Computer security is one of the most important issues in the computer world. With the number of viruses and other malicious software that prey on exploits in the Windows operating system increasing, you need to take preventative measures to make sure that your computer does not become infected.
The days of only having to worry about e-mail attachments and documents on a floppy disk are over. Nowadays, viruses or worms actively seek out computers to infect without the computer user even doing anything.
Once a virus or worm has gained entry to a system, the invaded computer can turn into a virus distribution center. Often, the computer sends copies of the virus to all of the people in its address book. Even worse, the infected computer may begin to scan a block of IP addresses (that is, computer addresses) to try to find more machines that it can infect. If your computer is not protecting its connection to the Web, it is at increased risk of becoming infected.
So how do you protect your Internet connection? That topic is what this whole section is about. You will learn how to test your computer and see how vulnerable it actually is. Then, you’ll find out how you can use firewalls to build a “brick wall” around your computer. You’ll also learn how to turn off some unnecessary services to lower the risk of infection even further. Additionally, you’ll discover how you can secure wireless network connections, as they are growing so much in popularity.
Once you have your computer locked down from the outside, some connections to your computer may still be open, which you do not want to close down. Remote connections need to have certain ports open on your computer so that you can connect remotely to your computer. Additionally, if you want to share files with other computers on your local network, then you will want to leave the Client for Microsoft Networks unblocked.
However, when you have openings in your computer’s security, you leave yourself vulnerable, allowing users to get in. To help combat that vulnerability, you’ll learn about ways to use the various user accounts settings to assign complex passwords and permissions to users.
How Vulnerable Is Your System?
Our computers are a vault of important information. You could have sensitive data on your computer that you do not want the whole world to see. Data such as family photos, personal documents, and financial information can be found on almost everyone’s computer. If a virus or an attacker connected to your computer remotely and gained access, that intruder could wipe out years of work and memories as well as steal sensitive personal information. This section will show you how to test your computer and find out how vulnerable it really is. To do this, you’ll be using a nifty online utility to test your Internet security. Then, proper security update procedures will be examined, so you can see if you are really doing what you should to ensure a secure PC.
Testing your Internet security
Ports are the gateways inside your computer. When a computer program wants to communicate with a remote computer, it makes a connection to the remote computer with a port, with which it can then talk to the computer. Each computer has thousands of ports—65,535 to be exact. The different ports of a computer can be thought of as a bunch of different mailboxes. When a program wants to send data to a remote computer, it sends it to a specific port (mailbox) number. Then, provided that a program is on the remote computer that is set up to receive data at a particular port (mailbox), the remote computer can then work with the data that it was sent.
Theoretically, nothing is wrong with this scenario. In the real world, however, programs don’t always work this way. Programs are not perfect, nor are they always efficient. Sometimes, they are sent data that they are not programmed to receive, which causes all kinds of program errors, including errors that can allow a remote attacker to connect and run commands on your computer. The technical name for data sent to a program that results in problems is exploit. Because of errors in programs and the exploitation of the errors, you need to protect your computer. Even though you may have all the latest security patches installed, your computer will not be protected forever. It is just a matter of time before someone figures out a new exploit and it starts to spread. Only after the fact is the patch usually developed and distributed.
So how do you protect yourself from future attacks? It is actually a very simple concept. There are a lot of open ports (mailboxes) on your computer that just don’t really need to be open to the outside world. Why not close all ports except for one or two you absolutely need so that exploits can no longer get through because they never have a chance to connect to your computer? How do you close ports and protect your computer? Use a firewall, as shown in the Firewalls section found in the second half of this section.
To give you an idea of how open your computer really is to the outside world, I recommend that you use one of the various online security screening tests that attempt to probe your computer to find weaknesses. The following is lists of sites that I feel do good jobs of letting you know how open your computer really is:
Symantec Security Check:
http://security.symantec.com
Sygate Online Services:
Sygate Online Services
Gibson Research Shields Up:
Home of Gibson Research Corporation
DSL Reports:
Port scan - dslreports.com
Visit a few of these sites and follow their directions to scan your computer. You will be presented with a report that shows you the open doors that they found.
