Technology:Network issues and firewalls

Previous: Technology:The Anti's (Virus, Spyware/Malware etc.) AusPhotography Guide to Safer Computing Next: Technology:Backup and Recovery
This page is a chapter in the book AusPhotography Guide to Safer Computing.
Internet Service Provider (ISP)

There are some things you can do to improve safety in your ISP setup. My ISP (Internode) and many others provide online tools for the management of your account and service setup.

The features I have turned on (and can be fined tuned) are:
a) Spam detection (and flagging) - Emails that maybe spam are either held (and I can clear them, or sent through but have additional text advising they maybe spam)
b) Email virus scanning - stops most viruses before they get to my computer
c) Port blocking (common TCP/IP ports used for attack are blocked)

Using these features supplied (usually at no cost) by your ISP can reduce the amount of junk email and the common vulnerabilities.

Firewall

Should I use firewall software? If your are directly connected to the Internet (dial-up and some USB ADSL devices) or have a wireless connection then you should use firewall software, otherwise if you use a NAT based connection (see below) you don't get any significant benefit from firewall software.

The basic firewall supplied with Windows XP and improved in Vista is sufficient to prevent unwanted incoming connections.

What is a NAT Firewall/Router/Gateway? "NAT" stands for "Network Address Translation", which is used to "map" the private IP addresses of individual computers on a local network, to a single IP address (the "NAT's address") on the Internet. Many providers use this to remap their end-consumer IP addresses to the Internet. Many small networks (SOHO and home private networks) use NAT to remap their home or office machines through a DSL (or DSL/Wireless) modem to the Internet.

A NAT firewall, router or gateway is simply a piece of equipment or software that makes the bridge between your local network and the Internet, and makes all of the connections appear to be from the NAT address, not the local address of the LAN computer.

This means (unless ports are opened specifically) no external computer can connect to your computer. Which is why I advise that you don't need firewall software hen using a NAT based connection to the internet.

Wireless Network Security

The proliferation of wireless interent access at home, in the office, and even in public places are partly due to the convenience of ubiquitous connectivity that our society craves and the partly due to the low cost of these devices.

If you are lucky enough to have an organization that uses wireless networking to give you wireless internet access but not lucky enough to have the infrastructure/budget to support the advanced wireless security solutions on the market today; don’t despair.

As with all things security there is no silver bullet that will make you 100% secure, but if you follow the basic tenets of defense in depth, you can go a long way in protecting your assets. There are some basic configuration changes that you can make to increase security your wireless access point (AP) and wireless Internet. Most of these features should in built into your AP so consider these items as free things you can do to be more secure.

Change the Default Administrator Password. This rule could as easily apply to your home alarm system as your wireless AP. The default passwords of all the major vendors APs are well known and are the first ones tried by would be crackers. Some vendors APs will allow you to also change the username of the default administrator user. Change both if possible and in following safe computing practices do not set the password to something easily guessed such as name of the company, street address, etc.

Enable Encryption. Without the infrastructure/budget to implement one of the advanced wireless solutions, we are left with Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA) security protocols. Both security protocols encrypt your data so that only the destination of your data can read it. WPA and WPA-2 are more secure protocols and were developed to address security issues with WEP. The drawback to WPA is that not all older models of wireless network cards support WPA. If you have a requirement to support older wireless network cards, use the highest level of WEP (128 bit) encryption available. WEP encryption can be broken and as such only use WEP if no other secure alternatives exist. WEP is better than nothing, but use WPA/WPA-2 if you can. We recommend a passphrase of at least 14 characters (mixed upper, lower, numeric and special) for wireless security.

Should I Use MAC Address Filtering? Often recommended but I don't. It is too much hassle for not enough benefit. I can run Net stumbler and know your MAC addresses within 10 seconds.
Note: Every computer (or laptop) has a network card (or wireless card), and each of them has a unique number called a MAC address. Most wireless APs support MAC address filtering for Internet access. MAC address filtering limits computers you select to be able to connection to the AP. You enter the MAC addresses of the computer you want to be able to get wireless access so no other computer can use the access point.

Change the System ID (SSID). All wireless APs come with a default System ID called a Service Set Identifier (SSID) or Extended Service Set Identifier (ESSID). Similar to the default administration password the default SSIDs for wireless manufacturers are well known to crackers and are an easy target. But given the ease of finding SSIDs there is no significant security value in changing this name; other than making your network name meaningful to you. My home wireless network happens to be 'Farnet'.

Should I Disable SSID Broadcasts? Again - no. These can be found in less than 10 seconds using freely available software.

Log and Check Logs. Logging on these wireless devices range from basic to robust. Log as much as you can and check them as frequently as reasonably possible to ensure that any security attempts and violations are caught. Do this if you are paranoid or bored.

Defend your PCs! While it might not seem to belong in the wireless security configuration section; the last line of defense should be the PC. Anti-virus, anti-spam, personal firewalls are all great ways to further the security of computers connecting to the wireless AP and help prevent the spread of Trojans, worms, and viruses to others connected to the wireless AP.

Conclusion. All of the wireless internet routers you might buy will have included features to make your wireless internet access secure. Take a look at the features and see which ones make sense for you.


______________________
This is a good read (it applies to almost everyone) http://blog.internode.on.net/2010/05...curity-basics/
Previous: Technology:The Anti's (Virus, Spyware/Malware etc.) AusPhotography Guide to Safer Computing Next: Technology:Backup and Recovery

Posting Permissions

Posting Permissions
  • You may not create new articles
  • You may not edit articles
  • You may not protect articles
  • You may not post comments
  • You may not post attachments
  • You may not edit your comments