This information page is provided as a service by CWC to assist our clients in understanding and maintaining network security and security products. If you have additional questions or need assistance in setting up security products at your site please contact us directly at our Contacts Page.
Instead of re-writing all the excellent information available on security we have provided the links below.
Why Security - Today almost everyone is connected to the Internet. (You must be or you wouldn't be reading this page.) As most modern operating systems were designed for networking your system you may be setup to " share yourself " with others without your knowledge! If you are on a "local area network" (LAN) you may be sharing all your computers and their files with anyone on the Internet
Test your Security - Those of you that were around in the DOS days remember Steve Gibson as the author of the worlds best hard drive test and recovery utility, Spinrite. Well he's still around and so is Spinrite and a bunch of other neat stuff! Follow this link to the Gibson Home Page and select the Shields Up link to test if your system is open to the Internet.
Not to be out done by Gibson, Norton now has their own free security test site on the Internet.
January 2006. Microsoft
has finally figured out there is a security problem! Follow this link to their new on line security test site.
Even if you are using a firewall or router from your Internet Service Provider (ISP) I recommend you use an additional software firewall product on at least one computer to keep track of your hardware firewall. If you are setup on a cable modem or DSL modem I can almost guarantee your system is wide open so, keep reading.
Microsoft Research (Is that a misnomer or what?). Follow this link to a Microsoft webpage on OS Root Trojan Horse problems. Also see the Microsoft Security home page.
Most wireless network equipment comes with none of it's security settings enabled. This means, if you can access your local network and internet so can your neighbors! For a primer on WiFi go to the Wi-Fi Alliance website.
There are a number of recent improvements to wireless security. For a discussion of these new standards follow
this link to an article from ZD
Net.
Microsoft had recently begun giving away a free piece of software for Windows XP SP2 that supports both of the new, secure forms of Wi-Fi, WPA (Wireless Protected Access) and WPA2. If you're buying any new Wi-Fi equipment, it is recommended you purchase products that support the strongest standard: WPA2-Enterprise. (Such products are also downward-compatible with all lesser standards.) You can find a product list by clicking the WPA2-Enterprise check box at the Wi-Fi Alliance's Certified Product Listing page.
For users of older Microsoft operating systems:
Free Windows-based WPA supplicants that will help
Windows 98/Me users:
WPA Assistant
WPA Assistant is a free portion of the Wireless Security Corporation's WSC Guard, a third-party login authentication
service that costs $4.95 per month. The free WPA Assistant supports only WPA-PSK and the insecure WEP and Clear
methods. It also displays reminders to upgrade to the paid version of WSC Guard.
WIRE1x This is a free, open-source program developed at the National
Tsing Hua University in Taiwan. It runs on Windows 98, Me, 2000, and XP and supports EAP-TLS, PEAP, and EAP-TTLS.
significantly, it also works with a program called freeRADIUS, which can be used to provide WPA-Enterprise-style
login authentication.
Users of Centrino laptops with Intel PRO/Wireless 2200BG and the Intel PRO/Wireless 2915ABG products can also obtain
WPA2 support via version 9 from Intel.
ProSet 9 ProSet 9 is only supported on Windows 2000 and up computers, but it at least gives Windows
2000 users access to WPA2.
Hardware firewall. For small-office and home-office wireless networking, the most affordable secure firewall is the Linksys Wireless-G WRT54G router (about $55 USD street). To cover more than a couple of rooms, consider the Linksys WRT54GX ($160), which doubles the usual "g" range. Be sure to enable WPA2, the strongest level of Wi-Fi security that's commonly available today. For SOHO wired networking, a top-rated model is the 4-port Linksys BEFSX41 router ($65). All of these are PC Magazine Editors' Choice winners and support stateful packet inspection (SPI), an essential security feature.
