Goodbye Dialup....Hello DSL

TOMLESCOEQUIP · Mar 10, 2005

I just ordered DSL service for my shop as it just now is becoming available in my area. My question is for those who have "always on " service such as DSL or cable modems, What type of firewall protection & anti virus will I need to upgrade to ?? What works the best for you ? What settings will I need to change (if any ) and what level of virus protection should I install ? I'm running windows XP home & have installed service pack 2 already. Thanks in advance.................Tom

getut · Mar 10, 2005

1) Do not rely on a software firewall such as BlackIce Defender or similar. They can be good backups in addition, but your first line of defense should be a good hardware firewall/NAT router. Linksys or DLink are good names (The linksys BEFSR41 is probably my best recommendation). Stay away from the Belkins (sometimes sold at Walmart). Don't let the phone companies installer give you a DSL modem connected by USB. Make sure it is an ethernet connected modem so you can use your hardware firewall with it.

2) Do away with Internet Explorer or any frontend based on IE that masquerades as an alternative browser. Use IE ONLY to go to Windows Update and get your security updates and software patches. Go with Firefox or Opera. Also, do not use Outlook Express or Outlook for the same reasons as above. There are currently security problems for these packages that are over 8 months old and still there is NO fix for the problem. ***Edit: Thunderbird or Eudora are good email software replacements.

3) Tell your installer that you want your PC configured with only standard configurations. Tell them you do NOT wanted any branded configurations. If the installer tries to put any CD's or diskettes in your PC, slap him upside the head.

4) Make SURE your PC is up to date and protected by the router/firewall and also up to date antivirus software BEFORE connecting it to the network. Current statistics show an unpatched PC connected via a broadband connections takes on average only 3 minutes to be compromised by malicious software.

5) Don't rely on your firewall to protect you. Firewalls ONLY protect against brute force attacks. You can still VERY easily be compromised by passive attacks coming in through trusted sources such as email and requiring you to click on something. Once your machine is compromised by the passive attack, the firewall does no good, because your PC connects outbound to the attacker. There is no inbound attack for the firewall to stop.

hazmat · Mar 10, 2005

I use a software firewall - zone alarm with Windows XP. I've heard that a hardware firewall (built into most routers) is better. But I defer to the professional geeks. Maybe surf around cnet

techman · Mar 10, 2005

Tom:

A great product (even free) is ZoneAlarm, from www.zonelabs.com I would use it even if you have a hardware firewall as mentioned. It provides inbound/outbound traffic monitoring and control, and has a simple user interface.

I also strongly agree that staying away from IE and using Firefox, for example (also free), reduces your vulnerability greatly.

For sure get a good antivirus. I use Norton Antivirus. Works quite well, and will automatically update itself regularly for the latest threats.

One more thing to check is in the networking settings. DSL usually hooks up through a network card (NIC). Go t the properties for that card after it is installed, using the Networking icom in the control panel. MAKE SURE that "Printer and File Sharing" is unchecked for that network card. Windows often defaults it to On, which will let outsiders share the contents of your hard drive.

paul

Maxfli · Mar 10, 2005

Router settings!!!

I limit the access to ethernet to only specific addresses in my linksys router. Typically the router is address 192.168.0.1. the router also acts as a Domain Name Server (DNS) meaning it assigns the ethernet addresses at start up. I think the default address range is 192.168.0.1 to 255. I have a few pc's sharing access, so I set the router to only allow a range like from 192.168.0.140 to 192.168.0.143. Then when you set up the PC's Ethernet (TCPIP) settings, turn off allowing the address to be set by the DNS and you hardcode each machine to specifically use 140, to 143. This is expecially important if you are using wireless pc attachs to ethernet. You know how there used to be Road rallies where you go from place to place looking for clues, I read an article about groups that go around in cars and cruise neighorhoods with a laptop and the winner for the night is the car that was able to access and disrupt the most household wireless networks.

Scary!!

