Helping Keep Both Your Office and Home PCs Secure

Helping Keep Both Your Office and Home PCs Secure

The security of your personal computers and the data that they contain and access has never been more urgent. In the past year, and particularly within the past three months, the number of attacks on your information, whether from viruses or hackers has more than doubled. It is estimated that in excess of ten new viruses are being unleashed each day. Hacking attacks (local, national, and international in scope) are increasing at an unprecedented rate. Of primary concern currently is the recent spate of attacks from the states that comprised the old Soviet Union (Russia, Bulgaria, Romania, etc.) and from the far east, particularly China and Korea.

There are several things that you can do to help insure that the information you access and need remains intact and uncorrupted. This article will list some of the actions that you can take.

The first exposure area that we need to be concerned about are the connections to the University computer systems. Just as each door and window leading into your home must be locked at night to help prevent intrusion, so must each PC be secured. The PCs sitting in our offices are doorways into the entire system, and as such, must be secured to protect the system as a whole. There is policy in place for the general protection of Information Resources. This is included in the Handbook of Operating Procedures, section 10.2.15, and should be reviewed. It should be noted that, nationwide, 80% of security violations originate from within the organization, and not from a hacker intrusion from the outside. Do not share your passwords with anyone, even within the same department. Do not write down your passwords on sticky notes and stick them under your keyboard or elsewhere. Do not log onto the system from any PC and walk away from it leaving it unsecured. Someone could come up and use it, making you responsible for any damage done. On the subject of passwords, it is useful to note that there are programs readily available that can, through repetition, guess any password. Simple passwords (names, abbreviations, common terms, etc.) can be challenged in only a matter of seconds. In a recent test that we conducted, it was found that in excess of one-third of all the logon passwords here were cracked in less than two hours. Never use the userid for a password. It is estimated that all eight-character passwords can be cracked within 10 days or less, in what is called a “brute force attack”.

That being the case, how do we create a password that will last more like 10 days than only for 30 seconds? A “good” password should consist of at least eight characters. Those passwords would have to contain, not only letters (upper and lower case) and numbers, but also two or more “special” characters, such as the @, #, $, %, &, ?, _, !, <, >, and ~. In fact, any keyboard symbol can be used on most systems. Some Internet service providers (ISPs) do not allow special symbols or more than seven characters. If that is the case, intersperse letters (upper and lower case) with numbers, or change your ISP to one who has a greater interest in your security.

Most of the PCs that we use at UTB or at home are using Windows 98 or ME (Millennium Edition). Some are using Windows 2000/NT. Windows 98/ME has natively very little to offer in the way of security. Windows 2000/NT comes equipped with a security toolkit, but that toolkit must be enabled to do any good. One of the security essentials to any of these operating systems is the use of “Windows Update”. (Click on “Start” and look near the top of the expanded menu.) By clicking on “Windows Update”, you are taken to the Microsoft update website, where you are then able to download and install critical updates to your operating system. Most of these updates consist of patches to security problems that have been discovered by Microsoft and others, and will help protect your system.

Although Windows 98/ME has little native security built into the operating system, it is also relatively safe from external hacking, except from Trojan Horse programs and WORMS. These can be looked at like a type of virus, but in fact are quite different. Trojan Horses, like the myth of the big wooden horse, invade your PC disguised as something else (email, picture, sound file, program, etc.). Once executed they install a program that can allow hackers to access your PC remotely while you are online. Once they have access, your computer becomes theirs to command. WORMS work pretty much the same way, but they also spread themselves by sending the virus like program to other computers that you connect to via your network, email, etc. (Remember the “Love Bug”?) Both of these can be recognized and controlled by a good, updated, antivirus program.

To help protect your PC, it is absolutely imperative that you have quality virus checking software installed and updated regularly. Most new PCs come with antivirus software already installed. What you usually don’t get, however, are regular updates. Any antivirus software that has not been updated in the past two months is virtually useless, and worse, gives a false sense of security. There are approximately 10 new viruses released every day. Most are just slightly reworked editions of older viruses and are picked up by most antivirus software packages. About two to three times a month (more often recently), a new virus strain appears that requires updates to the current virus data files. The two best antivirus software packages on the market currently are 1) Norton AntiVirus, and 2) McAfee’s VirusScan. Of these two, I personally prefer Norton AV, as the updates can be done automatically. New updates to Norton AV have been appearing as frequently as two or three times a week for the past few months. I choose Norton over McAfee, as there seems to be fewer problems with installation, updates, and system crashes caused by the software. After installation, be certain to check the antivirus software user preference area to insure that all areas of your PC are covered, including your email. Warning: Do not have more than one brand of antivirus software installed on your machine at the same time. If you are changing from one to another, be certain to uninstall (properly) the old one first. Frequently, having two antivirus programs installed or running at the same time will cause massive conflicts, each thinking that the other is a virus that needs to be attacked.

If you are on-line from home, you should also obtain some “anti-intrusion” or “firewall” software. This is particularly true if you are on-line quite a lot, or have a broadband connection like DSL, cable-modem (when available here), satellite-modem, or ISDN. Anti-intrusion is very different than antivirus software, and works in conjunction with it. Firewall software monitors incoming and outgoing data from your computer, and watches for “unusual” types of activity. Depending on what type of “activity” it detects, the software can send you a warning message, and even in some cases stop the flow into or out of your PC until you determine what is happening. The two best anti-intrusion (firewall) packages available for home use are “BlackIce Defender” from Network ICE Corp. (www.networkice.com) at about $30.00 and available locally, or ZoneAlarm available as a download from www.zonelabs.com, and is FREE to individuals. I have both, and use them on different machines to see which I like best. So far, I would have to say they are both very good, and work well. BlackIce is a bit more automatic and requires less configuring for full protection than does ZoneAlarm. Both of these programs should be checked for updates regularly, but not as often as an antivirus program. Warning: Do not attempt to install and use both at the same time on the same machine. They don’t like that. (See antivirus warning above.) It is OK and recommended to have both antivirus and anti-intrusion running simultaneously.

One final area to be touched on in this security memo is the matter of modems. Most home internet connections are via a dial-up modem. Most of the connections from computers located at this University are via a network card. There are, however, quite a number of computers at the University (particularly laptops) that also have modems installed, even though they are not usually connected to a phone line. Modems that are not connected to a phone line or are only used to dial up an internet connection, do not present any additional risk while connected to the internet or University servers than do network interface cards, except when they are set to also receive faxes. While waiting to receive a fax, modems are an open door into your computer and network. One of the main tools of a hacker is something called a “War Dialer”. It is a software program that dials a series of telephone numbers, waits for a person, fax, or another modem to answer, records the phone numbers that are answered by a fax or modem, and then dials the next number. Later, the hacker retrieves the list to use to gain entry into your system.

If you have any questions concerning this article, please contact Gerald Alexander at: galexander@hp.utbtsc.edu

Return to Corporate Compliance Corner