Updating your computer
Because programs are not perfect, they require updating. Windows XP is a great operating system; however, no operating system is perfect. In order to keep your machine secure and free of the latest exploits, you must update your computer regularly. Visiting the Windows Update Web site (
Microsoft Windows Update) once every few months is not going to result in a secure, up-to-date computer. Microsoft releases security updates monthly and emergency security updates whenever they are needed. The only way to stay on top of these updates is to check Windows Update daily, subscribe to the Microsoft Security Newsletter, or enable automatic updates.
Windows Update
Microsoft’s Windows Update Web site offers an easy way to view all of the updates that are available for your computer. Microsoft releases both critical and features updates that update various software apps and add interesting new features to Windows XP. For example, critical updates fix major security concerns, such as the widespread exploit for Windows XP known as the W32.Blaster.Worm worm. This worm spread to other computers by using vulnerability in a component of Windows known as RPC (remote procedure call). To fix the security hole, Microsoft released a critical patch that fixed the security hole. Feature updates update bugs and add new features to common Windows applications such as Windows Movie Maker. Using the Windows Update Web site is very easy too. Just key in
Microsoft Windows Update in your Web browser Address window, click Go, and you will be there in no time.
Security Newsletter
The Microsoft Security Newsletter is a great way to keep informed about all of the latest security patches that Microsoft releases. Receive an e-mail in your inbox every time Microsoft releases a critical security patch. If you are a home user, visit
http://www.microsoft.com/security/se...ns/alerts2.asp for more information on the newsletter. On that page, Microsoft also offers a more technical version of the Microsoft Security Newsletter that will not only notify you of a critical security patch, but will also explain the full vulnerability. If you are an IT professional and want to know exactly what the patch is for, the technical version is for you.
Microsoft TechNet also offers a monthly newsletter that offers security news and advice. This is another great newsletter to subscribe to. It was primarily intended for IT professionals, but home users may also find it useful if they are interested in a more technical approach. Visit
http://www.microsoft.com/technet/sec...newsletter.htm for a copy of the latest newsletter, as well as information on how to subscribe.
Automatic Updates
Windows XP has a great Automatic Updates service. With the release of Service Pack 2, that service is now even better. With the ability to set a specific time every day to check and install new updates, you now can schedule a time for your computer to automatically check for and apply updates so that you will not have to visit the Windows Update Web site manually.
Turning on Automatic Updates is a great way to make sure your computer is up-to-date. However, it is a good idea to visit the Windows Update Web site every few months to make sure that Automatic Updates is still working. If it is, then you should not see any critical updates available when you visit the Web site.
Working with the Automatic Update settings is not a difficult task. Just right-click the My Computer icon located in the Start panel or on your desktop and select Properties. Then, click the Automatic Updates tab and specify the setting that you want, and click OK to save your changes. Figure 12-1 is a shot of the Automatic Updates screen, with the automatic download and install feature enabled. I selected 12:00 p.m. so my computer will automatically install new updates when I am at lunch and not using my computer. Also, this is a time when it is pretty much guaranteed that my computer will be on.
As you can see from Figure 12-1, there also are settings to automatically download patches that then prompt you to confirm the install as well as a feature that will just notify you of new patches. Unlike the technical security newsletter that was mentioned earlier, the notification of new updates will just give you the basic information instead of all of the technical reasons for the update.
Users also have the ability to turn off Automatic Updates by selecting the last option on the Automatic Update tab. You would have to be crazy to do this unless you plan on checking the Windows update Web sites daily or subscribing to the Microsoft Security Newsletter. The Automatic Updates service does not consume a lot of system resources. The resources that it does consume are well worth it because of the invaluable service that Automatic Updates provides.
Firewalls
You now know that your computer is vulnerable to viruses and attackers from the Internet. You also know that one way to help fight those attackers is to block access to your computer on all of the different ports, which can be gateways into your computer. How exactly to block all the ports? Use a firewall. A firewall is a special application that acts like a brick wall that is protecting all of the ports on your computer.
