On the Internet, as in the real world, security concerns are on the rise. Whether it's viruses, hackers, the prospects of cyber-warfare, or just the increasing everyday annoyance of junk email, people are justly concerned about who has access to their computers and how that access is used.
At Southwest Cyberport, New Mexico's premiere ISP, we are committed to keeping the online experiences of our customers safe and rewarding. Our new, customer-definable spam filters intercept thousands of junk mail messages every day. Our virus filters screen out many dangerous viruses — often before any of our customers have a chance to be exposed. We monitor our system for suspicious activity.
But no ISP can do it all alone. As responsible citizens participating in a network, each of us is part of an online community. Whatever our level of expertise, we all share the burden of protecting our own security and privacy. Often the steps we can take are as simple as plain old common sense.
These are serious issues. Attacks have already been leveled against government and business sites, and many of these assaults have started by security breaches on other systems — even home systems like the one you may have — that allowed the hackers to hijack computers to launch further attacks. People have lost files or had private information sent out. Government servers have been overwhelmed. In short, any failure of online security threatens everyone online.
Here are 10 easy ways to increase your control over your own Internet security. Most can be done without costing you anything more than a little time. With your cooperation, we can keep SWCP secure and thus make the Internet a little bit safer for all.
The first obstacle to hackers is a good password. At SWCP, we use a program to keep our users from chosing passwords that are too easily cracked.
Generally speaking, the best passwords are at least 5 characters long and are not the names of people, words found in any dictionary, or simple strings of numbers such as dates. Mixed upper and lower case letters, numbers, and nonalphanumeric characters also help. One good technique is to make an acronym of a memorable phrase — for example, Sie!Cyp. from "Security is everything! Change your password."
Never email or give out your password to anyone. SWCP will only email passwords to addresses on our system and even then, only to the Primary Account owners or their listed Technical Contacts. In any other situation, the password must be released by phone, fax, or postal mail.
If you call us about a technical or billing question, we may ask for your password to verify your identity or to help solve the problem. Any calls or email you receive claiming to be from SWCP requesting your password should be treated as suspect.
If you need to make changes to your account or contact us securely, it's best to use the SWCP Authenticated Message Service at our website. It will automatically verify your username and password and send the message in an encrypted form.
Also, it's a good idea to change all your passwords every 3 to 6 months. You can have our crack Tech Support staff do it, or you can do it yourself online. It only takes about 15-20 minutes to take effect.
Speaking of passwords, you should be aware that some older Internet protocols and programs send passwords for authentication acress the Net as clear text, which could conceivably be intercepted. Southwest Cyberport has therefore switched from telnet to ssh, a more secure command-line interface. You can download PuTTy, a free ssh client for Windows, or Nifty Telnet, which is one for Macs.
The same problem exists for FTP clients, but there are no widely-available secure FTP programs yet.
Your carefully-chosen password may keep crackers guessing, but if you jot it on your monitor's frame or a note stuck to your keyboard, it won't be much of a mystery to your little brother, cleaning person, or co-workers.
Consider the physical circumstances surrounding your computer usage. Are you the only one who uses the machine? If so, but there are other people about, you may want to protect it from unauthorized use with a screensaver protected by a password. If others must also use the computer, you should at least establish a User Profile with password protection for your email client to keep your email separate from theirs. And of course, turn off your mail program whenever you leave your desk. Since your web-browser may be set to retain your username and passwords for secure sites, it should be exited as well.
Turning your computer off completely or disconnecting when you are through using it can block unwanted online visitors, particularly if your machine is on an office network or you have dedicated broadband access. However, don't turn off your DSL router — that may cause us to think that your connection is down. (This will also happen to Qwest DSL customers using an Intel 2200 card who turn off their PCs.) If you plan to be doing that regularly, please let us know, but be advised that under such circumstances we won't be able to monitor your circuit connection as effectively.
In any case, always consult your office's IT guy, network guru, or resident nerd, if you have one, before doing anything that might affect your network connectivity.
While email is one of the greatest conveniences of the Net, it is also the biggest security risk. Email can be used to carry dangerous programs to your computer, sometimes even masquerading as a note from someone you know.
