The Internet is increasingly becoming a staple in the home, with more folks wanting to stay online all the time instead of dialing in each time they want to visit a Website or check e-mail. These persistent connections-whether by cable modem, DSL or “all-you-can-eat” dial-up accounts-are a great way to stay wired. The problem is they almost always present the same target: an Internet Protocol (IP) Address that tells snoops, crackers and other data thieves “I’m here!”
Online, you’re represented by your log-in name plus a numeric IP address used to identify a machine (or virtual one). The longer you’re online, the easier it is for crackers to locate you and scan your system for vulnerabilities. Once they find an opening, they can chew and spit out your data or use your computer to mount attacks on other machines without your knowledge.
“When you’re connected for five or 10 minutes or an hour with a dial-up, the next time you connect you have a different IP address, [which in turn protects your computer from intruders],” says Peter Tippett, co-chairman and chief technologist for ICSA.net (www.icsa.net), a security assurance firm in Reston, Virginia. “A home user with a persistent connection gets a scan within five days of connecting to the Internet,” he adds. On bigger sites, there’s a lot more scanning going on. “We’re ground zero; we get tested every five minutes.”
Home users can have the same vulnerabilities as big corporations with their own T3 line, but without the information technology department in the basement plugging their security holes. “You’ll need to start worrying about those kinds of things yourself,” says William J. Orvis, security specialist with the U.S. Department of Energy’s Computer Incident Advisory Capability team (www. ciac.org).
But don’t push the “self-destruct” button just yet. Orvis and Tippett share expert tips on ways to reduce your risk without cutting the cord and heading off to a shack in the woods:
1. Turn off the computer when you aren’t using it. This will reduce your exposure.
2. Turn off unneeded services that give other people access. “If you don’t need to be a File Transfer
Protocol (FTP) server, turn that service off,” says Orvis. (You can still reach other machines via FTP if you’re not serving files that way.)
3. Ditto for Web servers (not your browser). “That’s not usually a problem with a Windows or Mac box,” says Orvis, who points out that the newer versions of Windows do have Personal Web Server, and NT has Internet Information Server (IIS). Special care should be taken with IIS because it is designed to service the “world” whereas the Personal Web Server only services you.
Windows File and Printer Sharing service can be a huge security hole. If you don’t have more than one computer connected together in a home network, you probably don’t need to have this service turned on. Go to your Control Panel and choose Network/Configuration/File and Print Sharing to check your status box. If you do have a LAN, use the password option in