When a remote computer attempts to access a computer on which a firewall has been installed, which is blocking the port on which the remote machine is trying to connect, it will not be able to connect and the data that was sent will be ignored and discarded. Depending on the way the firewall is configured, when data is sent to a blocked port on your computer, the firewall will either respond to where the data was sent from with a message that the port is closed or it will do nothing, giving your computer a stealth presence. Most firewall applications are set up by default to run in a stealth mode, which will provide the maximum amount of protection. Any remote computer trying to connect or send data to your computer with a firewall installed running in stealth mode will think that your computer has gone offline because it is not getting any response.
FIGURE 12-1: Windows XP Service Pack 2 Automatic Updates settings.
Firewalls can be a very powerful security device. Windows XP benefits greatly from a firewall because it can lower, if not completely eliminate, the chance that your computer will be compromised. This next section will show you how to use the new and improved firewall of Service Pack 2 as well as two popular third-party firewall utilities.
Using the Windows firewall
Windows XP has included a firewall specifically, Internet Connection Firewall (IFC) software since the product was first shipped. Although the firewall has not been turned on by default, it has always been there. The original firewall was a basic one-way firewall that would block incoming traffic from the Web. One feature allowed users to open up ports so that they could still use remote applications. This way, a user could protect all of the ports on the computer except one or two that they had set to remain open so that they could use a program such as remote desktop to connect to their computer from a different location.
The new version of the firewall included as part of Service Pack 2 has a bunch of new features that makes use of a firewall even easier while the protection it provides your computer remains the same.
Enabling the Windows firewall
The new Windows firewall is usually disabled by default on any computers running Windows XP, including those that upgraded to Service Pack 2, unless your computer manufacturer has turned this feature on for you. If you want to use the built-in firewall to protect your computer, just follow these steps to enable it:
1. Click the Start button and select Run. Key in firewall.cpl in the box and click OK.
2. When the Windows Firewall settings window loads, just select On and click OK to save your changes.
3. Click OK once more to save the settings for the adapter, and the firewall will be activated. Now that you have the firewall set up, try using all of your common Internet applications. If you find that some of them do not work, then you can configure the firewall to allow them to pass through the firewall so that they can still be useful. Instant messaging programs can have problems with firewalls when a remote user attempts to send you a file. Sending files often requires the remote computer that is sending you the file to be able to connect to your computer. Because your firewall is designed to block all connections by default, you will have to configure it so that it will let certain applications work through the firewall. How to do so is described in the next section.
Configuring the Windows firewall
Configuring the firewall to allow certain programs to work through it is not always the best thing to do, because it will expose your computer more to the outside world and increase your risk of getting infected with something. However, in the short term or for an application that you must use, you can make it work through the firewall. In the original version of the firewall, the only possibility was to specify a port number to open. Now, it is much easier to make an application work though the firewall. Instead of typing in a port number, users can just select the program on their computer that they want to have accessed through the firewall. This capability makes the firewall configuration much more user-friendly. Additionally, in Service Pack 2, Microsoft left in the old way to open up the firewall manually by entering in a port number, so that users still have total control if they really want it. The end result of these two methods is the same; the only difference is the ease of use for less experienced Windows XP users.
Using the new feature to open up holes in the firewall is pretty cool. Follow these steps to open up the firewall for a specific application:
1. Open up Network Connections again by clicking the Start Menu and selecting Run. Then, type firewall.cpl in the box and click OK.
2. When the Windows Firewall settings window loads, click the Exceptions tab.
3. You will see a list of all of the different exceptions that are currently enabled, as signified by the check in the box. By default, a few applications will be enabled. I recommend that you uncheck all of the entries unless you use them. If not, then you are just taking an unnecessary risk by leaving those doors open.
4. If you want to add an application to the exception list so that it will be able to accept connections and data from the outside world, such as an Instant Message program that wants to receive files from other users, just click the Add Program button.
5. Select the name of the program from the list or click the Browse button on the Add a Program window to select the executable of the application that you want to open to the world.
6. When you are finished selecting the program that you want to be able to access through the firewall, click OK and it will appear on the list, as shown in Figure 12-2.
7. Now that the program is on the list, just check the box next to the name to open up the firewall for the application.
8. Click OK to activate your new firewall settings.
Windows Firewall also includes settings on how you want your computer to respond when several different standard Internet messages are sent to it. For example, one setting you can specify is the ping command, which is a network command used to estimate turnaround time between sending data to a computer and receiving a response. All of these settings are found on the Advanced tab by clicking the Settings button under the ICMP section. The screen is pretty straightforward. If you want your computer to have a stealth presence on the Web, as I mentioned earlier, you should uncheck all of the entries listed on the ICMP tab.
