I was fortunate to learn about the security (or lack of) of a full time connection shortly after I was connected to my cable modem service. The folks at my previous cable modem ISP, MediaOne, were on the ball and alerted me to the fact that their networks were being hacked via my proxy server and told me what to do about it.
If you take the time to read all the pages on this topic, you should have a nice, secure shared Internet connection. However, if you're in a hurry, here's a guide to what's here:
You can ignore the information in these pages that refers to Microsoft Networking related problems. However, you should get your LAN behind a firewall by either installing a hardware router or a software router and second Ethernet adapter in the computer that is running the router. The ThreeMacs site has more Mac-specific Network and Internet security information.
It doesn't take a full-time connection to be hacked!
Read this information about how I recently ended up with the netlog worm on my dialup connected system!
So the precautions in this section apply to you whether you are connected via a full-time or connect-as-needed dial-up connection. Do yourself and your ISP a favor and read all the information on this page to make sure your LAN is secure from intruders!
There are many things you can do to secure your network, depending on your level of paranoia, and how much money you have to spend. But if you do nothing else, do the following two things and in most cases, you will be 95% of the way to a secure network!
a. Separate your LAN onto its own network.
Sharing your connection via the multiple IP method does not provide the protection of a separate LAN.
All of your computers (and the data that passes between them if you are sharing files or printers) are directly connected to the Internet!
If you are using the Multiple IP method to share your Internet connection, it is very important that you follow the instructions in the Should I use NetBEUI section to secure your LAN. You should also share only what you need to, and have strong password protection on anything you share.
b. Unbind Microsoft Networks from TCP/IP on any Network
adapter that is connected to the Internet
If these services are "bound" to (or running on) the TCP/IP protocol for any adapter that is connected to the Internet, you are asking for unwanted visitors.
Fortunately, it's easy to fix this situation. Just open the TCP/IP properties for the copy of TCP/IP that is bound to the Network adapter that connects you to the Internet. Uncheck Client for Microsoft Networks and File and Printer sharing for Microsoft Networks as shown in the screen shot below. Also uncheck Microsoft Family Logon if it is present. Close the TCP/IP properties, close the Network Control Panel, and let the machine reboot.
Go to this page.
Chances are that even if you have only one computer, you probably have unnecessary software running that can make your PC a target for unwanted visitors. Add a full-time, high speed connection to the equation, and you may already have been visited!
The most effective action you can take in this case is to remove Microsoft Networking from your PC entirely. (Don't worry, it's easy to restore if you need it.) Just open the Network Control Panel, select Client for Microsoft Networks as shown below, and click the Remove button on the Network Control panel. Click on OK to close the Network Control panel and let your machine reboot. That's all there is to it!
For most people, following the two steps in Section 2 above will take care of securing their network. This is because most sharing methods (with the exception of using Multiple IP addresses) have some sort of mechanism (usually referred to as a firewall) that rejects any requests for data that come from the Internet. This keeps the "bad guys" out.
However, some people need to allow requests for data originating from the Internet reach computers on their LAN. Examples of this are:
In this case, you need to selectively open holes or ports in the firewall, so that the desired requests can reach the appropriate computers on your LAN. How you do this depends on the product your are using to share your connection, and is beyond the scope of this page, but is covered over in the Special Applications page. The important thing about opening ports through your firewall is that each one is a potential way for unwanted users to access your computers.
If you must open holes in your firewall, then it's important to move up to the next level of protection. This would include:
Another alternative is to put all services that need to be accessed from the Internet on one computer and put only that computer on the Internet side of the firewall. The safest way to do this is via direct physical connection to the Internet access point.
If you're unfamiliar with servers and ports, then proceed with caution or don't run them on your network. You also should read the information in the Proxy server section below.
This section has been moved to this page.
Visitors to the ShieldsUp site often run the Shield Test and Port Probe and get a "closed" status vs. a more desirable "stealth" status. What does this mean and why does it matter?
What a "stealth" report means is that when the particular port is probed, no response is returned from your computer to the computer doing the probe. A "closed" report means that your computer responds to the probe by replying that the port is closed.
In either case, the computer doing the probe (or any other computer that attempts to gain access to your computer) cannot access your computer via the probed port. So why is "stealth" more desirable?
It all depends on how determined someone is to gain access to your computer. When your computer responds that a port is closed, it is verifying that it exists. Port scanners keep track of the IP addresses and ports that they get responses from and discard the ones that they don't receive a reply from. (This is similar to email "spam" techniques, which is why you should never respond to a "spam", even if the email is telling you that they'll remove you from their list if you respond or click on a web link.) Theoretically, the scanner could return to your IP address again and again, "rattling the doorknob" and waiting for the one time that you leave the door open.
In reality, many of the port scans or probes are done by people who download the programs and don't really know what they're doing with them. It's also a very big network out there with plenty of IP addresses to scan, many of them probably much more interesting than yours. And remember, your ports are closed and there are plenty of open ports out there!
In addition, let's say you go to all the trouble of achieving "stealth" mode for your LAN, but then open ports in your firewall or place a computer outside the firewall via a router's "DMZ" mode or its equivalent. As soon as you do that, you'll be visible to scanners and potential attacks, and you actually have open ports!
So if you get a "closed" status from one of the port probe programs and you don't open holes in your firewall, there's no need to jump through hoops to achieve "stealth" mode. You'll be just fine. If you do open holes in your firewall, better read the Accessing your LAN from the Internet section, because you're the kind of computer that the port scanners are looking for!
This topic is covered on this page.
A good selection of Security related links can be found on this page.
Finally, for more than you probably want to know about securing your LAN, try the following ShieldsUp pages:
|Home | Networking | Backgrounders | Internet Sharing | Security | HowTo | Troubleshooting | Reviews | News | About | Jobs | Tools | Forums|