TOMLESCOEQUIP · Mar 10, 2005

Sounds good so far.......it looks like I'll need my local computer geek to blueprint my system before the DSL install. My bro' inlaw in Florida was victim to one of the drive by wireless attacks.......his computer was trying to open about 75 IE windows at once & slowed down to zero response.......scarey that we have to deal with roaming geek squads now too...........Tom

getut · Mar 10, 2005

Mostly hogwash. Its called wardriving and it isn't nearly as malicious as it sounds. 99.99% of the time it is just geeks out mapping wireless networks for the fun of it. MAPPING.. not disrupting. The part of a percent of people left usually are driving around just looking for enough free access to send an email to work so the boss doesn't know the IT geek is out in the countryside playing golf rather than at that seminar. Don't ask me how I know this. /forums/images/graemlins/grin.gif

I'm a geek. You don't have to fear us unless we don't get our yearly raises for making your computers run. /forums/images/graemlins/grin.gif
We DON'T take down home users networks for giggles. heheh

TOMLESCOEQUIP · Mar 10, 2005

If I change web browsers is their an easy way to copy favorites to the new one or will I have to copy & paste each one? (The copy & paste could take awhile )

TOMLESCOEQUIP · Mar 10, 2005

3) Tell your installer that you want your PC configured with only standard configurations. Tell them you do NOT wanted any branded configurations. If the installer tries to put any CD's or diskettes in your PC, slap him upside the head. ........... I think I'm gonna be the installer.........They're just sending the DSL modem & filters as well as a "CD" ............Are you saying NOT to use the "CD" ??

PineRidge · Mar 10, 2005

Sounds to me like getut has given you some real good advice. And since he has admitted to being a geek he most likely knows a few tricks that the average guy doesn't even think about. If I was looking for this kind of info I would put a high value on the source and tighten up my system as best that I could.

You're going to love DSL. /forums/images/graemlins/grin.gif

techman · Mar 10, 2005

The alternative browsers mentioned have the ability to import favorites from IE. In Firefox they are called "Bookmarks"

Paul

MadReferee · Mar 10, 2005

I do not subscribe to the Chicken Little "the sky is falling" syndrome that others have been preaching in this thread. All this talk about changing browsers, and doing this and that and whatever is, from my experience, not really necessary.

I have had DSL for going on 5 years now with zero problems. I run nothing but Microsoft IE and other Microsoft products. My home network has several machines some of which are used heavily by my kids for whatever they do. /forums/images/graemlins/blush.gif

My DSL modem/router/firewall has worked flawlessly even when I have hosted several databases on a customer's machine installed at my home.

However, I do take some simple precautions. I have Norton Anti-virus Corporate Edition running on all machines (files and email attachments) and my Win 2000 Server updates virus files every night. All my machines are updated regularly with the latest security updates from Microsoft.

Your mileage may vary but installing DSL is not a cause for wholesale reconfiguration and panic.

JJT · Mar 10, 2005

1 last thing nobody mentioned, turn your machine off when you aren't using it. Don't leave it up and connected 24x7.

OkeeDon · Mar 10, 2005

( If I change web browsers is their an easy way to copy favorites to the new one or will I have to copy & paste each one? (The copy & paste could take awhile ) )

A Firefox install is amzingly simple -- copies everything from IE automatically. I also installed Thuderbird, which was just as easy, it copied everything from my Eudora account. Howevery, I'm used to Eudora and Thuderbird looked different, so I decided to stick with Eudora. I use the free, sponsored mode, which puts one tiny ad in a box in a corner of the software, which I don't even notice.

 "...his computer was trying to open about 75 IE windows at once & slowed down to zero response..." 

Not sure how that happened if his router was set up properly. Each computer on the network, even a stranger sitting outside with a laptop, should go directly to the wireless router and then to the DSL modem, and should not even be aware there is another computer on the network. Your computer sitting inside the house should not be aware that someone outside is using your network. The DSL is fast enough that it might take 15 or 20 or more folks lined up outside your house like birds on a power line before the service would lag a little.

I have my router set up with the hardware firewall and have Norton, etc. on my computer, and do not enable file sharing, but I do NOT have any security on my router. I really don't give a hoot if someone else is using my cable internet connection, it doesn't bother me. Right after last Fall's hurricanes, my insurance adjuster sat out in the driveway for about 20 minutes before coming to the door. When he did knock on the door, he thanked me for the use of the connection because the hotel where he was staying only had dial-up, and he had to file several reports. It was no skin off my nose...

MadReferee · Mar 11, 2005

( 1 last thing nobody mentioned, turn your machine off when you aren't using it. Don't leave it up and connected 24x7.)

Why? There is no difference in you sitting in front of it while it's on and it just being on and no one there.

Another old wives tale that can't be substantiated. /forums/images/graemlins/blush.gif /forums/images/graemlins/blush.gif

PineRidge · Mar 11, 2005

I think what he's trying to say is if the processor is not powered up it can't be accessed, period.

getut · Mar 11, 2005

Mad...

