Security Maintenance Measures
We have discussed numerous methods of protecting personal information, your computer systems, and your networks. As we have said, security is just a point in time. Just because you are secure today does not mean you are secure tomorrow. Stopping the attacker from ever gaining access to your system is the best method of securing your systems. It's difficult to clean up a system after it's been compromised.
To keep your systems up-to-date with the latest security patches, fixes, virus scanner signatures, and any other security measures you might have in place, you must follow constant security procedures. Like any company that takes security seriously, you have to be serious in your endeavors to keep vigilant about weaknesses in your environment. If you only check your security periodically or implement patches infrequently, you are asking to be compromised.
Risk is a determining factor in how much security you feel you need to have implemented. If you have just one computer system in place that you only use for Web surfing, you might not need to have a lot of security measures in place. If that computer was hacked and files destroyed, it really wouldn't affect you very much. You could just reinstall the operating system and be back up and running in no time. What if the computer was running your routing for the entire home network or you had important files and personal information on it, such as Quicken or TurboTax information? If your system were compromised in that case, you would have lost your connectivity for the entire home network or all your personal tax information. You might be willing to invest more security measures, time, and effort in securing this second system.
System Updates
The best thing you can possibly do is to keep up-to-date with patches for operating systems and applications from the vendors. This is a simple fix to most security problems you will find. Whenever security vulnerability is made known, the vendor usually makes a patch available through its Web site.
For Windows-based operating systems, Microsoft has update functionality available through its Web site to install patches and provide you with information on any new patches that are made available. One good Web site that aggregates the Microsoft patches is Stroud's CWSApps (http://cws.internet.com/mspacks.html). The Microsoft updates are also found at the following addresses:
Windows 95— http://www.microsoft.com/windows95/
Windows 98— http://www.microsoft.com/windows98
Windows ME— http://www.microsoft.com/windowsme/
Windows NT and 2000— http://windowsupdate.microsoft.com/
The Unix vendors have even gotten into the practice of making security patches easy to find on their Web site and have automated parts of the update process. One vendor, RedHat (www.redhat.com), has made its updates simple to access by bundling them on its Web site in the same fashion as Microsoft. For each version, all the security updates are easy to find and download. These security updates can be found at
RedHat Linux— http://www.redhat.com/apps/support/errata/
Virus Protection
Computer security can easily be compromised via a virus. A worm, virus, or Trojan can have a backdoor installed on your computer, which can then open a hole in your system to let an attacker in or even send out your critical files to an attacker. Virus software is probably the best at updating for new virus signatures. You should definitely run a virus scanner. Many of them have the capability to automatically update themselves periodically without any intervention from the user. They can also performing virus scanning in the background automatically.
One example of an auto update feature is shown in Figure 16.9. In McAfee Virus Scanner 6.0, a popular scanner, you can manually download virus updates or have the system look for updates automatically.
Figure 16.9. Automatic virus scanner update with McAfee.
Web Browsers
Web browsers are another form of constant attack. Because Web browsers are your gateway to the Internet and they are becoming more sophisticated every day, hackers are targeting them from both the application level and the programming level. The weaknesses in the browser applications can be used to exploit your computer. The programming languages such as Java and ActiveX can also be used to get you to execute malicious code that can compromise your computer. Web developers write code that your Web browser executes. Both Internet Explorer and Netscape have security measures that can be implemented from their Web sites:
Internet Explorer— http://www.microsoft.com/windows/ie/downloads/critical/default.asp
Netscape— http://home.netscape.com/computing/download/index.html
As we discussed earlier, the major browsers now have many built-in security features. These range from erasing cookies to removing stored Web site passwords. In Internet Explorer, you can change these options by selecting Tools, Internet Options. In Figure 16.10, we have selected the Security tab and then Custom Settings to disable such browser functions as unsafe ActiveX and prompting for allowing ActiveX plug-ins.
Figure 16.10. Internet Explorer security settings.
In Netscape, we can change the security options by selecting Edit, Preferences or Tasks, Privacy and Security. Through these options, you can change things such as cookie management (as shown in Figure 16.11), stored passwords, and SSL authentication.
Figure 16.11. Netscape security management.
A new browser that is taking away some market share from Internet Explorer and Netscape is Opera (www.opera.com). Features such as improved speed, cross-platform capabilities, and security are making Opera quite popular. The browser supports SSL versions 2 and 3 and TLS 1 and has built-in support for full 128-bit encryption. Opera has several security and privacy options that you can change by selecting File, Preferences, as shown in Figure 16.12.
Figure 16.12. Opera security configuration.
We covered e-mail extensively earlier in this book. E-mail, with its incorporation into just about everything we do these days, can be extremely dangerous. Viruses and worms can travel via e-mail attachments. Even the e-mail applications can cause a threat to your privacy. Data can be captured via e-mail, someone can forge e-mail in your name, and your e-mail can be intercepted on its way to its destination.
The best security you can implement is using encrypted e-mail. We discussed PGP and security options extensively. Keeping your virus scanner up-to-date and integrated with your e-mail system can stop e-mail–borne viruses.
E-mail bombing/spamming can be combined with e-mail “spoofing,” which can mislead you or someone else into thinking that the e-mail was sent from you. An attacker can cause damage to your reputation if someone thinks you are e-mail bombing him or sending him spam e-mail. Spam is inevitable; yet, if people with whom you communicate know you use secure e-mail and your e-mail can be verified using your PGP public key, they will know that spoofed e-mail is not from you.
If you are the target of spam e-mail, you can configure your e-mail software to deny e-mail from the spam address. You can usually contact the spammer and request that you be removed from the spam list, but that's usually a futile effort. You can also track down the ISP of the spammer and send a message to their abuse-prevention e-mail address, letting them know someone on their network is a spammer.
Denial-of-Service Attacks
A denial-of-service attack prevents access to your system by flooding the network with traffic so you can't connect, disrupting connections between machines, targeting a particular service to deny access, or denying access to a specific account. If an attacker got on your system, he could stop services, destroy files and programs, or use up all disk space to deny service. When an attacker consumes all resources, uses up network bandwidth, or destroys the system, you lose the functionality of your system. A positive step for DoS attacks has been the sentencing of the attacker going by the name Mafiaboy in a Canadian court. This 17-year old launched DoS attacks against a number of sites in February 2000, and the U.S. FBI and Canadian authorities successfully prosecuted him in the fourth quarter of 2001.
For problems associated with applications and the operating system, patches are sometimes available to help prevent DoS attacks. In most bandwidth cases, you don't have much control over the attacks. Your ISP can put filtering rules in place on its router to deny some forms of attacks.
Penetration Testing
The value of testing your own security cannot be underestimated. As you continue to use the network, add services, add computers, or make modifications to the system, you increase potential to allow a new vulnerability into the network. Identifying the vulnerabilities in your network is not just a one-time event. You must continuously test your security stance. New vulnerabilities are always being made known, so you must know if you are vulnerable before the hackers do.
Your penetration tests should look at both your network vulnerabilities and the vulnerabilities in the operating system or applications from an internal perspective. If an attacker were to gain some form of user access to your system, you wouldn't want him using problems in the operating system or applications to escalate his privileges to administrator level before you could catch him in the act.