If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
network security
once you set up a network is it also vulnurable to the outside world. When
you enable file sharing and printer sharing are then inviting if you dont do it right other people to mess with your stuff. do the firewalls also protect from informaton of yours leaking out. I jsut want to make sure I dont open everyhting up to the whole world. i want to protect the ntwork as best as possible thanks |
Ads |
#2
|
|||
|
|||
network security
On Tue, 15 Mar 2005 13:27:03 -0800, "jfreddie"
wrote: once you set up a network is it also vulnurable to the outside world. When you enable file sharing and printer sharing are then inviting if you dont do it right other people to mess with your stuff. do the firewalls also protect from informaton of yours leaking out. I jsut want to make sure I dont open everyhting up to the whole world. i want to protect the ntwork as best as possible thanks What devices connect your computers to the internet? Do you connect thru a NAT router? If you don't, then get and use one. Today. A NAT router is the first layer in a good layered defense. Each layer is necessary because no layer produces complete protection. One NAT router protects your entire LAN. It prevents your shared files, and other personal information, from leaking out to the internet. The second layer is a software firewall, or a port monitor like Port Explorer (free) from http://www.diamondcs.com.au/portexplorer/index.php?page=home. See various discussions in comp.security.firewall for good advice on choosing a firewall. A software firewall can selectively block incoming or outgoing traffic, and a port monitor can at least let you know what's going on. You need a software firewall on each computer in your LAN; in case one computer gets infected, a software firewall on the others could save you a lot of trouble. The third layer is good software, also on each computer. This layer has multiple components. AntiVirus protection. Realtime, plus a regularly scheduled virus scan. Regularly updated. AV protection is not all that's needed today. Adware / spyware protection. Realtime, plus a regularly run adware / spyware scan. Regularly updated. Complete instructions, using Spybot S&D and HijackThis (both free) are he http://forums.spywareinfo.com/index.php?showtopic=227. Harden your browser. There are various websites which will check for vulnerabilities, here are three which I use. http://www.jasons-toolbox.com/BrowserSecurity/ http://bcheck.scanit.be/bcheck/ https://testzone.secunia.com/browser_checker/ Consider using an alternative browser, like Firefox, for the majority of your browsing activities. http://www.spreadfirefox.com/?q=affiliates&id=4507&t=61 Block Internet Explorer ActiveX scripting from hostile websites (Restricted Zone). https://netfiles.uiuc.edu/ehowes/www/main.htm (IE-SpyAd) Block known dangerous scripts from running. http://www.javacoolsoftware.com/spywareblaster.html Block known spyware from installing. http://www.javacoolsoftware.com/spywareguard.html Make sure that the spyware detection / protection products that you use are reliable: http://www.spywarewarrior.com/rogue_anti-spyware.htm Harden your operating system. Check at least monthly for security updates. http://windowsupdate.microsoft.com/ Block possibly dangerous websites with a Hosts file. Three Hosts file sources I use: http://www.accs-net.com/hosts/get_hosts.html http://www.mvps.org/winhelp2002/hosts.htm (The third is included, and updated, with Spybot (see above)). Maintain your Hosts file (merge / eliminate duplicate entries) with: eDexter http://www.accs-net.com/hosts/get_hosts.html Hostess http://accs-net.com/hostess/ Secure your operating system, and applications. Don't use, or leave activated, any accounts with names or passwords with trivial (guessable) values. Don't use an account with administrative authority, except when you're intentionally doing administrative tasks. The fourth layer is common sense. Yours. Don't install software based upon advice from unknown sources. Don't install free software, without researching it carefully. Don't open email unless you know who it's from, and how and why it was sent. The fifth layer is education. Know what the risks are. Stay informed. Read Usenet, and various web pages that discuss security problems. Check the logs from the other layers regularly, look for things that don't belong, and take action when necessary. -- Cheers, Chuck Paranoia comes from experience - and is not necessarily a bad thing. My email is AT DOT actual address pchuck sonic net. |
#3
|
|||
|
|||
network security
Hi.
