InfoWorld
Lead with Knowledge
HOME/ SITEMAP
SUBJECT INDEXES
ABOUT US
WHITE PAPERS

Learn to secure your PCs from new and unknown hacker attacks.

Free IDC White Paper - Discover Secure File Sharing for the Enterpriseattacks.

SEARCH:  
Home  //  Article
Print Article    Email Article
Window Manager
Brian Livingston
Software solutions can provide remedies for Windows security risks lurking on the Internet

FOR THE PAST two weeks, my columns have dealt with the dangers of operating Windows while using high-speed Internet access. Security flaws in your Windows configuration can give an intruder free rein to read, alter, or delete the contents of your hard drive.

This mainly affects small-business users of cable modems and DSL. But it can also affect ordinary ISP dial-up users. And large corporations with employees who access a server from home need to ensure that the person's PC is secure against these threats.

Kevin Samborn is one of many readers who sent me horror stories. "A hacker erased the disks on our gateway computer," Samborn writes. "The intruder used another compromised machine as the jumping-off point to hack ours. That other computer was a novice installation of Linux, hooked up to a DSL line at a completely different ISP."

This reader works for a highly regarded Unix consulting firm, and yet even their best technicians missed a small security hole until it was too late. How are information systems managers of understaffed departments supposed to predict and defend against these attacks -- much less Mom-and-Pop businesses that thought high-speed access to the Internet would be fun?

In previous columns, I've described small hardware boxes from SonicWall (www.sonicwall.com) and WatchGuard Technologies (www.watchguard.com) that add firewall protection for small to midsized businesses for about $500 to $5,000.

This week, I'll cover some less-expensive solutions that provide a level of protection every Windows user should have.

Andy Aldrich was the first reader to propose that I write about BlackICE Defender. This is a $39.95 downloadable product that emerged in August from Network ICE (www. networkice.com).

For a software-only firewall, it's remarkably easy to install and configure. It offers four simple-to-understand levels of protection, and the default level is sufficient to ward off virtually all intrusions into your PC via the Internet.

The company has set up an experiment in which volunteers report how many attacks they see on a daily basis. Between July 1 and Oct. 17, the volunteers had logged hundreds of probes of their systems by outsiders. Over half of the participants had been subjected to 10 or more probes during the test period. (For details, see Pilot Program at Network ICE.)

BlackICE Defender can often capture the ISP, log-in name, and unique Ethernet adapter number of the intruder. At the click of a mouse, you can e-mail their ISP and follow up with legal action if you're so inclined.

Hack that!

A great perspective on this issue is provided by Gibson Research's Web site (www.grc.com). This site is operated by Steve Gibson, creator of the SpinRite disk utilities and a former InfoWorld columnist for many years. Although I knew about Steve's work, I credit Patrick Meyer for citing it first.

Click the Shields Up! link on Steve's main page and you're presented with two buttons: Test My Shields and Probe My Ports. These two routines tell you about flaws in your PC that leave it wide open whenever you access the Internet.

One of the worst security problems is Windows' File and Print Sharing feature. Steve recommends three fixes:

1. If your PC is not sharing files on a local network with any other PC, you can remove the Client for Microsoft Networks to eliminate the security risk.

2. If you need file or print sharing, download Steve's two small (7 KB) freeware applets. They enable you to turn file sharing off when you access the Internet and back on when you're finished.

3. If you need to share all the time, you can enable the safe NetBEUI protocol on your local network. You then disable sharing by TCP/IP, which exposes you to unwanted visitors from the Net.

Each of these alternatives is explained in detail in the Network Neutering link at the bottom of each Shields Up! page. Steve also recommends that you install BlackICE Defender in addition to the above steps.

I'm glad to see groups such as Network ICE and Gibson Research providing low-cost security solutions.

But this is ridiculous. Microsoft created this problem, and it should be working directly with high-speed service providers to ensure user protection is in place before a hookup goes live. It's not enough to just say that Windows 2000 will have built-in firewall software.

Next week, I'll complete this series with comments by service providers. Readers Samborn, Aldrich, and Meyer will receive free copies of More Windows 98 Secrets for being the first to send me a tip I print.




RELATED SUBJECTS

Operating Systems

MORE >
SUBSCRIBE TO:    E-mail Newsletters  InfoWorld Mobile InfoWorld Magazine
Home  //  Article Print Article    Email Article
Back to Top
 ADVERTISEMENT
 

SPONSORED LINKS

Download the J.D. Edwards CRM white paper. Visit jdedwards.com/crmpaper
Introducing Primus Quick Resolve. Click to download a fact sheet.
Download the J.D. Edwards CRM white paper. Visit jdedwards.com/crmpaper
Gateway: Your Reliable IT Provider of Business Technology Solutions
Learn to secure your PCs from new and unknown hacker attacks.

SUBSCRIBE
E-mail Newsletters
InfoWorld Mobile
Print Magazine

Web-based training
ABOUT INFOWORLD  |  SITE MAP  |  EMPLOYMENT  |  PRIVACY  |   CONTACT US

Copyright 2001 InfoWorld Media Group, Inc.