The first rule for avoiding these malicious programs, (aptly called "trojans" as they are as deceptive as the Trojan Horse) is don't open any attachment you weren't expecting.
Even attachments that appear to be safe — files with fake .txt or .jpg endings that appear to be text files or pictures — may hide an executable program or string of Visual Basic commands if Windows has the hide filename extensions preference chosen. This should be disabled. Find it by going to Tools in either the Control Panels or the menu above the My Computer window, and clicking on Folder Options.
To complicate matters, some email clients, particularly Microsoft Outlook and Outlook Express, can open attachments automatically. The risk from this "convenience" is so great, we strongly recommend disabling this feature. (This can be done in either program by clicking View then Layout and removing the checkmark from Show preview pane.)
Also be aware that email's privacy is never assured. Email is much more like a postcard than a letter — it could be read as it passes through many computers on its way. These might be compromised even if the systems on both ends are secure.
If you must send documents or information of a sensitive nature, consider encryption. Strong encryption programs exist and some, such as PGP or GnuPG, can be used free of charge.
Email encryption security is not a trivial undertaking; complex technical and social issues are involved, especially in these times. However, it is the only reliable way to put your email in an "envelope". If you choose not to use it, chances are nobody will be reading it along the way, but there's nothing to really stop them if they choose to.
Finally, avoid trouble by not inviting it. Try not to make online enemies. Always use courtesy, indicate when you're joking, and don't flame — you never really know who might become mortally outraged, particularly in public newsgroups. Silly differences of opinion can easily escalate to serious real-life feuds, and have been known to end nastily in hacking, stalking, and people's accounts being cancelled. So play nice!
This is probably the single most important step you can take. Virus protection will not only scan disks and other removable media, but constantly inspect your incoming email for dangerous hidden content. Commercial software packages are available for purchase from McAfee and Symantec's Norton Antivirus, and some are available for free, such as AVG.
SWCP filters for the best-known viruses, installing new filters as soon as we are notified of a dangerous new outbreak. We'll email alerts to our customers when a major new plague makes it necessary. We have even gone so far as to shut down the mail server to screen the waiting mail spool in cases of serious outbreaks.
Even so, we can't filter out all viruses, since we can only respond to alerts. Therefore it is important for you to install antivirus software on your computer — even if you use a Mac or Linux. Then immediately scan your computer with it for infection just to be sure, use it all the time to check your email, and keep it current. Each new threat is more cleverly wicked than the last, so remember to update your virus definitions frequently. Your program can probably be set to automatically remind you.
Also, don't get suckered by hoaxes. Spreading the alarm about a nasty new virus is like shouting "Fire" in a theater. Don't do it unless you're sure. Consult your antivirus supplier's homepage or forward the warning to help@swcp.com. An extensive list of virus and other email hoaxes can be found at CIAC's hoaxbusters page.
Be aware that sometimes antivirus software can interfere with downloading your email. If you install an antivirus program and immediately begin having problems receiving email, you may want to scan for viruses manually rather automatically.
Finally, there is truly dangerous software that utilize back doors — secret methods built in by programmers to gain access — such as Back Orifice, Netbus and SubSeven. With any one of these, a hacker could secretly gain complete control over your computer to open, read, edit, delete, or save any file, install software, start programs, even activate pop-up windows.
These programs usually get installed as trojan attachments to emails, such as screen savers or jokes. The bad news is that once installed, they are hard to spot, and not easy to remove as they can be attached to legitimate software and also corrupt the Windows Registry.
To see if these back door programs are present, search your system for the following files. From an attachment typically named "boserve.exe", Back Orifice installs files named " .exe" (that's an empty space before the ".") and "anna.exe". Netbus installs "patch.exe" (which can be renamed anything), and "KeyHook.dll", while SubSeven uses "nodll.exe," "server.exe", "kernel16.exe" or "window.exe", and "watching.dll" or "lmdrk_33.dll".
The good news is all major anti-virus software packages should be able to detect these common back door programs.
Antivirus technology is pretty good, though necessarily always one step behind the bad guys. Methods to deal with the scourge of spam, unfortunately, are much less effective — it is far easier to determine what constitutes a malicious program than what distinguishes bulk unsolicited email advertising.
