General Internet security

General Internet security
Before we get into the security of your wireless LAN, we need to talk for a
moment about Internet security in general. Regardless of what type of LAN
you have — wireless, wired, a LAN using powerlines or phonelines, or even no
LAN — when you connect a computer to the Internet, some security risks are
involved. Malicious crackers (the bad guys of the hacker community) can use
all sorts of tools and techniques to get into your computer(s) and wreak havoc.
For example, someone with malicious intent could get into your computer
and steal personal files (such as your bank statements that you’ve downloaded
using Quicken) or mess with your computer’s settings . . . or even
erase your hard drive. Your computer can even be hijacked (without you
knowing it) as a jumping off point for other people’s nefarious deeds; as a
source of an attack on another computer (the bad guys can launch these
attacks remotely using your computer, making them that much harder to
track down); or even as source for spam e-mailing.
What we’re getting at here is the fact that you need to take a few steps to
secure any computer attached to the Internet. If you have a broadband (digital
subscriber line [DSL], satellite, or cable modem) connection, you really
need to secure your computer(s). The high speed, always-on connections
that these services offer make it easier for a cracker to get into your computer.
We recommend that you take three steps to secure your computers
from Internet-based security risks:
Use and maintain antivirus software. Many attacks on computers don’t
come from someone sitting in a dark room, in front of a computer screen,
actively cracking into your computer. They come from viruses (often
scripts embedded in e-mails or other downloaded files) that take over
parts of your computer’s operating system and do things that you don’t
want your computer doing (like sending a copy of the virus to everyone in
your e-mail address book and then deleting your hard drive). So pick out
your favorite antivirus program and use it. Keep the virus definition files
(the data files that tell your antivirus software what’s a virus and what’s
not) up to date. And for heaven’s sake, use your antivirus program!
Install a personal firewall on each computer. Personal firewalls are programs
that basically take a look at every Internet connection entering or
leaving your computer and check it against a set of rules to see whether
the connection should be allowed. After you’ve installed a personal firewall
program, wait about a day and then look at the log. You’ll be shocked
and amazed at the sheer number of attempted connections to your computer
that have been blocked. Most of these attempts are relatively
innocuous, but not all are. If you’ve got broadband, your firewall might
block hundreds of these attempts every day.
We like ZoneAlarm — www.zonelabs.com — for Windows computers,
and we use the built-in firewall on our Mac OS X computers.
Turn on the firewall functionality in your router. Whether you use a
separate router or one integrated into your wireless access point, it will
have at least some level of firewall functionality built in. Turn this function
on when you set up your router/access point. (It’ll be an obvious
option in the configuration program and might well be on by default.)
We like to have both the router firewall and the personal firewall software
running on our PCs. It’s the belt-and-suspenders approach, but it
makes our networks more secure.
In Chapter 12, we talk about some situations (particularly when you’re
playing online games over your network) where you need to disable
some of this firewall functionality. We suggest that you do this only
when you must. Otherwise, turn on that firewall — and leave it on.
Some routers use a technology called stateful packet inspection firewalls,
which examine each packet (or individual group) of data coming into the
router to make sure that it was actually something requested by a computer
on the network. If your router has this function, we recommend
that you try using it because it’s a more thorough way of performing firewall
functions. Others simply use Network Address Translation (NAT,
which we introduce in Chapter 2 and further discuss in Chapter 16) to
perform firewall functions. This isn’t quite as effective as stateful packet
inspection, but it does work quite well.
There’s a lot more to Internet security — like securing your file sharing (if
you’ve enabled that) — that we just don’t have the space to get into. Check
out Chapter 11 for a quick overview on this subject. To get really detailed
about these subjects, we recommend that you take a look at Home Networking
For Dummies, by Kathy Ivens (Wiley Publishing, Inc.) for coverage of those
issues in greater detail.
After you’ve set up your firewall, test it out. Check out this great site that has
a ton of information about Internet security: www.grc.com. The guy behind
this site, Steve Gibson, is a genius on the topic, and he’s built a great tool
called ShieldsUP!! that lets you run through a series of tests to see how well
your firewall(s) is working. Go to www.grc.com and test yourself.