Networknewz - Network Tips and Tricks for the Big Three Platforms
networknewz.com


12.04.00
Since last week's issue was dedicated to firewalls, I thought this week would be a good time to talk a little more about your network security and what you can do to keep unwanted hackers out. Today's NetworkNewz, written by Ryan Detert, is going to do just that.

His article A Basic Guide to Home Network Security is mainly written with a home network in mind but I feel that it will be just as pertinent to a small- to medium-sized business.

As always, if you have any articles or stories that you would like to share, send them to me and I will include them in an issue of NetworkNewz.

Patrick Stoddard
NetworkNewz Editor

Special Request:

We are evaluating what percentage of our readers influence business decisions within the companies they work for or own. The results will help us provide more targeted content. Please click below to participate in this survey. The results of this 2-question survey will be published in a future issue of NetworkNewz.

http://www.networknewz.com/survey1.html


Phone line modems are quickly becoming a tool of the past. Now, digital subscriber lines (DSL) and cable modems have brought home high-speed connections that were once only enjoyed at offices and universities. Along with each of these services comes a static IP address that never changes and allows you to host your own web site and administer your own server. The benefits of increased bandwidth are obvious: You can download the latest Internet Explorer Update in minutes instead of hours, and you don't need to purchase a separate phone line.

However, constant connectivity to the information superhighway may come at a higher price than you bargained for. Already we've read reports of home systems being hacked. In this article, we will go over some basic, but effective, concepts that will make your Linux and NT servers at home much more secure.

(And, by the way, since Red Hat is the most popular, we will be sticking to it. So please, no religious e-mails about how much better Slackware is.)


The primary motivation for hacking cable and DSL subscribers is corporate espionage. This may sound like something out of a James Bond movie, but it's real nonetheless. Many people these days are taking their work home on laptop computers, maintaining copies of files both at home and in the office. Though hackers may have a hard time breaking into the cyber-fortress at your law firm, most will have no trouble infiltrating a weakly-guarded home server and gaining access to your files.


As you already know, the first line of defense against unwanted guests is a good password. Without a good password, especially for the super-user, it doesn't matter what other goodies you've used to secure your site. Briefly, a good password should adhere to the following criteria:

  • Do make sure it's at least 6-8 letters in length.
  • Don't use dictionary words spelled forwards or backwards because many hackers use dictionaries when trying to guess your password.
  • Do make sure it contains a mix of upper- and lower-case characters, as well as non-alphabetic characters such as numbers and @, %, &, etc.
  • Many of the latest versions of Linux will tell you if you've chosen a good password or not.
Signup FREE for NetworkNewz Text HTML
Enter your email address below
THINKING ABOUT UPGRADING TO WINDOWS 2000 OR Me? Make sure you BACKUP! Microsoft is not perfect. Great backup software starting at under $60 - including versions for Windows 95/98/Me/NT/2000 ALL ON ONE CD! Backup to CD-R/RW, tape, disk.
 

Click for More info about ads


Oftentimes, computer hackers are not the geniuses we see depicted in movies. There are a couple of common methods that hackers, elite or otherwise, often use to try to break into your system. One of the most common is called a Trojan Horse. This is where a commonly used file (such as ifconfig) is modified without your knowledge and appears to still be the exact same file, meaning that it may have the same date-last-modified and file size. Trojan Horses can be disastrous, and if you find one in your system, chances are a hacker has already been utilizing it. A common Trojan Horse will record all keys that you press and save them to a file. This way a hacker can just open the file and find your logins and passwords. One way you can get a Trojan Horse is by opening a malicious program received via email. A word from the wise: if you value your server, don't open e-mail attachments of strange origin or give any unreliable persons access to any accounts on your server.


OK, enough with the common sense advice, now let's get our hands dirty. One of the best ways to secure your home server is to set up a firewall. Businesses and large-scale corporations depend on firewalls to keep out unwanted guests. Chances are you've had some type of interaction with one at work.

There are no set criteria for how a firewall should be implemented. In businesses where there are large networks of computers, for example, there are often several firewalls many layers thick. However, a single firewall can be set up at home too. Realize, however, that a firewall cannot single-handedly defend your system; it should be used in conjunction with other security tools.

To understand how firewalls work, you must first understand how information is sent over a network. It is divided up into smaller sections, called packets, which are then sent on their way. Here's a good way to visualize packets. When information is sent over a network, the information needs to be put in some sort of virtual envelope. It is addressed and shipped off just as snail mail is. The type of "envelope" will often vary depending on the type of protocol being used: TCP, IPX, etc. However, each packet will contain the IP of origin, the IP of the addressee, and of course, information being sent. Upon arrival, the gateway reads each of these packets and decides what to do with them.

The heart of the firewall, often called the gateway or choke, parses the packets of information it receives and then relays "safe" information that adheres to certain rules to the correct computer within some sort of internal network. Likewise, a gateway also pre- reads outgoing packets. This too has many advantages. For instance, you may want to prohibit employees or children from visiting certain domains that may contain confidential information or unsuitable content.

Though a firewall can be wonderful, it is not invincible. One of its main weaknesses is that the actual task of parsing a packet can become immensely complex as each packet header is potentially different. As a result, some "naughty" packets might be let through the firewall. On the other hand, a complex set of guidelines for the parsing utility could also lead to some human error that would be difficult to troubleshoot.

Get the full story at: this web site

Ryan Detert

Ryan is a Computer Engineering major at the University of California, Davis. He maintains his own Web page, Dignified's Domain, which includes a variety of useful programs and games written in everything from Visual Basic to JavaScript. He is currently trying to find his niche in the world of computers and enjoys toying with Linux and C++. Find more great information at: www.irt.org

iEntry.com | Archives | Sign-Up | Comments | Send this page to a Friend | Advertise


©2000 iEntry Inc. All Rights Reserved