For real adequate protection you have to use a Cable/DSL Router which provides NAT-Firewall, and few other security measures. In addition each computer on a Peer to peer Network should have software Firewall, Anti-Virus, and AntiSpyware protection. If already upgraded to WinXP SP2 you can use the new Software Firewall, it provides a Good Flexible Protection. Add to it Microsoft AntiSpywa http://www.microsoft.com/athome/secu...e/default.mspx And you are basically set. For additional issues and solutions look he Internet -Basic protection: http://www.ezlan.net/firewall.html Internet Infestation: http://www.ezlan.net/infestation.html Basic Steps in cleaning Internet "Junk" - http://www.ezlan.net/clean.html Jack (MVP-Networking). "jfreddie" wrote in message ... once you set up a network is it also vulnurable to the outside world. When you enable file sharing and printer sharing are then inviting if you dont do it right other people to mess with your stuff. do the firewalls also protect from informaton of yours leaking out. I jsut want to make sure I dont open everyhting up to the whole world. i want to protect the ntwork as best as possible thanks |
#4
|
|||
|
|||
network security
chuck thanks for all the information greatly helpful...I as for the Nat
router how do you find that out. I am using a D-Link Di-524 router, are you able to tell if that is sufficent for the first layer. if you get one of these other firewalls do you disable the windows firewall. thanks for everything "Chuck" wrote: On Tue, 15 Mar 2005 13:27:03 -0800, "jfreddie" wrote: once you set up a network is it also vulnurable to the outside world. When you enable file sharing and printer sharing are then inviting if you dont do it right other people to mess with your stuff. do the firewalls also protect from informaton of yours leaking out. I jsut want to make sure I dont open everyhting up to the whole world. i want to protect the ntwork as best as possible thanks What devices connect your computers to the internet? Do you connect thru a NAT router? If you don't, then get and use one. Today. A NAT router is the first layer in a good layered defense. Each layer is necessary because no layer produces complete protection. One NAT router protects your entire LAN. It prevents your shared files, and other personal information, from leaking out to the internet. The second layer is a software firewall, or a port monitor like Port Explorer (free) from http://www.diamondcs.com.au/portexplorer/index.php?page=home. See various discussions in comp.security.firewall for good advice on choosing a firewall. A software firewall can selectively block incoming or outgoing traffic, and a port monitor can at least let you know what's going on. You need a software firewall on each computer in your LAN; in case one computer gets infected, a software firewall on the others could save you a lot of trouble. The third layer is good software, also on each computer. This layer has multiple components. AntiVirus protection. Realtime, plus a regularly scheduled virus scan. Regularly updated. AV protection is not all that's needed today. Adware / spyware protection. Realtime, plus a regularly run adware / spyware scan. Regularly updated. Complete instructions, using Spybot S&D and HijackThis (both free) are he http://forums.spywareinfo.com/index.php?showtopic=227. Harden your browser. There are various websites which will check for vulnerabilities, here are three which I use. http://www.jasons-toolbox.com/BrowserSecurity/ http://bcheck.scanit.be/bcheck/ https://testzone.secunia.com/browser_checker/ Consider using an alternative browser, like Firefox, for the majority of your browsing activities. http://www.spreadfirefox.com/?q=affiliates&id=4507&t=61 Block Internet Explorer ActiveX scripting from hostile websites (Restricted Zone). https://netfiles.uiuc.edu/ehowes/www/main.htm (IE-SpyAd) Block known dangerous scripts from running. http://www.javacoolsoftware.com/spywareblaster.html Block known spyware from installing. http://www.javacoolsoftware.com/spywareguard.html Make sure that the spyware detection / protection products that you use are reliable: http://www.spywarewarrior.com/rogue_anti-spyware.htm Harden your operating system. Check at least monthly for security updates. http://windowsupdate.microsoft.com/ Block possibly dangerous websites with a Hosts file. Three Hosts file sources I use: http://www.accs-net.com/hosts/get_hosts.html http://www.mvps.org/winhelp2002/hosts.htm (The third is included, and updated, with Spybot (see above)). Maintain your Hosts file (merge / eliminate duplicate entries) with: eDexter http://www.accs-net.com/hosts/get_hosts.html Hostess http://accs-net.com/hostess/ Secure your operating system, and applications. Don't use, or leave activated, any accounts with names or passwords with trivial (guessable) values. Don't use an account with administrative authority, except when you're intentionally doing administrative tasks. The fourth layer is common sense. Yours. Don't install software based upon advice from unknown sources. Don't install free software, without researching it carefully. Don't open email unless you know who it's from, and how and why it was sent. The fifth layer is education. Know what the risks are. Stay informed. Read Usenet, and various web pages that discuss security problems. Check the logs from the other layers regularly, look for things that don't belong, and take action when necessary. -- Cheers, Chuck Paranoia comes from experience - and is not necessarily a bad thing. My email is AT DOT actual address pchuck sonic net. |
