Comments on: Comments on 1394

Post number 1394

milhous — Wed, 19 Apr 2000 23:31:44 -0800

Do security apps like this one actually work? Anyone here with a DSL or ISDN, or other "always on" connections, have any tips on security at home?

By: bvanveen

bvanveen — Thu, 20 Apr 2000 00:11:10 -0800

I have dsl at home and have had a pretty good experience with Norton Internet Security 2000. Basically it sits in your tray and monitors incoming and outgoing transactions based on the level of protection, 3 of them, that you select. I have had to disable it a couple times for specific reasons, but overall I am very satisfied with it. It also has a built in banner ad blocker if you choose to activate it. They have a 30 day trial version and you can also download the fully functional version after purchase. Good luck and feel free to email me with any specific questions.

By: Yeet

Yeet — Thu, 20 Apr 2000 00:50:02 -0800

I have a cable modem at home and I am using ZoneAlarm for a while. I am very satisfied with the software. It is easy to configure and use. And the most important of all, it is free. BTW you can check the security of your computer's connection by going to grc.com and clicking on the ShieldsUP icon.

By: Bryan

Bryan — Thu, 20 Apr 2000 02:26:04 -0800

I notice these are PC apps...what options exist for the Mac platform, or are any needed? My apologies for my total ignorance on the subject.

By: Dean_Paxton

Dean_Paxton — Thu, 20 Apr 2000 04:37:58 -0800

Black Ice Defender is an excellent program for your home/PC needs. I can say that I do like this one, I've tested and evaluated many, many of these programs and this is tops. It gives a lot of false positives, but it's really kind of fun to watch... For Mac users, I'll check with some of my Mac friends, I know a couple of security consultants that have Mac experience.

By: Succa

Succa — Thu, 20 Apr 2000 07:26:38 -0800

Best solution: get a firewall/proxy server. You'll need nothing more than a cheap 486 or Pentium, Linux, and some free software. You'll never have to worry again.

By: Steven Den Beste

Steven Den Beste — Thu, 20 Apr 2000 07:32:17 -0800

I have a cable modem and I completely agree with the recommendation about Norton Internet Security 2000. I used it when it was "AtGuard", before Symantec purchased it, and I upgraded recently. One of the morel surprising things is just how often people try to taste my system looking for various trojans. I would say that I typically get a crack attempt about five times per week, and about a month ago I got hit seven times in one day -- by seven different people. NIS2K is superb. You definitely don't need a second computer to act as a firewall.

By: jbeaumont

jbeaumont — Thu, 20 Apr 2000 08:05:44 -0800

A lot of times these programs open up ports on your machine in order to scan them. These ports normally would be shut off, but these programs open them up...

By: jbeaumont

jbeaumont — Thu, 20 Apr 2000 08:06:18 -0800

Oh one more thing - the best thing you can do for your home security on your machine is (if you're running windows) to turn off file and print sharing.

By: Dean_Paxton

Dean_Paxton — Thu, 20 Apr 2000 08:26:51 -0800

jbeaumont is right, it depends on which M$ product you are running, but these ports are closed by default with a few exceptions. I personally don't use anything commercial, I use a freeware port scanner that keeps an eye on the ports I tell it to, but preforms no actions. If I saw someone tapping on those ports, and my hard drive was spinnig wildly, I'd probably just yank the PC off the network! Sure is hard to hack then... To find out which ports to be wary of, check out Infosyssec, Security Focus, or Infowar.com. Finally, the Sans Institute has a wonderful resource on intrusion detection.

By: baylink

baylink — Thu, 20 Apr 2000 08:51:08 -0800

I'm surprised no one's mentioned Gibson Research's scanner page. Go to Shields Up, and it will scan your machine for the most common vulnerabilities. Note: if, as Succa suggests, you run a small, cheap Linux box (a 386/40 will do wuite handily) as a masquerade router, not only will the outside world be almost completely unable to hurt you (assuming you lock the router down correctly), but you'll be able to run multiple client behind your cable modem without the carrier noticing. One other scanner I've recently run across is The Whitehats Distributed Denial of Service scanner. I must admit to being unfamiliar with them; Jerry Pournelle mentioned them in his mail column. (I'd observe that Jerry Pournelle is an ex-Byte columnist and science fiction writer, for those who didn't know that, but I'm sure some snide bastard^W^Wkind soul would say "no shit"... so I won't. :-)

By: milhous

milhous — Thu, 20 Apr 2000 10:39:29 -0800

When i started this post, i forgot to ask -- benefits or downsides to using NT with all of this crazyness.

By: Steven Den Beste

Steven Den Beste — Thu, 20 Apr 2000 11:11:24 -0800

If anyone is interested in finding out just how secure their particular system is, there are couple of sites which will make a benign attempt on your system (at your request and with your permission) to see just how much you are revealing. No matter what, they cause no harm. The testing process is completely safe. This is the better one but you go into a queue and it may take a couple of hours for them to get to you. They send you email when they're done. You have to leave your computer online until they get to you. This one is less comprehensive but it runs interactively and reports to you as it finishes individual steps of the process. Click the "Shields Up!" link. My Win 98 system running "Norton Internet Security 2000" passed both tests with flying colors; I got top marks.

By: cCranium

cCranium — Thu, 20 Apr 2000 14:46:52 -0800

Re: Succa's post Proxy/Firewall solutions are definetely the best, but rather than a Linux distro, consider OpenBSD (www.openbsd.org). It's quite probably the least hackable system out there, and unlike most Linux distros, it comes with everything locked down, so if you've never used a Unix-like OS, you're secure-by-defualt. If you want to open a specific port, you have to do it manually. re: NT I don't know how well NT works with the various security utils out there, but if NT or Win2000 are an option for you, set your filesystem to NTFS, dedicate a specific directory that can be open to the world, and modify the permissions for the rest of your computer. It'll be difficult enough for crackers to get in that you'll avoid most of the script-kiddie cracking software out there, and it takes very little time to do. Anyone wanting to get into your box is going to have to do some research, and if they're willing to research, they'll already know about any bugs and exploitations in any software out there. No matter what security solution you use, make sure you've got a good virus scanner, one that checks all data coming in (Norton VirusShield readily comes to mind) and keep it updated.

By: dhartung

dhartung — Thu, 20 Apr 2000 18:46:21 -0800

I believe they're essential. Either run something like BlackICE, Norton, or the free ZoneAlarm (new version 2.1 out, now it makes a text log), or have a firewall in your router/bridge/gateway depending on how your broadband access is configured (sometimes you don't have any choice). I'm using ZoneAlarm at home, and the only problem is too many false positives. I hope 2.1 is a tad better behaved. At a customer, I have a Netopia router (DSL modem) with firewall capabilities, and I've got it locked down pretty good. You can also buy boxes that will do this (say, if you want to share that DSL connection).

By: plinth

plinth — Fri, 21 Apr 2000 05:51:02 -0800

If you have DSL or Cable in an always on configuration, you mighr consider Linksys' Router. It's about $160(US) has 4 ports and is configurable through a web browser. It's about as cheap, much smaller, and much easier to maintain than a dedicated 486 box to do the same thing.

By: baylink

baylink — Fri, 21 Apr 2000 07:43:31 -0800

Um, duh. Oops; someone *had* mentioned Shields UP before I did. I guess I'm blind this week. Thanks for not jumping my crap, folks.

By: Dean_Paxton

Dean_Paxton — Fri, 21 Apr 2000 11:31:58 -0800

GNIT is what I use for Windows NT, they just released the new version a week or so ago. It's free, it's all set for the "danger" ports, and it's cool. That's my advise for ANY WinNT/2000 box.