This book provides what we hope is a simplified approach to home network security. Our aim is not to make you a security expert or a network expert or an expert on any other topic. We would, however, like to arm you with some amount of knowledge and know-how so that you can adequately protect your assets (monetary and computer) and identity, which are both at risk when you connect your computer to the Internet. Some level of risk is always present while on the Internet, but the danger can be mitigated. Without knowing what the threats are and how to protect yourself against them, you put yourself in an unnecessarily risky position. Most books on security try to hook you with fear: fear of hackers, fear of viruses, fear of some digital terrorist stealing your credit card numbers and buying an island in the Caribbean. Our approach is different. The best tool for fighting fear is knowledge; knowledge of the real threats (not the hype), knowledge of the types of security available, and probably most important, knowledge of what to do to keep yourself reasonably safe from threats. We provide this knowledge in the form of actionable steps that you can take to protect yourself. Ten things that, if done correctly, will keep you safe against the most common threats, attacks, hacks, and scams. Will following these 10 steps make your home network 100 percent bulletproof? Not a chance. The only true way to be 100 percent bulletproof is to turn off your computer and bury it in the backyard. But if you do follow these 10 steps, it will give you a reasonable level of security, keeping you about as safe as one can be without becoming a full-fledged security expert and spending a bunch of money. Why Do I Even Need Network Security in the First Place?We promised not to jump on the fear-mongering bandwagon, but we do need to help you 1) recognize that threats do exist and 2) understand the nature of the threats so that you can adequately protect yourselves against them. First things first: the threats. Unless you have been living in a cave for some time (and even then, maybe), you have surely heard about the threat of computer viruses, worms, hackers, scams, and identity thefts. Internet security is big news, and also big business. On a corporate level, companies must protect themselves against intrusion attempts aimed at gaining secret information, and against attempts to shut down corporate websites that provide both the face of a company and a revenue conduit. On the home network side, individuals must protect their personal information, protect their computers from corruption or from being taken over, and protect against others accessing their networks to download illegal or illicit material (or just annoying the heck out of you with endless spam). If you do connect to the Internet, sooner or later you will see every threat and hack attempt there is. Well, you'll see it if you take no precautions. If you follow the steps we lay out, you will either stop them in the act by recognizing the threat and acting accordingly or prevent them from happening at all and not even be bothered by it. Threat CategoriesOne of the things that we have noticed in most of the books and articles on home network security is a lack of any explanation of the different types of security threats. This is a pretty serious issue because many nonexperts lump every type of threat into something called "security," which often leads people into thinking that one type of security solution, say a firewall, will protect them from all the bad stuff out there. This is a big mistake. There are several different types of security threats and one or two things that you can and should do for each type of threat. To help you sort it out, we have grouped threats into four basic categories: connection-based threats, access-based threats, software-based threats, and victim-enabled threats. Each threat category is described here. Connection-Based ThreatsA connection-based threat is an attack that is directed through your Internet connection. This threat exists because high-speed Internet is always on (unlike dialup, which you set up, use, and then break the connection when finished). Hackers typically look for open IP addresses (which represent your location on the Internet) using tools that randomly look for an open connection into an unprotected home network. When hackers find an open network, they can do a number of bad things, including but not limited to, searching through and possibly deleting personal information and files; or using your computer to launch attacks against other home, commercial, or government networks. This latter form of activity is called a redirect attack, a tactic hackers use to protect their own identity and location. Access-Based ThreatsAn access-based threat usually results from using a wireless networking device in your home. Just about every wireless router on the market today is made to work right out of the box. This is great for getting your wireless networking up and running quickly, but the only way to make it that easy for you is to turn off all the security features, which makes is easy for everyone else in range of the router to gain access to your network, too. The usual result of not guarding against this threat is that you end up providing all the people around you with free Internet access. This may or may not be an issue for you, but you are also vulnerable to some hackers who can access your files or monitor your network traffic looking for passwords and personal information such as credit card numbers. There is also the risk that someone might be looking to download illicit, indecent, or illegal (sometime all three simultaneously) material from the Internet through your network rather than their own, just in case the feds or someone else come looking for them. Software-Based ThreatsThis is probably the threat most people are familiar with. The category includes viruses, worms, spam, spyware, adware, and Trojan horses. Most of the time, these types of attacks are more of an inconvenience than anything else, but the annoyance factor gets pretty high when you get 100 or so unsolicited e-mails every day or if a virus copies your entire contacts list and starts sending copies of itself to everyone you know. Some viruses, though, can damage your computer or files, or worse, deposit a Trojan horse that enables a hacker to take remote control of your computer. All should be guarded against. Victim-Enabled ThreatsThe Internet is a scam artist's paradise. Along with the usual array of rip-off scams, the Internet allows thieves to wrap themselves in legitimate-looking letters, web pages, and other wrappers that make it hard for the casual observer to tell the difference between legitimate and illegitimate sites and sources. The good news is that it takes a victim's participation to enable these threats. Unlike the other threats that require hardware or software, this type of threat can usually be solved with a simple set of rules for answering account questions and some education on how to avoid biting on the bait. In addition to identity theft, there is also good old-fashioned theft (someone taking your laptop), so we also provide you with some tips on how to keep folks from cracking your passwords. Some of the threats we discuss actually fall into more than one category, and we point those out to you as we go. In addition, we have put a little summary box at the beginning of each chapter that describes the threat, what the issues are, and what you can do about it. What's to Come?The rest of this book is set up such that each chapter provides a security tip that you should follow. In each chapter, we describe the category of threat protection and give an example or two of common threats. Nothing too deep, as you really do not need to know, for example, how a virus works in a detailed way; you just need to know how to recognize the threat and, most important, how to protect yourself against it. We also provide a detailed explanation about how to use the hardware, install the software, what to be suspicious of, and when to unplug everything and maybe just go outside and play with the kids. We recommend that you follow all 10 tips because they all guard against different threats within the 4 threat categories. To get you started, here is an illustration that describes each threat and shows you the relevant topics. After that, we get right to the business of keeping you, your stuff, and your bank account safe from the bad guys. Housekeeping StuffThis book focuses on the Windows operating systems, and all screen shots were taken from computers running Windows XP Home Edition. If you are not running Windows XP Home Edition, you can still follow the recommendations and tips for the chapters where changes or setups are made or where directory paths are followed. The general steps still hold, but the directory paths and filenames might vary. Your User Manual or help files should help get you where you need to go. In some places, we give special instructions for other operating systems, too. We also had to make some decisions regarding what type of hardware or programs to install as examples. These are our obvious recommendations, but we also mention good alternatives regarding security equipment or programs. In most cases, turning on the security measures we point out with any equipment fitting the category will be a huge step up from doing nothing at all. When we do make a recommendation, it is usually based on price and performance reasons. We are not being paid by any of the vendors we refer to in the book, and we do not endorse any particular products. When we do call out and show examples with a specific product, it's because we need to show a tangible example to illustrate how to protect against the security threat being discussed. Feel free to try out the products we show or research and try others. |