Security is a very real concern for any computer connected to a network or the Internet. There are three main categories of security threats:
- A deliberate, targetted attack through your network connection
Ironically, this is the type of attack most people fear, but realistically, it is the least likely to occur, at least where home and small office networks are concerned. It's possible for a so-called hacker to obtain access to your computer, either through your Internet connection or from another computer on your local network; just not terribly likely that such a hacker will bother.
- An automated invasion by a virus, robot, or Trojan horse
A virus is a computer program that is designed to duplicate itself with the purpose of infecting as many computers as possible. If your networked computer is infected by a virus, it might use your network connection to infect other computers; likewise, if another computer on your network is infected, your computer is vulnerable to infection. The same goes for Internet connections, although the method of transport is typically an infected email attachment.
There also exist so-called robots, programs that are designed to scan large groups of IP addresses, looking for vulnerabilities. The motive for such a program can be anything from exploitation of credit card numbers or other sensitive information to the hijacking of computers for the purpose of distributing spam, viruses, or extreme right-wing propoganda.
Finally, a Trojan horse is a program that works somewhat like a virus, except that its specific purpose is to create vulnerabilities in your computer that can subsequently be exploited by a hacker or robot. For example, a program might open a port on your computer and then communicate with a remote system to announce its presence.
- A deliberate attack by a person sitting at your computer
A person who sits down at your computer can easily gain access to sensitive information, including your documents, email, and even various passwords stored by your web browser. An intruder can be anyone, from the person who steals your computer to a co-worker casually walking by your unattended desk. Naturally, it's up to you to determine the actual likelihood of such a threat, and to take the appropriate measures, such as requiring that a password be typed to get out of the screensaver.
Windows XP includes several features that will enable you to implement a reasonable level of security without purchasing additional software or hardware. Unfortunately, Windows is not configured for optimal security by default. The following steps will help you close some of these back doors:
By default, the file sharing service is enabled for Internet connections, but in most cases, there's no reason for this. Open the Network Connections window, right-click the icon corresponding to your Internet connection, and select Properties. In the General tab, clear the checkbox next to the "File and Printer Sharing for Microsoft Networks" option. If you have more than one Internet connection icon, repeat this for each of the others, but leave it enabled for the connection to your workgroup (if applicable).
One of the main reasons to set up a workgroup is to share files and printers with other computers. But it's wise to share only those folders that need to be shared, and disable sharing for all others. A feature called Simple File Sharing, which could allow anyone, anywhere, to access your personal files without your knowledge, is turned on by default in Windows XP. Go to Control Panel → Folder Options → View tab, and turn off the "Use simple file sharing" option.
Another feature, called Universal Plug & Play (UPnP), can open additional vulnerabilities on your system. UPnP is a collection of standards that allow such devices to announce their presence to UPnP servers on your network, similarly to how your PnP sound card announces its presence to Windows when you boot your system.
Windows XP supports UPnP out of the box, but UPnP is a service that most users don't need. Unless you specifically need to connect to a UPnP device on your network, you should disable UPnP on your system immediately or risk exposing your system to several security threats.
To disable UPnP, open the Services window (services.msc). Find the SSDP Discovery Service in the list and double-click it. Click Stop to stop the service and change the Startup type to Disabled to prevent it from loading the next time Windows starts. Click OK and then do the same for the Universal Plug and Play Device Host.
The Remote Desktop feature is enabled by default in Windows XP. Unless you specifically need this feature, it should be disabled. Go to Control Panel→ System→ Remote tab, and turn off both of the options in this window.
Make sure each and every user account on your system has a unique password. Even though you may not be concerned about security between users, unprotected accounts can be exploited by an attack over a network.
Use the Internet Connection Firewall (ICF) feature, or, better yet, obtain a router with a built-in firewall, to further protect your computer by strictly controlling network traffic into and out of your computer.
Open the Network Connections window, right-click the connection icon corresponding to your Internet connection, and select Properties. In most cases, it will be the Ethernet adapter connected to your Internet connection device. (If you're using a DSL or cable connection that requires a login with a username or password, the icon to use is the Broadband connection icon corresponding to your PPPoE connection.) Choose the Advanced tab, and turn on the "Protect my computer and network by limiting or preventing access to this computer from the Internet" option.
TIP
If you find that some things stop working after enabling the firewall, return to the Advanced tab of the Properties dialog, and click Settings. Each checked entry represents a port through which communication is allowed. Click Add to add a new rule, and specify 127.0.0.1 for the Name or IP address. See the next section for details on which port number correspond to which services; for example, specify port 123 to get the Internet Time feature to work while the ICF is enabled.
The messenger service (different than Windows Messenger) allows users to send text messages to others on their local network. Unfortunately, this feature is sometimes exploited by spammers who use a command like
net send*HelloWorld, which results in a pop-up window to appear on the Desktops of all computers in the subnet. To disable this, open the Services window (services.msc), and double-click the Messenger entry in the list. Click Stop to close the service, and then select Disabled from the Startup type list to prevent it from loading automatically the next time Windows starts.Finally, look for vulnerabilities in your system by scanning for open ports, as described in the next section.