Spyware
Spyware ranges from sophisticated keystroke loggers
that the FBI successfully used to bust an alleged New Jersey bookmaker to programs that monitor your surfing and
downloading activities. Keystroke loggers are most troubling, since outsiders can use them to capture your passwords,
which is what happened in New Jersey. This makes password-protected encryption useless. And there's a bigger fuss
over conventional Trojan-like Spyware recently found as part of some peer-to-peer music download systems, such
as Grokster and KaAaA. This is especially troubling, since these systems are under scrutiny by the music industry,
which, along with the government, has threatened to arrest individuals who abuse copyrights.
Anti Spyware Measures
Luckily, you can get specialty scanners that look for keystroke loggers and Spyware. The best products for anti Spyware that I've seen are Spybot and Ad-aware. Spybot found 26 systems hidden on my computer. None of these were spotted by antivirus software or anti-keystroke-logging software. Most were redundant Trojans planted by Alexa Internet, DoubleClick, Hotbar.com, and something called Flyswat. Odigo and a few other sample programs that I had uninstalled left Spyware, despite the uninstall. This is unacceptable behavior. Spyware is often poorly written, and it grabs bandwidth, slows boot times, and crashes PCs. My system has become more stable since the removal of this garbage.
Spybot (shareware).
Go to www.lavasoftusa.com, to download Ad-aware.
Another commercial product is available form PestPatrol.
Sunbelt Softwares CounterSpy has received good industry reviews
January 2005. Microsoft buys the Giant Company ant-Spyware software company. This product received the highest rating from some recent tests of products designed to protect from and remove Adware and Spyware. Unfortunately the highest rating only removed 63% of the infections on test PC's. Currently Microsoft is offering this product free, in Beta test format. If you are running Windows 2000, 2003 Server or XP follow this link for information and file download of the product. It looks like this product is going to be replaced by the one below?
Feburary 2006. Microsoft is offering a beta of it's soon to be released, April 2006, security product. For details follow this link.
Anti Spyware Sites
Several sites devoted to tracking Spyware and rating programs to remove it are appearing on the internet. Here is a partial list of sites we have found.
Advanced user? (That means not afraid to play with the Registry.) Checkout IE-SPYAD
For really advanced users try HijackThis.
List of products that claim to be ant-Spyware but are really out to get you!
Anti-Keystroke-Logging Software. If your paranoia goes deeper, make sure to look at some of the anti-keystroke-logging
software. The best I've seen so far is SpyCop, available online at www.spycop.com. It scours your system, looking for secret keystroke-logging
software. The like-named company also makes Evidence Terminator, which routinely erases cookies and all sorts of
files that can be used to track your activities. Welcome to the Big Brother century when we can't trust our own
computers anymore. ( Information from PC Magazine, link to the entire article. )
Zone Alarm
As a promotion for their network protection technology Zone Labs has released a FREE personal firewall product. Available at http://www.zonelabs.com/ , Zone Alarm protects your system from both incoming and outgoing Internet activity. This product has received excellent reviews from PC Week and Steve Gibson.
Network Ice
To Protect your stand alone system or multiple PC's on a network try Black ICE Defender from Network ICE. This $39.00 program will make your computer invisible to hackers when you are connected to the Internet. For an excellent review on Black ICE and personal firewalls in general, select this link to Steve Gibson.
The Cleaner
Not so much a general firewall The Cleaner is designed to protect against the "Trojan Horse" Last year while running Norton's latest anti virus program, with the most current updates, I and several clients were hit with a "Trojan" virus. It went right through the Norton anti virus "shield" and settled on our hard drives. If we had The Cleaner running we would have been protected. To find out more about Trojans or to purchase The Cleaner follow this link to Moosoft.
Also see our Wireless Section for hardware firewalls.
SpamAnd everyone knows we are not talking about the lunch meat! Unwanted E-Mail from the obscene to the absurd is clogging our inboxes. Some experts predict that within a few years the only e-mail you will receive is from addresses you have given direct permission to. For now CWC has reviewed two spam filters you can use to help eliminate most of your spam.
Qurb I finally gave up using spam blockers that try to figure out what is and what is not spam. I am now using Qurb, a white list program. With Qurb everyone in your address book, sent items or inbox is considered a good guy, white list. Everyone else are considered spammers and go in the Qurb spam bucket. If you find an address in the spam bucket that you want to receive you can mark it approved and forever it will then go into your inbox. Follow this link to Qurb.
