Web Technical Notes

Home & Small Installation Security

Syestem Security Essentials

Security is probably the number one topic about which all web users are aware. Many users have taken concrete effots at securing their systems, but many others remain at a loss as to how to proceed. Here are some explanations and suggestions about what is needed and how to do it. For nearly any task, freeware is available, and appropriate recommendations are included.

Firewalls

Really one of the most essential internet security devices, a firewall is a piece of software through which all traffic, incoming and outgoing, must pass. Imagine the firewall sitting (imagine it physically sitting) between the computer and the connection to the internet. In reality, logically, that is exactly what it is doing.

Firewalls may seem mysterious, but they are very simple to install and configure. A basic rule of thumb is that if a program is not absolutely trusted, it cannot go through the firewall. Internet Explorer and Mozilla are fine, but set the firewall either to deny or to ask first for most other software. That's it: firewall configured!

Free Firewalls

• Long-time standard free firewall, Sygate Personal Firewall, is no longer available, as Sygate has been acquired and is no longer in the firewall business, but the software is still available for download from a number of freeware sites: do a search and a number or sources will be located.
• Zone Alarm from Zone Labs is currently available and supported; it is free for individual and not-for-profit charitable entity use (excluding governmental entities and educational institutions).

Virus Protection

Even before the need for firewalls, most people were at least vaguely aware of computer viruses. Internet worms and other such creations were roaming around the internet long before Mosaic brought the internet and the world wide web to everyone's awareness. The term "virus" encompasses a broad range of computer infections, some just innoccuous pranks and some truely malevolent. At its worst, a virus replicates itself, passing from one machine to another, and has the potential to destry data on infected systems. Even when not destroying things, a virus can bring a system to a crawl simply by consuming bandwidth and CPU usage.

In order to protect against potential catastrophic system damage, virus protection programs scan files for signs of infected code. The protection programs are constantly updated to keep up with creative virus creators, and the best ones can catch infected code "on the fly," that is, before it actually lands on one's hard disk or executes.

Free Virus Protection

• Grisoft provides to home, non-commercial users a free version of their very highly regarded commercial product.

Spyware Protection

Like a virus, spayware is undesirable software that ands on ones computer. Unlike a virus, spyare may have some legitimae uses, although legitimatte is in the eye of the beholder. Many web sites (not this one) plant a tracking mechanism, often a browser "cookie," on a visitors machine. The cookie tracks the users' activity. It can also harvest additional information. Security sensitive users may not wish to have any of their activity traced. At worst, a significant amount of personal data may be harvested by spyware.

Free Spyware Protection

There are a number of free spayware programs available, each with some advantages and drawbacks, and none totally comprehensive on its own. The following good options are available:

• Spybot Search and Destroy, an extremely well regarded product
• from Grisoft is the companion program to their virus protection software
• from Lavasoft is Ad-Aware SE Personal, which is also bundled by Google as part of Google Pack, their essential software package

Each of these programs may be installed and run together, which would provide excellent overlap in protection.

System Optimizers

These utilities fall into several fields, but most repair and optimize your computer by cleaning unneeded code from the system, eliminating erroneous entries from the registry, deleting unused files, and otherwise seeking to reduce the unnecessary "junk" on the system. Some also delete sensitive files or even overwrite the erased aea to reduce or eliminate the liklihood of data recovery.

Free System Optimizers

• from Iobit is Advanced WindowCare V2 Personal
• the oddly named CCleaner, which can be a bit trick to configure but which is very comprehensive
• from Heidi Computers is Eraser

Wireless Security

Laptop users, and even some desktop users, connect to the internet over wireless connections to their local router. Communicating directly between ones router and computer with no security protocol is of course possible. This runs two risks, however.

One risk is that without limiting contact with the router, any number of unknowns may connect and utilize the system. As an operational issue, this may cause the systems to slow as bandwidth is taken by these additional users. Also, who knows what these users may be doing?

A second risk is that data passed over the wireless connections may be intercepted. It is not very likely that this would happen, as such "packet sniffing" is not a trivial undertaking. Nevertheless, a lot of the software is free and has legitimate uses as well as personally invasive uses.

To minimize these problems, several options exist:

• Secure access to the system.
  1. Wired Equivalent Privacy (WEP) provides comparable confidentiality to a traditional wired network. Since superceded, WEP still provides a level of security that can deter casual snooping.
  2. The follow-up to WEP was Wi-Fi Protected Access (WPA); now production as WPA2, this provides essentially fully secure transactions.
• Limit access to the system.
  1. Routers may provide for many clients to access the network. By limiting access, by limiting the number of machinges accessing, xome control over the network may be maintained. Dynamic Host Configuration Protocol (DHCP) is an Internet protocol for automatically assigning IP addresses. This may be turned off in the in the router, with only pre-assigned IP addresses allowed for connection. This is a somewhat primative means of access control.

Disclaimer

As noted above, some of the software requires configuration, which may be a bit tricky. Through misconfiguration, data loss is possible. Doc Steve assumes no responsibility for any losses incurred from the use of any of the software listed above.

Key Links