#5
|
|||
|
|||
network security
On Tue, 15 Mar 2005 16:39:02 -0800, "jfreddie"
wrote: chuck thanks for all the information greatly helpful...I as for the Nat router how do you find that out. I am using a D-Link Di-524 router, are you able to tell if that is sufficent for the first layer. if you get one of these other firewalls do you disable the windows firewall. thanks for everything A DI-524 is a WiFi NAT router, and will adequately protect you from hostile internet traffic. It won't protect your individual computers from each other, nor will it completely protect you from the wireless neighborhood. The Windows Firewall will protect each individual computer from the others, and to a slight amount, from the wireless neighborhood. If you wish to share files between your computers, you should enable the File and Printer Sharing exception. The wireless neighborhood is another story. Here's a story about somebody's very stupid wireless neighbor. Don't expect all wireless neighbors to be this stupid. http://www.canoe.ca/NewsStand/LondonFreePress/News/2003/11/22/264890.html. The point is, you need to protect a wireless LAN with more precautions than just the NAT protection on the router. Change the router management password, and disable remote (WAN) management. Enable WEP (minimal) / WPA (preferable). Use non-trivial (non-guessable) values for encryption. (No "My dog has fleas"). The DI-524 will do WPA-TKIP. Use it. Enable MAC filtering. Change the subnet of your LAN - don't use the default. Disable DHCP, and assign an address to each computer manually. Install a software firewall on every computer connected to a wireless LAN. Put manually assigned ip addresses in the Local (highly trusted) Zone. Open the firewall for file sharing, only in the Local Zone. Don't disable SSID broadcast - some configurations require the SSID broadcast. But change the SSID itself - to something that doesn't identify you, or the equipment. Enable the router activity log. Examine it regularly. Know what each connection listed represents - you? a neighbor?. Use non-trivial accounts and passwords on every computer connected to a wireless LAN. Disable or delete Guest userid, if possible (XP Home is a bad choice here). Rename Administrator, to a non-trivial value, and give it a non-trivial password. Never use the Administrator renamed account for day to day activities, only when intentionally doing administrative tasks. Stay educated - know what the threats are. Newsgroups alt.internet.wireless and microsoft.public.windows.networking.wireless are good places to start. -- Cheers, Chuck Paranoia comes from experience - and is not necessarily a bad thing. My email is AT DOT actual address pchuck sonic net. |
#6
|
|||
|
|||
network security
chuck wrote:
Secure your operating system, and applications. Don't use, or leave activated, any accounts with names or passwords with trivial (guessable) values. Don't use an account with administrative authority, except when you're intentionally doing administrative tasks. Chuck can you explain this part a little more for me if you can. Especially teh last sentance. What do yo mean about, dont use an account with administrative authority, except when you are intentionally doing admin tasks. If you can tell me a little more that wuld be great. All the other info that you have helped me with is great and I appreciate it so much thanks jake frederick |
#7
|
|||
|
|||
network security
On Thu, 17 Mar 2005 03:49:04 -0800, "jfreddie"
wrote: chuck wrote: Secure your operating system, and applications. Don't use, or leave activated, any accounts with names or passwords with trivial (guessable) values. Don't use an account with administrative authority, except when you're intentionally doing administrative tasks. Chuck can you explain this part a little more for me if you can. Especially teh last sentance. What do yo mean about, dont use an account with administrative authority, except when you are intentionally doing admin tasks. If you can tell me a little more that wuld be great. All the other info that you have helped me with is great and I appreciate it so much thanks jake frederick Jake, A lot of malware tries to install itself into the operating system, and needs administrative privilege during the process. If you surf to a website with malevolent code on it, and it installs code on your computer, the install proceeds under your privilege level. If you're not an administrator, the install will fail and your computer will remain cleaner. Intentional installs of any complexity require that you close all open applications, and when you're done, they will restart the computer to finish the install. The less applications you have running during an install, the cleaner the install will be, which may result in less problems in the future. And the install will run faster too. Separating your web surfing, from administrative tasks like installs, makes sense. 