MailWasher (Shareware) We had used MailWasher for several months. It is a stand alone program you open first to retrieve and identify spam from your mail server. Once you run the program and clean the spam from your mail server you open your normal e-mail program and retrieve your cleaned up mail. The program allows you to set e-mail addresses as spam or friend and checks popular anti spam list servers to identify spam messages. It worked well but still let in too much spam for my tastes. Follow this link to the MailWasher website.
iHateSpam is a commercial program from Sun Belt software. Unlike MailWasher iHateSpam is an add-in to Microsoft's Outlook or Outlook Express. ( No, my die hard friends, it doesn't work with Eudora.) Sun Belt maintains it's spam mail list and for the $19.95 price of the program you get a years access to their database. I only used iHateSpam for a short period but find it effective and easier to use being an add-in to Outlook vs. having to run a separate program. Follow this link to Sun Belts iHateSpam website.
Most ISP's (Internet Service Providers) have a great price for one PC Internet access and a heavy add on charge for each additional PC. Access to the Internet is controlled by an IP (Inter Packet) address. To access the Internet you need an IP address to identify you to the World Wide Web (yes WWW). The products below act as an interface between the Internet and your local area network (LAN). One PC is setup as a portal with the Internet sharing products below and the IP address provided by your ISP. The rest of the PC's on your LAN access the Internet through the Internet sharing portal. Both of the manufacturers below have excellent primers on this subject and Cable Modem, DSL in general.
DSL primer from Vicomsoft.
Cable Modem primer from Vicomsoft.
General Internet sharing instructions and setups from Practically Networked
Microsoft Internet Connection
Sharing (ICS)
If you have a small office with three or four computers the Internet Connection Sharing built into Windows will allow you to share a single Internet connection between several PC's. We have used it with Pacific Bell (SBE) DSL and an Alctel USB, DSL modem in the CWC home office and at several client sites Only the PC with the Internet connection needs to run Internet Connection Sharing. The other computers on the LAN can be running any other version of Windows as long as you have the TCP/IP protocol as an installed network protocol. (In Windows XP this is installed automatically.). ( NOTE Windows ME, the current release of Windows 9x, also has the Internet Connection Sharing feature however, I don't recommend the use of ME! The LAN function especially is prone to hang ups and dropouts. See our further comments on ME at this link.)
Use and setup of Windows XP ICS. Follow this link to an excellent primer for ISC with Windows XP.
Use and setup of Windows 98es ICS. Follow this link to an excellent primer for ISC with Windows 98se.
Use and setup of Windows 2000 ICS. Follow this link to an excellent primer for ISC with Windows 2000.
WinProxy (Used by CWC) (Not normally needed if you are using Windows XP)
A full Internet sharing and firewall product. Available in several versions depending on the size of your Local Area Network (LAN). In our office we use the Starband satellite system for Internet access. ICS will not work correctly with Starband but WinProxy works great. It is especially good if you are not skilled at setting up a firewall product as the built in firewall in WinProxy is excellent. For further information winproxy.com.
Sybergen Networks (Tested by CWC)
A 2 in 1 product, Sygate is both a firewall and Internet sharing server for your internal network. Their companion product Syshield adds additional firewall protection You can find more information and purchase Sygate online at Sygates web site.
No anti virus or firewall or trojan program can completely protect you from a determined hacker. Occasionally something gets through before the vendors can modify their products to detect it. Late last year Microsoft itself had a serious hack to their systems! What I am trying to say is backup your data ! Use a tape drive or floppy disks or even better get a CD-ROM burner and backup to a CD-ROM. The disks are cheep and last for over 30 years, but whatever you use, use it often!
Backup systems and recommendations.
Information and links on this page were obtained from the respective vendors. Craig Williams Consulting makes no warranty on the information, files, or their ability to protect you from virus or hacks, or make you rich! When in doubt go to the vendors site directly and check their guarantee.
Site updated 10/15/02