Southwest Cyberport leads the fight against spam. We block over 25,000 messages per day. We subscribe to warning lists of known spammers, and don't allow any messages coming from those domains, but we have to be conservative. In some cases, it can be hard to tell or demonstrate just what "unsolicited email advertising" is. Since we don't want to throw away any "real" email, some spam is bound to get through.
The good news is that Southwest Cyberport now has customer-adjustable spam filters on our mail server. Along with filters in your own email program, these will give much greater control over your email. You configure your very own spam filTerring rules via the web interface. You will be prompted for your username and password, then presented with the interface.
Each section of the interface has a different function, often interacting with the rules defined in other sections. A link to further information is present in each section. We have tried to make the filter as easy to understand as possible, but it is a powerful tool you will want to understand before using.
An example of how you might use the server filter is to block all messages that do not have your email address in the "To:" or "Cc:" fields, like letters addressed to "Occupant" . This is one of the most effective options you can choose.
You can also use your email program's filters to catch phrases like those generic "Click here to unsubscribe" lines in the body of messages, automatically tossing those into the Trash folder. (It's better to do that, in most cases, than to click the link. Some spammers include them in hopes of getting a response which proves the email address it was sent to is good. Thus you could wind up on even more lists.)
We also actively prevent the sending of spam. We refuse accounts to spammers, and will cancel the account of anyone caught spamming. In addition, we have recently begun a program of helping customers who operate their own mail servers protect themselves from being exploited by spammers.
Many customers who have their own mail server have unknowingly configured their server as an open relay. This means the server will allow anyone in the world to connect to it and use it to send mail. Spammers frequently seek out open relays to send their spam for them.
Southwest Cyberport is attempting to test every customer-operated mail server to see if it is an open relay. When we find one, we contact the owner and try to help them fix the problem. We believe we are one of very few ISP's undertaking such a proactive program.
Finally, it is now our policy to test any new customer mail server to see if it is an open relay. If it is, it will not be permitted on our network until it is fixed.
For more information on open relays, and how to fix them, click here.
As zero tolerance is in our best interests to avoid being blacklisted ourselves, we do not sell or give out mailing lists of our customers to anyone. Other people do sell theirs, however, and if you post to newsgroups or your email address appears on a webpage, sooner or later spammers will probably pick it up.
If the spamming is persistent and obnoxious, SWCP will attempt to contact the spammer's host ISP to shut down the offender's account at the source. The bad news is that we cannot guarantee results. Knowing they are universally despised, spammers are sly, changing and faking their addresses often. If you want us to try, forward the message, with full headers and an explanation, to help@swcp.com.
Sometimes it may happen that your inbox is being constantly flooded by spam addressed directly to you. If filters cannot block it all, then the only resort is to change your login name and hence your email address. Let us know if this is what you need to do.
Southwest Cyberport continues to searching for better ways to manage the problem, but meanwhile some spam will still sneak through. If your inbox is being constantly flooded by it, sometimes the only resort is to change your login name and hence your email address. Let us know if this is what you need to do.
Even the simple joys of surfing the Web are not without their hazards any more. Malicious scripts embedded in webpages can infect your computer just like a trojan. And as with email clients, security holes are constantly being found in browsers that need to be patched.
A serious flaw that affects Microsoft Internet Explorer versions 5 through 6, Outlook, Outlook Express, and possibly even Eudora, was found a while back. Officials aren't talking about it much, and no patch is available yet. Until one is, Internet Explorer's option to download files should be disabled. To do so, select Internet Options from the Tools menu. Then select the Security tab and click on Custom Level. Scroll down to the listing for Downloads and click Disable.
Another security hole, also quite serious, has just been found in Microsoft's newly-released XP platform. You can download the patch here.
There is a definite trade-off between safety and convenience in surfing the Web. Scripts like Java, Javascript, and ActiveX, which interact with your browser, could be dangerous; however, they are often necessary for online searching and shopping.