Using ZoneAlarm personal
Several different software companies have released their own firewalls and protection utilities. One of the oldest and most popular programs is called ZoneAlarm, by Zone Labs. ZoneAlarm comes in two different flavors: a pro version, which is a two-way firewall plus a boatload of other features, and a free version that is just the basic two-way firewall. ZoneAlarm is a different type of firewall than the firewall that is included with Windows XP and Windows XP Service Pack 2. ZoneAlarm includes a special two-way firewall that not only blocks traffic that remote users are sending to your computer but also blocks traffic that your programs are trying to send out.
Now, why would you want to block traffic that your computer is sending? Sometimes, people are concerned about their personal privacy and do not want their computer applications phoning home to the developer’s Web site sending usage data, checking for updates, or validating licenses. Additionally, it is nice to be able to control what applications have access to the Internet. If you let someone use your computer and they accidentally fell for some trick and installed software that turns out to be a Trojan (a program that allows others to mess with your computer), the Trojan will not be able to phone home to its creators, alerting them that your computer is now compromised.
FIGURE 12-2: Adding an application to the firewall Exceptions list.
Two-way firewalls, such as ZoneAlarm, will render such applications useless because they are contained in an isolated box and are not able to access the Internet. ZoneAlarm is a great application to play around with and see which of your applications are trying to send data out to the Web. Follow these steps to get ZoneAlarm up and running on your computer:
1. Visit Zone Alarm’s Web site at
ZoneAlarm by Check Point - Award winning PC Protection, Antivirus, Firewall, Anti-Spyware, Identity Protection, and much more. and download a copy. The free version is a little hard to find. Your best bet is to look for “ZoneAlarm (free)” under Direct Links, found on the mid-right side of the page.
2. Once you have ZoneAlarm installed and have followed the Getting Started wizard to get your computer’s policy configured, you are ready to start up ZoneAlarm.
3. By default, certain applications, such as Internet Explorer, will always have access to the Web. However, the first time you run a program that requires access to the Internet, such as Windows Messenger, you will be prompted with a message from ZoneAlarm, asking if you really want it to have access, as shown in Figure 12-3.
4. Click Yes on the pop-up window to allow Windows Messenger to connect to the Internet. If you see a request such as the one shown in Figure 12-3 and do not know what the program is, click No and do a search on the Web to try to find out what that program does.
FIGURE 12-3: ZoneAlarm prompting about an Internet access request.
5. If you want to fine-tune your application blocking settings, select Program Control from the left menu and then click the Program Wizard button, as shown in Figure 12-4.
6. Then, select the Advanced setting and click Next. You will be shown a list of programs that will be exempt from the firewall, to which you can add entries. This list is similar to the exception list for the built-in Windows firewall.
7. Once you are finished, click Finish, and you are done.
ZoneAlarm is a great application. It adds a valuable two-way firewall to Windows, which can be very useful. I recommend that you give it a try and see how you like it. Just remember to disable the built-in Windows firewall when you are using ZoneAlarm to make sure there are no conflicts.
FIGURE 12-4: Configuring Zone Alarm’s Program Control.
Using Sygate Personal Firewall
Sygate is another company that makes a great personal firewall. Just like ZoneAlarm, Sygate Personal Firewall includes a two-way firewall that audits your incoming as well as outgoing traffic. ZoneAlarm and Sygate are very similar products. The only real difference is the user interface of the firewall. I personally like the way Sygate Personal Firewall displays the incoming and outgoing connections better than ZoneAlarm. Figure 12-5 shows the nice list interface of all of the connections that have been granted as well as all of the connections that have been blocked.
The Sygate user’s interface is also different and a little easier to use than Zone Alarm’s, yet it offers a lot more power on the main screen. The interface shows detailed graphs and also the icons of the open programs, as shown in Figure 12-6. You can simply right-click the icon and select Block or Allow to set a program to a specific access setting.
FIGURE 12-5: Sygate Personal Firewall with connections log.
FIGURE 12-6: The main Sygate Personal Firewall interface.