1) Surf the web with user privilege. 2) When you're ready to install software, restart the computer, login as an administrator, do the install, and restart the computer again. 3) Login as a user, and resume surfing the web. The less holes you have in your system security the better. A lot of hacks start with trying to guess the password for well known accounts like "Administrator" or "Guest". If your Administrator account is named "Administrator" and has a password of "password", the hack will succeed. If you change the administrator account name to "AdM1N1StRaT0R" and give it a complex password like "AlZm12Zz!@#$%^&*()_+", you'll make it a lot harder for the hacker (or his hack program, since a lot of hacking is done using software). Of course, it will take a little longer for YOU to type the name in too. YMMV. If you have Windows XP Pro, and use non-Guest authentication, get rid of the Guest account. Or do like some sadistic administrators do, leave the Guest account there, with no password, and give it NO access to anything. -- Cheers, Chuck Paranoia comes from experience - and is not necessarily a bad thing. My email is AT DOT actual address pchuck sonic net. |
#8
|
|||
|
|||
network security
Jake, also have a good read here.
http://blogs.msdn.com/aaron_margosis...17/157962.aspx _________________ Eric Cross Microsoft MVP (Windows Networking) http://mvp.support.microsoft.com "Chuck" wrote in message news On Thu, 17 Mar 2005 03:49:04 -0800, "jfreddie" wrote: chuck wrote: Secure your operating system, and applications. Don't use, or leave activated, any accounts with names or passwords with trivial (guessable) values. Don't use an account with administrative authority, except when you're intentionally doing administrative tasks. Chuck can you explain this part a little more for me if you can. Especially teh last sentance. What do yo mean about, dont use an account with administrative authority, except when you are intentionally doing admin tasks. If you can tell me a little more that wuld be great. All the other info that you have helped me with is great and I appreciate it so much thanks jake frederick Jake, A lot of malware tries to install itself into the operating system, and needs administrative privilege during the process. If you surf to a website with malevolent code on it, and it installs code on your computer, the install proceeds under your privilege level. If you're not an administrator, the install will fail and your computer will remain cleaner. Intentional installs of any complexity require that you close all open applications, and when you're done, they will restart the computer to finish the install. The less applications you have running during an install, the cleaner the install will be, which may result in less problems in the future. And the install will run faster too. Separating your web surfing, from administrative tasks like installs, makes sense. 1) Surf the web with user privilege. 2) When you're ready to install software, restart the computer, login as an administrator, do the install, and restart the computer again. 3) Login as a user, and resume surfing the web. The less holes you have in your system security the better. A lot of hacks start with trying to guess the password for well known accounts like "Administrator" or "Guest". If your Administrator account is named "Administrator" and has a password of "password", the hack will succeed. If you change the administrator account name to "AdM1N1StRaT0R" and give it a complex password like "AlZm12Zz!@#$%^&*()_+", you'll make it a lot harder for the hacker (or his hack program, since a lot of hacking is done using software). Of course, it will take a little longer for YOU to type the name in too. YMMV. If you have Windows XP Pro, and use non-Guest authentication, get rid of the Guest account. Or do like some sadistic administrators do, leave the Guest account there, with no password, and give it NO access to anything. -- Cheers, Chuck Paranoia comes from experience - and is not necessarily a bad thing. My email is AT DOT actual address pchuck sonic net. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Symantec virus protection window turned off pop up window how to turn off ? | Plasma BOY | Windows XP Help and Support | 19 | January 1st 07 06:19 PM |
XP File Sharing/My network places | CMF | General XP issues or comments | 4 | November 19th 04 03:43 PM |
Sharing & "Entire Network" ?? | Jim | Networking and the Internet with Windows XP | 11 | September 25th 04 10:24 PM |
PC Magazine article on Win XP SP 2 security hole | CMAR | The Basics | 1 | August 26th 04 05:46 AM |
Network Cable Unplugged Error | Alan | Networking and the Internet with Windows XP | 2 | August 23rd 04 07:36 PM |