Then there are also those poorly-named little files called "cookies". These aren't treats for you; they're sent out by websites to reside on your computer in order to permit them to track your visits. As interactive files, cookies could represent a potential danger yet they are also required for many interactive webpages to work properly.
The basic principle of surfing more safely is to set your browser's security settings as high as you can stand. It's generally okay to enable Java and Javascript but use caution with unsigned ActiveX scripts.
Having the browser prompt you to decide about cookies and scripts as they appear is a good idea, if it doesn't become too frequent and irritating. Cookies which interact with a server in the same domain as the webpage (if they belong to another, they're usually from an advertiser), or that persist only while you're visiting the site, are most likely completely harmless. Netscape Communicator can be set to automatically allow the former, while Microsoft Internet Explorer can do so for the latter.
Prompts can be a real pain to deal with on the many large sites that carry lots of cookies or are irritatingly insistent about it, but you can always change your browser's settings to "accept all" before going shopping.
Also acting much like cookies are web bugs or "clear GIFs". They are tiny, invisible graphics files often placed by third-party advertisers on others webpages to collect data about visitors. They can collect broad statistics or to build personal profiles of visitors and can share that data with multiple servers. Their use is growing rapidly; a surprising number of well-known sites already carry them.
Bugnosis offers a free plug-in for Windows Internet Explorer that detects web bugs. Certain banner-ad blocking programs such as Guidescope or AdSubtract will block web bugs as well. However, the first is a free service but it monitors surfing, and the latter is not free. Other than blocking, not much can be done about web bugs, except to clean out your caches occasionally.
Another potential menace is spyware. Also called "adware," "advertising trojans," "parasites," or worse, these components take advantage of your Internet connection to send out information about you (which may then be sold), and serves third-party banner ads for your browser. Many come installed in free popular host applications, such as BearShare, AudioGalaxy, or GoZilla, which may not function without them, or they can be inadvertently downloaded.
Spyware is not intended to harm your computer, but it is a serious breach of privacy. It can slow your connections down, cause your computer to connect to remote servers, and leave you personally targeted for tons of spam. There is a free utility, Ad-Aware, commercially upgradable, for detecting and deleting these pests.
In any case, every so often, you should dump the cookie and other temporary Internet caches where your browser stores files — for your personal security, as it could prevent snoopers from knowing which sites you visit — but also to clean out outdated files that take up room and could eventually clog up your browser.
Consider that when your computer is connected to the Internet, it's like a house occupying an address in the midst of a city. It is visible to other addresses and visitors may come calling.
Your "house" has numerous openings; some of which are for invited guests, like the front door. Others, however, are like windows or skylights that need to be watched so that burglars do not use them to break in.
These electronic openings are called ports, of which there are over 65,000. Some are dedicated to certain functions, such as email or the Web. Others are not. Human hackers and Internet beasties prowl freely across the network testing these ports for a response. They are like thieves sneaking about rattling the windows — but these home invaders actually want a response, for that means your computer is listening and willing to talk.
To keep it from talking to strangers, you must use a firewall, a software sentry that monitors and regulates all the activity of your computer's myriad ports. It can protect just a single computer, or hide entire local networks from the Internet. After virus protection, setting up a personal firewall is your most important defense.
Properly configured, the firewall will note and block any unauthorized tries to access your computer from the outside. The more sophisticated ones will combine several techniques and some firewalls can also check any attempts your computer makes to contact anyone else. This option should be utilized if available, as it could be helpful in detecting if infiltration has already occurred.
Not only should it stop probes cold, the logs your firewall generates may let you know if these are random incidents or form a suspicious pattern. The first time you look at them, you may be amazed at the amount of port scans they show, but don't panic. There's a lot of traffic out there that is legitimate and completely harmless, and "false positives" abound.
Watch for consistent patterns: persistent scanning from the same IP address, especially of one port after another, which may indicate a curious hacker sniffing for a hole, or a flood coming from all directions, which could signal a "denial of service" attack.
Every home user should have a firewall. Most potential intruders will not be targeting you personally anyway, just looking for any openings through which they can infiltrate the system. While firewalls are not foolproof, particularly with new, not-fully-tested versions and inexperienced users, they are an essential part of online self-defense.