The operation of Sygate Personal Firewall is similar to that of ZoneAlarm. When a program attempts to access the Internet, it is caught, and the user is prompted to confirm if he or she wants the program to access the Internet or not. It all comes down to personal preference. If you like the cleaner and more accessible interfaces of Sygate personal firewall visit Sygate’s Web site at
Business Solutions - Symantec Corp. and download a free copy.
Disabling Unneeded Services
Windows XP includes a lot of extra services and features that most users just do not use and have no reason to have running. In Part II of this book, you learned how you can disable unneeded services to increase the performance of your computer. Now, I am going to show you some services that you should disable that will make your computer more secure.
Disabling Remote Desktop connection
The Remote Desktop feature of Windows XP is a great way to be able to access your computer when you are away from the office or home. However, if you have poor computer security, the Remote Desktop also is a great way for anyone to be able to access and control your whole computer. Remote Desktop is a very risky application to leave exposed to the world. Its security relies solely on your account password, which for most users is easy to guess.
If you do not use Remote Desktop, then it would be a good idea to disable the feature. Doing so is a snap. Just follow these steps to turn it off:
1. Right-click the My Computer icon on the desktop or in the Start Menu and select Properties.
2. Click the Remote tab to expose the remote access settings.
3. Next, uncheck the box under Remote Assistance, as shown in Figure 12-7.
FIGURE 12-7: Remote Assistance & Desktop connections disabled.
4. Uncheck the box under Remote Desktop as well.
5. Click OK to save your changes.
When Remote Desktop connections are disabled, you have one less thing to worry about namely, someone having the ability to break into your computer.
Disabling Messenger Service
Microsoft has included a service in the last few versions of Windows that allows system administrators to send pop-up messages to all computers on a local network. This service can be an invaluable resource for administrators who want to get the word out about some upcoming server maintenance. For example, end users would see a message pop up on their screen that notifies them that the workgroup file server will be inaccessible for the next hour while routine maintenance is performed.
This is a great service when it is used correctly. Unfortunately, the Messenger Service has been abused. Just because any user can send messages to the entire workgroup doesn’t mean that she or he should. This capability is sometimes not a good thing. Users that are part of large local area network, such as just about every Internet user, can send out a mass message to all users in the same subnet. As you can imagine, some users that know how to use the service have started to abuse it by sending spam to all the users in their same subnet. Nowadays, you may get spam not only in your inbox but also in a pop-up window that could appear at any time.
The Messenger Service, just like any other service or program that is accessible to the outside world, increases your security risk. Although there is currently not an exploit for the Messenger Service that allows remote users to execute commands on your computer, who knows what the future will hold? To be safe, it is best to just disable this service. You will also be cutting down on a new type of spam.
Disabling the Messenger Service can be done by using the Service Manager. Follow these steps to get started:
1. Click the Start button and select Run.
2. Key in services.msc in the box and click OK.
3. The Services Manager will load. Scroll though the list and right-click Messenger and select Properties.
4. Change the Startup Type to Disabled, as shown in Figure 12-8.
5. Click the Stop button and then click OK to save your changes.
Now the Messenger Service is one less thing to worry about. You can kiss the annoying pop-up text ads goodbye and also reduce your risk for an attack in the future.
FIGURE 12-8: Disabling the Messenger Service.
Disabling Universal Plug and Play
Universal Plug and Play (UPnP) is kind of like an expanded version of the old Plug and Play hardware support. Many years ago, when you would buy a new soundcard, you would have to manually set up all of the configuration data, such as the interrupt and address that it was going to run at. Then Plug and Play technology came around and automated that whole process so that the user did not have to worry about managing interrupt and address numbers any more. Now there is Universal Plug and Play, which expands the easy install concepts of the original Plug and Play to a whole new class of devices. Universal Plug and Play can not only detect local devices such as hardware (the original version), but it can also detect external hardware such as printers across the network or other PCs’ shared drives.
Universal Plug and Play, theoretically, is a great idea. It gives you the ability to easily add and control devices such as a printer across your local network, an MP3 player, a television, lighting devices, and so on. Universal Plug and Play can be thought of as a way to make all of the different electronic devices in your home, or local network, work together. However, there are very few devices, other than remote printers and file shares, which take advantage of the new protocol.
