SECURITY - PART 2
Software Firewalls
A firewall is designed to prevent unauthorized Internet users from accessing your computer. Firewalls can be hardware or software, or a combination of both. This section is concerned with software firewalls. Hardware firewalls, basically routers, will be covered in the next section.
All messages entering your computer from the Internet pass through the firewall which examines each message. The firewall blocks any message that was not specifically requested by your system. For example. when you click on a link in your web browser, you are requesting that page and the firewall will let it pass through. If a hacker attempts to gain access to your pc from the internet, the firewall will identify this message as not being requested and will block it.
There are many firewall programs available ranging from expensive to free. Here is a brief overview of the most popular and some recommendations:
Windows Defender Firewall
Rating:
This is the only software firewall I use and recommend.
NOTE: All software firewalls should be used in conjunction with a hardware firewall for maximum protection (see our section on Hardware Firewalls.
Hardware Firewalls (Routers)
Routers are the most common hardware firewalls for the home user. The basic idea behind a router is to allow two or more computers to share an Internet connection. This is done by using a system called Network Address Translation (NAT). If you really want to induce a nap, read the explanation of NAT in the "Did You Know?" section below. Using NAT, you can use your individual IP (Internet Protocol) address and share the connection with all of the computers in your home at the same time. In addition, NAT acts as a firewall by masking the true IP address of your computer which helps to keep your system safe from hackers. A simple broadband router is easy to install and maintain. Most routers come with WI-FI included so you can also enjoy secure wireless Internet.
That NAT stands for Network Address Translation?. It is a technology that allows your home network to share Internet access. A single cable modem or DSL modem could connect all the computers in your home to the Internet simultaneously. Additionally, NAT keeps your home network secure from hackers. By blocking requests that originate from the Internet to your computer, a NAT device blocks most mischief. It will only forward traffic from the Internet that you specifically request.
Human Behavior
Probably the greatest threat to the security of your computer system is..... human behavior. Let's face it, we humans do stupid things! A majority of the viruses, bugs, spyware, spam and other nasties can be avoided or reduced by modifying our behavior on the Internet. Read the following suggestions for practicing safe surfing:
- Do not visit shady looking web sites. (You know the ones I mean!)
- Do not click on links in pop-up windows. Even if they tell you that your pc is infected or has a problem that you must fix immediately! It's a scam. Chrome, Firefox and Opera browsers feature pop-up blockers -- be sure to turn them on.
- Do not click on links in emails. If you really wish to visit the site shown, type it in the address bar of your web browser by hand. It's probably a good idea when entering the web address to ignore any characters to the right of .com (or .net, .org, etc.).
- Do not respond to spam (junk email) -- just delete it or, even better, mark it as junk if your email program has that option. If you respond, then you are telling the spammer that he has reached a valid email address. Never click on any links that say something like "To unsubscribe, click here". That's just what they want you to do.
- Do not respond to or click on links in emails that look exactly like email from your bank, credit card company, retail stores, insurance companies, etc.. This is called phishing. Once you visit their site, they'll try to get private data from you, like passwords. These web sites can look identical to your own trusted sites. If you really wish to visit the site shown, type it in the address bar of your web browser by hand. When in doubt, call the institution on the phone.
That phishing is the act of sending an email to a user falsely claiming to be a legitimate enterprise? This is an attempt to scam the user into surrendering private information that will be used for identity theft. The email directs the user to visit a web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The web site is bogus and set up only to steal the user's information.
- Do not open attachments in emails, unless you're absolutely sure it's from someone you know and trust. If you're unsure, call the person or send them a separate email verifying the attachment is valid. Certain viruses can access someone's address book and copy the email addresses found there. Then they can send you email that looks exactly like it came from your Aunt Tilly using a technique called address spoofing. If you need someone to email you an attachment, make sure they tell you about it first or request it from them in advance.
- Do not use your home or primary email address to fill out forms or subscribe to services on the Internet. Get a free email account from Google or Yahoo for these purposes.
- Shop online from reputable companies only. It's safe to use your credit card to pay for purchases online at any store as long as when you checkout, you see a little padlock to the left of the website address bar of your browser (See Figure S2-2).
This means that the transaction is secure. If you don't see this padlock -- DO NOT CONTINUE WITH THE PURCHASE! The padlock is not just a picture. Click on it to see details of the site's security. This is important because some fraudulent web sites will imitate the lock icon of your browser with an image. It's also a good idea to use the same credit card for all of your online shopping. If there is ever a problem, all you have to do is cancel that one card.
Figure S2-2It is actually safer to shop online with a credit card than at a real store? Here's why: When you use your credit card at a secure site and you see the padlock to the left of the website address bar of your browser (See Figure S2-2), your credit card information is sent to the store using a Secure Sockets Layer (SSL). In simple terms, this means your data is scrambled using really powerful encryption which is the process of hiding information to make it unreadable. Even hackers cannot break this encryption. - DO NOT GIVE OUT PERSONAL INFORMATION LIKE SOCIAL SECURITY NUMBERS OR BANK ACCOUNT NUMBERS ON THE INTERNET!!! Any website or email asking you for this information is trying to rip you off!
- DO NOT RESPOND TO E-MAILS FROM FOREIGN GOVERNMENTS (LIKE NIGERIA) ASKING YOU TO HELP THEM RECOVER MILLIONS OF DOLLARS!!! The list of unfortunate souls who have lost their life savings to this scam is very long.
- Do not download music, movies or software from illegal sources.. It's a sure fire way to pick up viruses and spyware. Stick to legal sources such as iTunes, Napster or Spotify.
I use the following techniques to secure my personal computer:
- Anti-virus software - ESET set for constant real-time protection and automatic full system scan once a week. To avoid conflicts, Windows Defender Anti-virus program is turned off.
- TP-LINK Archer C9 Wireless 4-Port Router to share up to four hardwired Internet connections with multiple computers. Also serves as a hardware firewall and a wireless access point.
- Windows Updates set to automatically install.
- Windows Defender Firewall is turned on.
- Mozilla Firefox is my default web browser.
- Mozilla Thunderbird is my email program.
- Run manual weekly spyware scans with Spybot.
- I've activated User Account Control (UAC) for all users. UAC is a security feature of Windows which prevents unauthorized changes to the operating system. These changes can be initiated by programs, users, viruses or other forms of malware. UAC assures that changes are made only with approval from the user. If the changes are not approved, they are not executed and Windows remains unchanged. Guidelinesfor using and setting up UAC can be found here.