The Internet is the primary source of conveyance for almost all of the attacks on your computer. Someone may be trying to break in to steal information or a worm from another infected computer may be trying to use the latest exploit to infect your box as well. So how do you protect your Internet connection? That is the topic of this entire chapter. I am going to show you how you can test your computer and see how vulnerable it actually is. Then you'll find out how you can use the firewalls to build a "brick wall" around you computer. Additionally, you'll discover how you can protect yourself from other Internet threats such as spyware and what to do to clean up an infection.
The first step in securing your Internet connection is detecting where you are vulnerable. Your specific network setup (for example, if your computer is behind a hardware firewall or router) will affect how exposed your computer is. For example, if you have a high-speed broadband connection and share it with more than one computer in your home using a router, your computers are already better protected than a computer that is just directly connected to the Internet. By default, most routers act like a firewall blocking all external Internet traffic from coming into your home network. However, if your laptop is infected and you plug it into your home network, all of the machines become vulnerable because the threat is now inside your firewall. I go into more detail of how firewalls work in the next section but first, let's test your connection to see how exposed your computers are to attacks from both the Internet and from other machines on your internal network.
Ports are the gateways inside your computer. When a computer program wants to communicate with a remote computer, it makes a connection to the remote computer through a port that it will use to talk with the computer. Each computer has thousands of ports-65,535 to be exact. You can think of the different ports of a computer as a bunch of different mailboxes. When a program wants to send data to a remote computer, it sends it to a specific port (mailbox) number. Then, provided that a program is on the remote computer that is set up to receive data at a particular port (mailbox), the remote computer can then work with the data it was sent.
Theoretically, nothing is wrong with this scenario. In the real world, however, applications don't always work this way. Applications are not perfect, nor are they always efficient. Sometimes, they are sent data that they are not programmed to receive, which can cause errors and unexpected behavior that may execute the code a remote attacker is sending it. The result is that a remote attacker can gain access or infect your computer using the flaw in the application. The technical name for data sent to a program that results in bypassing security is an exploit.
Now that you know the basics of how attacks work, you will use various utilities to check for open ports that allow other users to connect. In theory, if you have no ports open, then it is next to impossible to break into your computer. To detect the open ports on your computer that are open to the entire Internet, it is best to use a web-based port scanner. If your computer is on an internal network and is behind a firewall or router, a software-based port scanner will show you what ports are open internally.
First, let's check your external port exposure, which everyone on the Internet can see. To do this, you will use a web-based port scanner. Various Web sites offer such scanners and are also free of charge. I personally like to use http://www.GRC.com to do my testing. Follow these steps to test your external connection:
Open a copy of either Internet Explorer or Firefox and navigate to http://www.grc.com/x/ne.dll?bh0bkyd2.
When the page loads, click the Proceed button.
Click All Service Ports to begin the scan.
When viewing the results, make sure that everything is in the green or blue. You do not want any ports to be open, which is indicated with red.
Depending on the results of your test, if you have any ports that are open, you can find out how to close those in the Firewall section. But first, if you are connected to an internal network, it is a good idea to test your internal vulnerability. As I mentioned earlier, it is best to use a software port scanner for testing your internal vulnerability. For this test, I am going to show you how to use Axence NetTools, a comprehensive network tools suite with a fast port scanner. To get started, visit http://www.axencesoftware.com/index.php?action=FreeNT and download the latest copy of NetTools. Then follow these steps to scan your computer's local ports:
After you have downloaded and installed Axence NetTools, click the Start button, type nettools in the Search box, and then press Enter.
After NetTools starts, click the Scan Host option on the far right of the icon bar.
In the address box, type localhost. If you want to scan a different computer, you can type the IP address of any computer in this box.
Set the port range for it to scan. In NetTools you have five options: Services, Ports (Well known), Ports (Well known-extended), Ports (Range), and Ports (Trojans). For this section you are going to use Ports (Range) to scan all possible ports. The other selections scan only the more popular ports where known applications are running. If you want a quicker scan, I recommend using Ports (Well known-extended). Because you want to do a complete scan here, select Ports (Range). The two ports boxes will be enabled. Enter 65535 in the end port box so that it goes through all possible port numbers.
Press Scan next to the address box and watch the results appear, as shown in Figure 15-1.
Figure 15-1: Using NetTools to find open ports on your PC
It can take over an hour to scan all 65353 ports on your computer, depending on your hardware. Once it is finished, you will have a list of all ports that are open in your computer. You will find out how to close these ports in the next section, "Using a Firewall."
The new Security Center in Windows Vista is another easy way to find out if all of your "essential" protection software is installed and running. It is important to have your firewall running, virus software, spyware protection and other security features set up and running at all times to defend your computer against whatever tried to attack it. The Security Center provides a quick overview that you can check to make sure you are fully protected.
Using the System Center is very simple. Just click the Start button, type Security Center in the Search box, and then press Enter. When it loads, any alerts will be expanded for you to see. If everything is in the green, you are set. If not, pay attention to the recommendations so that your computer is as secure as possible.