Universal Plug and Play will play a big role in our computing lives in the future, but not yet. Universal Plug and Play also presents a security risk for your computer. It continuously scans your local network, which could be a network that is open to the world, for new devices and negotiates new connections. Just as with the Messenger Service, with Universal Plug and Play the surface exposure of your computer is increased, which increases the risk that your computer could become attacked and infected. Unlike with the Messenger Service, with Universal Plug and Play a flaw has been found in the service and has already been exploited. Microsoft was forced to release a critical security patch to fix Universal Plug and Play so that users’ computers would no longer be vulnerable (this patch can be found on the Windows Update Web site mentioned earlier).
Because there are almost no devices that use Universal Plug and Play currently available on the market, and it also presents a security risk, it is a good idea to just disable the new protocol for now because 99.9 percent of you have absolutely no use for it. Disabling UPnP is not a hard task. Just follow these steps to disable the service with a nifty utility, called UnPlug n’ Pray, by Gibson Research:
1. Visit
GRC | UnPlug n' Pray - Disable the Dangerous UPnP Internet Server and download a copy of UnPlug n’ Pray.
2. Start up the utility and click Disable UPnP, as shown in Figure 12-9.
3. Click the Exit button, and you are done.
Using the utility by Gibson Research is much easier than going back to the Service Manager and disabling the service. Moreover, if you ever find that you need to use Universal Plug and Play, you can just run the utility again and click Enable UPnP and the service will be restored
FIGURE 12-9: Using UnPlug n’ Pray to disable Universal Plug and Play for users who do not need it.
Disabling Remote Registry Access
As already mentioned, the System Registry is one of the most important parts of the operating system. It’s where all of the system settings and configuration data is stored. If you do not know what you are doing and you just start editing entries found in the System Registry, you can render your computer useless. So, protecting your computer’s registry is very important.
Included with Windows XP Professional (not Windows XP Home) is a service that allows users with administrative privileges to connect your computer’s registry and edit it. Having this service enabled and running is just way too big a security risk. The vast majority of computer users have little or no use for this service. Why would you even want to give anyone a chance at trying to break into one of the most critical parts of the operating system? Disabling this service is a snap. Just follow these steps:
1. Click the Start button and select Run.
2. Key in services.msc in the box and click OK to launch the services manager.
3. Scroll through the list and right-click and select Properties on the Remote Registry entry.
4. Set the Startup Type as Disable and click the Stop button.
5. Click OK to close and save your changes.
Now you have knocked off yet another unneeded service from your computer.
Disable DCOM support
The Distributed Component Object Model, or DCOM, is yet another feature that was built into Windows that has caused a great deal of problems. Sure, it provides an acceptable programming interface for programmers who are trying to write network apps, but there are better ways to do that than to use a DCOM.
DCOM has presented quite a few problems in terms of security. Exploits have been discovered for it that have allowed an Internet worm to spread to hundreds of thousands of Windows machines worldwide. Additionally, a very small number of applications actually use DCOM. In all of my computing experience, I have only seen one application that used DCOM, and that was an inventory and store management software suite. Home and professional PC users probably will never even use an application that uses DCOM.
So why is it on your computer? DCOM was one of Microsoft’s attempts to please software developers. However, this attempt has clearly failed, and yet they still include it. The only thing that it has given to operating systems such as Windows XP is headlines in the newspapers about how some worm exploited it and has now infected thousands of PCs.
Disabling the Distributed Component Object Model is a good idea for most computing users. That is, it is for everybody except the rare few who actually have an application that the developers wrote using DCOM. To shut down DCOM and increase the security of your computer, follow these steps:
FIGURE 12-10: Disabling Distributed Component Object Model support with DCOMbobulator.
1. Gibson Research has come up with another cool utility to take care of Windows security shortcomings. This one is called DCOMbobulator and will help you disable DCOM on your computer. Visit
GRC | DCOMbobulator and download a copy.
2. Start up DCOMbobulator and click the tab labeled DCOMbobulator Me!
3. Click the Disable DCOM button, as shown in Figure 12-10.
4. Click the Exit button and you are finished.
If you find that you are forced to use a program that needs DCOM, just run the utility again and click the Enable DCOM button on the DCOMbobulator Me! Tab.