Commercial versions are available, such as Symantec's Norton Personal Firewall and BlackICE, as well as some freebies with commercial upgrades, like ZoneAlarm.
Home broadband users are especially vulnerable. We recommend using NAT (Network Address Translation) and only allowing in traffic that you expect. Our default configurations are set up this way. We will work with customers to set up services from within their own network in a safe way.
Computers on LANs (Local Area Networks) pose special concerns. There should be packet-filTerring (one part of a firewall) on the router, and NAT should be used to hide the addresses of the computers from the world outside, providing an extra line of defense.
If your computer is on a network at your workplace, it should be safely behind the company's router or server firewall already. Installing your own might well mess up your network connections, so check with your IT technician. If your company does not have one in-house, it should contract the work out with a consultant. Some may be found listed in our E-Promenade Consulting section.
Note that some file-sharing programs, notably Gnutella and Bearshare, are actually designed to bypass firewall protection, and should probably be avoided. Also, both Microsoft and Apple's file and printer sharing features may create similar vulnerabilities. If you don't have to use them, make sure they are turned off.
It's familiar advice but so very true. Much grief can be avoided by frequently saving multiple backup copies of your most important files. A really nasty virus could be even more catastrophic than your hard drive crashing.
So back everything up often, preferably to removable media or another hard drive. Don't rely on the ability of your antivirus software to detect and neutralize all threats. And you may want to create a start-up disk, so that you can still turn on your computer if the worst happens.
Programs to back up your files automatically can make this much less of a chore and some software has automatic backup options as well.
Knowledge is power. Arming yourself with information about security issues is your best defense and fortunately there are plenty of online resources. But remember that security is not a one-time thing. The battle between evil and good — crackers, virus writers, and spammers versus the rest of us — is ongoing and will only get more fierce.
There is more that you can do. You can put patches on your software for known security holes, or in some cases, upgrade to more secure versions. You can use Internet tools like the whois database to investigate where suspicious email or probes may be coming from. You can discover how to read mail headers and source code on webpages, and much, much more.
Here are some sites to get you started:
- Stay Safe Online of the National Cyber Security Alliance is a good place to begin, with its security self-test.
- A good overall primer on Home Network Security from Carnegie-Mellon University's CERT.
- Password Protection 101 – some do's and don'ts.
- McAffee's list of Newly Discovered Viruses.
- Symantec's encyclopedic list of viruses new and old.
- FreebieList – of free antivirus software.
- Trend Micro's Virus Information Center. Their Safe Computing Guide for Windows has screenshots of security configuration procedures and instructions.
- IPkey.com - Albuquerque security firm specializing in remote network monitoring and vulnerability scans
- Microsoft's general guide to online Privacy and Security Fundamentals.
- Open Directory Projects's index of spam Blacklists.
- Junkbusters and Spamcop.net are about fighting spam.
- Counterexploitation gives tips on dealing with spam, spyware and other online security scams and threats.
- The Back Orifice "Backdoor" Program is about detecting and dealing with this stealthy intruder.
- Another list of Virus Hoaxes from Stiller Research
- Vmyths.com – news about virus myths, hoaxes, and urban legends.
- Netscape's Security Center.
- Extensive Windows firewall tests and reviews
- Symantec's Security Check can test your computer's vulnerablities
- A college lecture on port scanning
- Webopedia online dictionary of computer and Internet terms
- Another glossary of Internet terms
In any case, you still need to stay alert. Keep an eye out for suspicious attachments and unusual firewall activity. Pay attention to your computer's performance, for though some viruses instantly screw it up, some degrade software subtly or not at all.
Above all, you need to stay abreast of developments. Measures and counter-measures in this great contest evolve rapidly and the situation can change unpredictably at any time.
Watch our homepage for news. For Southwest Cyberport will be here, vigilantly doing what we can to keep you safe and connected online. Call or email us with your questions and concerns.
Let's be careful out there.
 | 5021 Indian School NE Suite 600, Albuquerque NM 87110 USA helpdesk: help@swcp.com | info: info@swcp.com | webmaster: webmaster@swcp.com phone: USA: (505) 232-7992 | fax: USA: (505) 232-7975 |