You are correct in one point. 99% of malicious software out there is not meant to destroy files. In the "old days" when viruses were relatively new, they usually tried to take out the machine just to be mean. Nowadays, viruses, trojans, worms etc are money making ventures. If your PC gets infected with something these days, they TRY to keep it running. It may slow down a little because it is doing work for the "bad" guys, but they want it running.

Most malicious software this day and time sets up the PC as a zombie. Under the control of the virus writer used to send SPAM email. There are forums just like TBN where these guys hang out hock their wares.. such as "I have 250,000 zombies at my disposal" pay me XXX amount and I'll send your SPAM out."

A compromised machine CAN get your ISP account closed if you use an ISP that has an aggressive campaign against SPAM. They see email traffic that is generated from a specific PC but completely bypasses their mail servers... just about 100% evidence that a PC is hijacked. They may send you notices that they will shut your account down and to call them when you have cleaned the PC.

There is plenty of other malicious software out there also, but that I listed above is by far the most common these days.

There is a very new type of malicious software out (new to windows PC's but been around for linux for years), called a rootkit. This stuff is very nasty and sits at the "kernel" level. It is NEARLY impossible to remove, and definitely cannot be detected by antivirus or anti adware/spyware software.

I take security very seriously because I AM a computer geek and network security specialist. Mad, your take on it is typical of general population, but it is eventually going to have ramifications. People that aren't taking responsibility for their computer security have lawmakers all in a fluff about starting to regulate certain things in operating systems. Making the choices for people. Many lawmakers have shown interest in turning computers into "appliances". Making them special purpose, and banning generic all purpose machines because. Under pressure from lawmakers, hardware and software vendors have joined organizations to blaze the trail towards what is being touted as "Trusted Computing Initiatives". This trust does NOT mean that you trust your computer, it means that a company trusts that you have not been able to tamper with anything and make it work in a way they don't see fit.

That is the consequence of not patching your computers and thinking security doesn't matter.

Sorry for the ramble.

MadReferee · Mar 11, 2005

( I think what he's trying to say is if the processor is not powered up it can't be accessed, period. )

A properly configured network with correct router and firewall settings does not require it's PC's to be powered down when not in use.

There is more of a chance for something to happen while you are using the PC then when you are not using it.

The sky is falling, the sky is falling. Sheesh. /forums/images/graemlins/grin.gif /forums/images/graemlins/grin.gif /forums/images/graemlins/blush.gif /forums/images/graemlins/blush.gif

techman · Mar 11, 2005

I wouldn't be too blase of the vulnerabilities of IE. There is a reason why Microsoft is under such pressure by the indusrty and the public in general for the security holes in IE and Windows.

I have had DSL for a couple of years, and I use ZoneAlarm as a software firewall on my server. The machines are up 24/7 and I get over 100 "probes" an hour, on average, that are caught by ZoneAlarm. I am certain that many of them are looking for Microsoft security holes.

While IE is patched almost weekly to close security holes, it is still much more vulnerable that the other available browsers. Its hugh installed volume makes it the most desirable hacking target. Switching to a browser other than IE is simply a prudent move if you have security concerns and want to minimize risk as much as possible. It is ther reason why a surprising number of corporations have made the switch away from IE as the standard browser.

paul

MadReferee · Mar 11, 2005

( I take security very seriously )

So do I, although I am not a network consultant I do advise clients on what they should be doing to protect their installations.

( People that aren't taking responsibility for their computer security have lawmakers all in a fluff about starting to regulate certain things in operating systems. Making the choices for people. Many lawmakers have shown interest in turning computers into "appliances". Making them special purpose, and banning generic all purpose machines because. Under pressure from lawmakers, hardware and software vendors have joined organizations to blaze the trail towards what is being touted as "Trusted Computing Initiatives". This trust does NOT mean that you trust your computer, it means that a company trusts that you have not been able to tamper with anything and make it work in a way they don't see fit.)

First I have heard of this. Just another example of government intrusion into private affairs. I doubt if anything will every come of this insanity.

( That is the consequence of not patching your computers and thinking security doesn't matter.)

People (PC users in this case) should take responsibility for their own actions and inactions. If you want to be on the internet you should be taking precautions like having a good virus detection program that gets updated regularly. DSL and cable users who are online 24/7 should also consider a firewall appliance (like the Symantec 200 series) for extra protection. However, most don't think they need anything and will download and run/view anything that is sent to them.

Like Mr T used to say, "I pity the poor fool" who doesn't have the common sense to take care of himself.

BTW, I have clients who are on DSL and T1 connections and have not turned off their computers or done anything special (other than virus checking and having firewall appliances) for over a year. None of them have experienced problems. Safety first.