I was fortunate to learn about the security (or lack of) of a full time connection shortly after I was connected to my cable modem service. The folks at my previous cable modem ISP, MediaOne, were on the ball and alerted me to the fact that their networks were being hacked via my proxy server and told me what to do about it.
If you take the time to read all the pages on this topic, you should have a nice, secure shared Internet connection. However, if you’re in a hurry, here’s a guide to what’s here:
- Do I have to worry if I connect via dial-up modem?
- The two best things you can do to secure your LAN
- Should I use NetBEUI?
- What if I have only one computer?
- What if I need to access computers on my LAN from the Internet?
- Securing Proxy-based sharing programs
- Is “Stealth” important?
- Securing servers.
- Other resources (including Security site links)
You can ignore the information in these pages that refers to Microsoft Networking related problems. However, you should get your LAN behind a firewall by either installing a hardware router or a software router and second Ethernet adapter in the computer that is running the router. The ThreeMacs site has more Mac-specific Network and Internet security information.
1. What about a dial-up connection?
It doesn’t take a full-time connection to be hacked!
The Internet is a big place and there are enough people who regularly run port scanners and other “doorknob rattling” programs that look for unsecured computers which can be exploited. Although dial-up connections are usually not connected as long as full-time cable modem connections, they can still be probed and captured by someone with enough patience… or motivation.
Read this information about how I recently ended up with the netlog worm on my dialup connected system!
So the precautions in this section apply to you whether you are connected via a full-time or connect-as-needed dial-up connection. Do yourself and your ISP a favor and read all the information on this page to make sure your LAN is secure from intruders!
2. The two most effective actions to take.
There are many things you can do to secure your network, depending on your level of paranoia, and how much money you have to spend. But if you do nothing else, do the following two things and in most cases, you will be 95% of the way to a secure network!
a. Separate your LAN onto its own network.
If you’ve followed my instructions for sharing your connection, you either are running a sharing program in a computer that has two Ethernet adapters (NICs), or your LAN is behind a hardware router. In either case, you have made your LAN really LOCAL and the only data that goes out to the Internet is data that you want to go there.
Sharing your connection via the multiple IP method does not provide the protection of a separate LAN.
All of your computers (and the data that passes between them if you are sharing files or printers) are directly connected to the Internet!
If you are using the Multiple IP method to share your Internet connection, it is very important that you follow the instructions in the Should I use NetBEUI section to secure your LAN. You should also share only what you need to, and have strong password protection on anything you share.
b. Unbind Microsoft Networks from TCP/IP on any Network adapter that is connected to the Internet
One of the first things that crackers check when they’re looking for unsecured computers is whether they can see shared resources (files, folders, disk drives). If you’re running any form of Windows, you probably share files and printers via Client for Microsoft Networks and the File and Printer sharing for Microsoft Networks service.
If these services are “bound” to (or running on) the TCP/IP protocol for any adapter that is connected to the Internet, you are asking for unwanted visitors.
Fortunately, it’s easy to fix this situation. Just open the TCP/IP properties for the copy of TCP/IP that is bound to the Network adapter that connects you to the Internet. Uncheck Client for Microsoft Networks and File and Printer sharing for Microsoft Networks as shown in the screen shot below. Also uncheck Microsoft Family Logon if it is present. Close the TCP/IP properties, close the Network Control Panel, and let the machine reboot.
If you need detailed instructions on how to do this, go to this page of the ShieldsUp site.
3. Should I use NetBEUI?
Go to this page.
4. Not sharing a connection? You still need protection!
Chances are that even if you have only one computer, you probably have unnecessary software running that can make your PC a target for unwanted visitors. Add a full-time, high speed connection to the equation, and you may already have been visited!
The most effective action you can take in this case is to remove Microsoft Networking from your PC entirely. (Don’t worry, it’s easy to restore if you need it.) Just open the Network Control Panel, select Client for Microsoft Networks as shown below, and click the Remove button on the Network Control panel. Click on OK to close the Network Control panel and let your machine reboot. That’s all there is to it!
If you need more detailed instructions, I’ll again let the ShieldsUp folks give you the how-to!
