|
From
TNPC issue #3.09...
Digital Subscriber Line: Protect Yourself
by Lee Hudspeth
April 27, 2000
No matter what kind of Internet connection you have (dial-up or
high speed), you need to make sure your PC is inaccessible to
prying Internet eyes (or even folks on your local network). You
can do this by tweaking some network protocol settings, and we
also strongly recommend you take the extra step of installing a
personal firewall. We explain how in this article.
Get started by testing for and, if necessary, closing any access
the outside world has to your PC's shared devices (hard disks and
printers), also called "shares." Visit Steve Gibson's Shields UP!
Web page, and click the "Test My Shields!" button. When that test
is finished, click the "Probe My Ports!" button. You may be
shocked to see how wide open your PC's kimono is.
http://www.TheNakedPC.com/t/309/tr.cgi?secure1
If the tests find any open security holes, the accompanying
commentary on Steve's page recommends what to do. We strongly
encourage you to read Steve's quintessential guide to proper
network component configuration. There's also a page for Windows
NT users. Steve's thorough, friendly advice on proper network
component settings can't be beat:
Network Bondage:
http://www.TheNakedPC.com/t/309/tr.cgi?secure2
Network Discipline for Windows 9x:
http://www.TheNakedPC.com/t/309/tr.cgi?secure3
Your next step is to download and install a firewall. We
recommend Zone Labs' ZoneAlarm. (I'd like to personally thank our
compadre Mike Craven for his enthusiasm about ZoneAlarm and his
assistance in testing its features.) It's free for personal or
non-profit use; if you're a business user we urge you to pay the
reasonable $19.95 to register. You can download it at:
http://www.TheNakedPC.com/t/309/tr.cgi?secure4
Upon installation, ZoneAlarm immediately goes to work protecting
your system. It blocks all attempts by outside forces to access
your PC. It blocks all attempts by programs running on your own
PC to communicate--without your knowledge--over the Internet or
your local network.
When it detects suspicious traffic, ZoneAlarm pops up a message
box that reveals the originating application's filename, what
resource it's trying to access, and gives you some options. Click
the Yes button to accept this stream of traffic. Click No to stop
it. ZoneAlarm will handle the event for this particular program
every time it occurs subsequently if you check the "Remember the
answer each time I use this program" check box. This check box is
not turned on by default, otherwise you might unintentionally
turn off notification of other suspicious traffic from this same
program.
During a regular day you probably use all the programs that need
Internet access, so by the end of the first day of your use
ZoneAlarm will be configured for ongoing use. (Or like us you can
prod every conceivable program on your PC into action in the span
of a few minutes.) We predict you'll be surprised at how many of
your tools access the Internet! Any other applications you use
less often can be granted or denied access on a case-by-case
basis.
ZoneAlarm versions prior to 2.1.7 did not support alert logging;
version 2.1.7 and beyond does. As of this writing ZA is up to
2.1.10. ZoneAlarm doesn't turn on intruder logging by default,
but you should: click the Alerts button then check the "Log
alerts to a text file" check box.
When you first configure ZoneAlarm, don't ask it to remember the
settings for a specific program. Instead, let it alert you to
every infraction so you can observe all of your programs'
patterns. After a few days you'll have enough information to
judge whether it's okay to permanently set an application to
connect to the Internet without alerting you every time.
To open up the hood and configure ZoneAlarm directly, double-
click its icon in the system tray. We leave it to you to explore
the myriad settings. "Programs" is the most important feature to
be aware of, since this is where you can review and change the
settings you implement in response to ZoneAlarm's alert messages.
All other settings are appropriate for use without modification,
although of course we encourage you to use your own discretion.
We unhesitatingly recommend ZoneAlarm as a personal firewall, but
there are competitors in the field. If you're curious, check
these out.
BlackICE Defender:
http://www.TheNakedPC.com/t/309/tr.cgi?secure5
Norton Internet Security 2000:
http://www.TheNakedPC.com/t/309/tr.cgi?secure6
(We mentioned ZoneAlarm and Shields UP! in TNPC #3.03 as part of
our regular Featured Product column. Note that a prior TNPC-
recommended product, AtGuard, was purchased by Symantec and is
now bundled with the Norton Internet Security 2000 product. --
Ed)
http://www.thenakedpc.com/backissues/v3i03.html
You can reach Lee Hudspeth at:
mailto:leehudspeth@TheNakedPC.com
Copyright © 2000, PRIME Consulting Group, Inc. and Dan Butler.
All Rights Reserved.
The Naked PC is a trademark of PRIME Consulting Group, Inc.
ISSN: 1522-4422
You may reprint an article from TNPC as long as you show the
entire article and include the authors byline, excerpt and
subscription information as shown:
Digital Subscriber Line: Protect Yourself
by Lee Hudspeth
(This article originally appeared in The Naked PC
newsletter #3.09, subscribe at http://www.TheNakedPC.com)
|
Return to Top