Wireless Networks
Wireless networks are growing in popularity because of the ease of installation and the terrific benefits that they offer. Nothing beats the ability to take your laptop and not have to worry about plugging into the network to do your work. The added freedom of a wireless network is very pleasing. Nevertheless, many people do not realize how insecure most wireless networks actually are. To fully understand this, you must realize how exactly a wireless network works.
Basically, wireless connections are made up of a base station and a client adapter. The wireless base station broadcasts all of the data to the clients in a circle around the base station, as do the client’s adapters. This creates a large area over which information is broadcast. If you care about the security of your computer and personal information such as credit card numbers, you must configure your wireless base station to encrypt the data that it sends. Otherwise, just about anyone can connect to your wireless network and gain access behind your firewall to all of your unprotected computers. Additionally, users can sniff the wireless traffic and see exactly what you are sending back and forth.
It really is amazing how many people leave encryption turned off on their wireless base stations. I was always surprised when I took the train into Chicago and worked on my laptop on board. Every now and then, I would notice my laptop connecting to various wireless access points for a few seconds as the train was moving past them. Securing your wireless base station/access point is very important.
Using WEP for secure communication
Wired Equivalent Privacy, or WEP, is the first security standard for wireless networks. The basic concept for WEP security is to encrypt the data that is sent back and forth between the access point and the client adapter. This is done using various degrees of encryption strength. A special key, known as the encryption key, is used by computers to connect to a WEP-protected wireless network. This allows the client computer’s adapter to be able to decrypt and also send encrypted messages in the same language as the base station.
This standard sounds like a great way to secure a wireless network. However, it presents some flaws. The largest one is that the whole system relies on just one key. If someone’s laptop is stolen that is part of a corporate network, the encryption key must be changed for the base station and for all of the other computers using the wireless connection. This change is necessary because the current encryption key could be easily extracted from the system settings.
Additionally, someone can potentially derive the encryption key by carefully analyzing the data they intercepted. If you have a wireless base station, I highly recommend that you enable WEP to protect your home. Setting up WEP is different on every set of hardware, but the following are the basics:
1. Connect to your base station setting remotely using your Web browser. This address and port number varies, but usually is
http://192.168.1.1 or
http://192.168.2.1. Often, the port number is changed to 8080 so people don’t think you have a Web server running. In that case, try
http://192.168.1.1:8080 or
http://192.168.2.1:8080.
2. Once you connect, you usually are asked for a password. For all Linksys hardware, the Username field is left blank and the password is admin. Other hardware manufacturers use some sort of a variation of the above. It also would be a good idea to change the password to something other than admin when you are working in the administration settings.
3. Locate the WEP settings and specify the encryption strength in bits. Then, come up with an encryption key and type that in. Write down your encryption key and strength for use in step 5.
4. Save your changes. You can now close the Web administration site.
5. The last part of setting up WEP is configuring the client computers that will connect to the base station. Once again, this information varies, depending on your wireless card. Consult the manual for your card to find out how to set up your card to use WEP.
Setting up WEP will greatly increase the security of your wireless network. Even though there are some flaws, it is much better than using no protection at all. It has the same effect as a car alarm. If a burglar has to choose between a car that clearly has an alarm or one that doesn’t, which one will they choose to break into?
Using WPA for a more secure wireless connection
Wi-Fi Protected Access, or WPA, is a new, improved security standard for wireless connections. WPA has addressed the weaknesses of WEP; it was developed to create a viable alternative to WEP that is more secure than that standard. The fundamentals are the same between the standards, but WPA has improved some of the various mechanisms that plagued WEP. For example, encryption keys are now dynamic and change often automatically. Additionally, the complexity of the encryption key has also been increased to help fight off users who try to derive a key from data that they capture. One of the largest improvements in WPA is the addition of authentication to the wireless connection. Now, users have to have the right encryption settings, as well as a valid username and password, to gain access to the network.
This new standard is just starting to gain momentum. Microsoft has released a special patch for Windows XP that adds this new standard to Windows. However, installing the patch will not allow you to use this new standard. Just as with WEP, WPA is programmed into the firmware of the hardware components. In order to use WPA, you must have hardware that specifically supports it. Currently, only a few companies offer base stations and wireless adapters that support this new method of security. However, that will change in time.
The next time you are considering purchasing a wireless base station and adapter, do some research and pick one that supports WPA to ensure that your wireless communications will not be decrypted and your privacy is secure.
Controlling access to your computer
So far, you have spent a lot of time locking down your computer. You have closed down ports and have removed unused services from your computer. The next step to secure your computer is to reinforce the main entry point, the logon. No matter what you do to secure your computer, it all comes down to your security at the user level. If you have no password on your account and have a computer that is not protected by a firewall and other devices, then you are at huge risk of being attacked.
Managing user accounts is very important with Windows XP because the accounts are the keys into the system. This next section will show you some good secure practices, as well as some tips that will help make your box even more secure.
Managing user accounts
Windows XP includes the same old account manager found in Windows 2000. This easy-to-use and straightforward interface can be found in the Local User and Group Management interface. There are various “good” security practices that you can follow to make your computer practically invincible to many attackers.
Assign a password and rename the guest account
Windows XP includes a guest account that is disabled by default. However, at some time, this account may be enabled by an application. If you have Windows XP Professional, I recommend that you disable this account using the old Windows 2000 Local User and Group application. Just in case it becomes enabled again, I recommend that you rename the guest account and also assign it a password. Follow these steps to disable the guest account:
1. Click the Start button and select Run.
2. Key in lusrmgr.msc and click OK.
3. The Local User and Group application will launch. Right-click the Guest username and select Set Password.
4. You will be prompted with a warning screen. Just click Proceed.
5. Type a complex password in both boxes and click OK.
6. The password has now been set. Next, rename the account by right-clicking it and selecting Rename.
7. Type in a new name, such as Disabled, and click Enter to save the changes.
The vulnerable guest account is now less of a problem.
Clearing the last user logged on
If you are using the classic logon screen, every time a user logs into your computer, their username is stored, and that name is displayed the next time the classic logon screen is displayed. This can be a nice feature, but it also can be a feature that causes a security problem. Knowing a user’s username is half the battle of breaking into a computer. If you have sensitive information on your computer, I suggest that you follow these instructions to hide the last user logged on:
1. Start up the Registry Editor again by clicking the Start Menu and selecting Run. Then type regedit in the box and click OK.
2. Navigate through HKEY_LOCAL_MACHINE, SOFTWARE, Microsoft, Windows, CurrentVersion, policies, and system. Locate the dontdisplaylastusername entry.
3. Right-click the entry and select Modify. Then type in a 1 to activate the feature. Click OK, and you are finished.
If you ever want to reverse this hack, just repeat the instructions above and replace the 1 with a 0 for the value of dontdisplaylastusername.
Disable and rename the Administrator account
The Administrator account is the most important account on the computer. Users should not be using the computer under the Administrator account. That just is not a good security practice for anyone that is running Windows XP Professional and has sensitive data on their computer. I like to disable my Administrator account and rename it, so that anyone trying to get in with that account and at that privilege level will not be able to. To disable the account, perform the following steps:
1. Click the Start button and select Run.
2. Key in lusrmgr.msc and click OK.
FIGURE 12-11: Disabling an account with the local user and group administrator.
3. When you have the Local User and Group application on your screen, just right-click the Administrator entry and select Rename. Give your administrator account a new name, such as admin123.
4. Next, disable the account by right-clicking the entry and selecting Properties.
5. Check the Account Is Disabled box, as shown in Figure 12-11.
6. Click OK to save your changes.
Make sure every account on your computer has a complex password
All of the accounts on your computer should have a complex password associated with them if your computer is ever exposed to the Internet. Passwords such as easy-to-remember words and key combinations like “asdf” just do not cut it. A complex password is a password that is at least seven characters long and consists of uppercase and lowercase letters as well as numbers or other symbols. Ftm3D8& is an example of a complex password. Something like that is impossible to guess and will take quite some time for a brute-force technique to crack.
Using complex passwords on all of your accounts might not be easy at first, but after a while they will grow on you and you will have no problem remembering them.
How To Protect Your Computer from Intruders? 
