006195
EAN: 2147483647
Year: 2003
Pages: 119

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net