5. Accessing your LAN from the Internet
For most people, following the two steps in Section 2 above will take care of securing their network. This is because most sharing methods (with the exception of using Multiple IP addresses) have some sort of mechanism (usually referred to as a firewall) that rejects any requests for data that come from the Internet. This keeps the “bad guys” out.
However, some people need to allow requests for data originating from the Internet reach computers on their LAN. Examples of this are:
- Running a webserver
- Receiving a NetMeeting or Dialpad call
- Grabbing a file from your home computer with pcAnywhere while you’re at the office
- Remotely administrating your LAN’s router or sharing computer
In this case, you need to selectively open holes or ports in the firewall, so that the desired requests can reach the appropriate computers on your LAN. How you do this depends on the product your are using to share your connection, and is beyond the scope of this page, but is covered over in the Special Applications page. The important thing about opening ports through your firewall is that each one is a potential way for unwanted users to access your computers.
If you must open holes in your firewall, then it’s important to move up to the next level of protection. This would include:
- Binding Microsoft File and Print sharing to the NetBEUI protocol. (See the Should I Use NetBEUI section.)
- Sharing only the files that need to be shared.
- Password protecting anything that is shared with a strong password. Note that this includes password protecting your router or sharing software’s administration features.
- Opening only the ports that you need. (You’ll need to consult the proxy or firewall section of the documentation for the program that you’re using to find out.)
- Running some sort of personal firewall or port monitoring program. (See the LAN Security Tools section.)
- Running good, current-version anti-Virus software and keeping the virus files updated at least monthly.
McAfee Virus Scan, Norton AntiVirus, and other good programs now also detect many Trojans and worms in addition to viruses. (See the LAN Security Threats page for more info.)
- Enabling logging on any services that you run and regularly reviewing the logs
Another alternative is to put all services that need to be accessed from the Internet on one computer and put only that computer on the Internet side of the firewall. The safest way to do this is via direct physical connection to the Internet access point.
If you’re unfamiliar with servers and ports, then proceed with caution or don’t run them on your network. You also should read the information in the Proxy server section below.
6. If you are running a Proxy server
This section has been moved to this page.
7. Is “Stealth” important?
Visitors to the ShieldsUpsite often run the Shield Test and Port Probe and get a “closed” status vs. a more desirable “stealth” status. What does this mean and why does it matter?
What a “stealth” report means is that when the particular port is probed, no response is returned from your computer to the computer doing the probe. A “closed” report means that your computer responds to the probe by replying that the port is closed.
In either case, the computer doing the probe (or any other computer that attempts to gain access to your computer) cannot access your computer via the probed port. So why is “stealth” more desirable?
It all depends on how determined someone is to gain access to your computer. When your computer responds that a port is closed, it is verifying that it exists. Port scanners keep track of the IP addresses and ports that they get responses from and discard the ones that they don’t receive a reply from. (This is similar to email “spam” techniques, which is why you should never respond to a “spam”, even if the email is telling you that they’ll remove you from their list if you respond or click on a web link.) Theoretically, the scanner could return to your IP address again and again, “rattling the doorknob” and waiting for the one time that you leave the door open.
In reality, many of the port scans or probes are done by people who download the programs and don’t really know what they’re doing with them. It’s also a very big network out there with plenty of IP addresses to scan, many of them probably much more interesting than yours. And remember, your ports are closed and there are plenty of open ports out there!
In addition, let’s say you go to all the trouble of achieving “stealth” mode for your LAN, but then open ports in your firewall or place a computer outside the firewall via a router’s “DMZ” mode or its equivalent. As soon as you do that, you’ll be visible to scanners and potential attacks, and you actually have open ports!
So if you get a “closed” status from one of the port probe programs and you don’t open holes in your firewall, there’s no need to jump through hoops to achieve “stealth” mode. You’ll be just fine. If you do open holes in your firewall, better read the Accessing your LAN from the Internet section, because you’re the kind of computer that the port scanners are looking for!
8. Securing Servers
This topic is covered on this page.
9. Other resources
Read this page, which describes the most common security threats, and this page, which describes security tools that you can use.
A good selection of Security related links can be found on this page.
Finally, for more than you probably want to know about securing your LAN, try the following ShieldsUp pages: