Secure your office connection

To help you do battle against snoops on your office connection, we'll provide you with some tools that can help keep you protected.
Written by Jimmy Yap, Contributor
As long as you're online, your privacy and security are in peril.
On June 19, IT director Firdhaus Akber checked his DBS account and discovered that someone had illegally accessed his account and transferred S$5,000 out of it. He checked his wife's account and some money had been taken out of her account, too.
It later turned out that his was one of 21 cases where accounts had been illegally accessed that day. Some $62,000 had been transferred to a single DBS account. Later that day, the perpetrator, reportedly a Chinese national, went to a DBS branch, withdrew all the money, and quickly crossed the causeway to Malaysia.
To date, he has yet to be caught.
This is a reminder of the importance of computer security. If DBS is to be believed, its security was not compromised. This suggests that the perpetrator obtained usernames and passwords by secretly installing a program on the victims PCs which recorded usernames and passwords and then sent back that information to him. While it is not known how many of those affected were broadband users, it is worth noting that broadband-enabled PCs are particularly vulnerable to being hacked into.
A common analogy to leaving a computer unprotected while connected to the Internet via broadband is that of your car running with the doors open and keys inside.
Office PCs using broadband, either on ADSL or cable, are a popular target for hackers because they tend to be on for very long periods of time. This means the IP (Internet Protocol) address also remains the same for that entire period, making it easy for hackers to find the user and gain control of his PC.

An ounce of prevention
Ports are your doors to the Internet, but they can also let outsiders in. Find out how to seal them off with some preventive moves.
Pump up your machine
Hang a big Keep Out sign on your PC with these encryption tools that can help you secure your files, close open doors, and cheat would-be hackers.
Biometrics, the future of security
Biometrics doesn't replace security, but it balances the need for desktop security against limited help desk time and resources.
Jimmy Yap is a freelancer with CNETAsia.
An ounce of prevention
When you're online, your PC develops thousands of ports or virtual doors (65,535 of them, to be exact), through which you reach out onto the Net. Unfortunately, not all of the ports are one-way, leaving them vulnerable to all kinds of snoops who can break in through them and use your computer as if it was their own. Hackers, particularly, love to break in, read your email, access your files, even introduce rogue code and possibly viruses into your system. Here's how to lock those ports.
Network firewalls
If you have a network in your home or office, the best thing you can do is to install a network firewall. This is a piece of hardware that sits in between your network and the Internet and monitors all traffic. Expect to pay upwards of S$300 for a relatively good firewall.
For a simple home network, a cheap option is a router with network address translation (NAT). These routers aren't real firewalls but they are adequate for simple SOHO networks. NAT allows your home network to share Internet access. When your home network makes a request, it opens a conduit to the Internet and passes on that request to the destination. When you get a response, it is passed back through the NAT device to the home network.
NAT devices do not forward requests or probes that come from the Internet to your home network thus keeping you safe from people probing your network looking for obvious security flaws.
For more protection, get a firewall which offers "stateful packet inspection". This allows the device to filter out specific kinds of data which form the basis of common types of attack.
Software firewalls
If you have only one PC that is broadband-enabled, a low-cost solution is to use software firewalls. This is software you install on your PC which monitors activity taking place on your PC.
It stops intruders and records attacks, and is cheap, too. In fact, some of these software firewalls are free. ZoneAlarm is a full-featured program that is free, while BlackICE costs just US$39.95 for a 5MB footprint.
Anti-virus protection
If you haven't done so already, you should certainly have anti-virus software running. New viruses seem to pop up on a weekly basis, and virus writers who also try to implant Trojan Horses are coming up with many ways of getting their virus on your system.
Good anti-virus software will scan your PC for known viruses and disinfect them. Also, ensure that you get your virus definitions updated regularly. Given the speed at which new virus appear, you want to get your updates as often as possible.
Get the patch
New security loopholes are being discovered all the time. Mark sure you have the latest patches for your most vulnerable applications, chiefly your email client and your Web browser.
If you are using Windows XP or Windows ME, turn on the Windows automatic updates feature. Whenever you connect to the Internet, it will check to see if there are new security patches available for applications such as Internet Explorer and Windows Media Player. If you use Windows 2000, install Windows Critical Update Notification 3.0 so you will be informed if there are new critical or security updates available.
Don't share
If you have one broadband-enabled PC, turn file and printer sharing off. File sharing is a popular means by which hackers try to get access to your system.
On a Windows 98 PC, go to the Start menu, then to Settings > Control Panel. Choose the Network Icon. In the window that appears, click on the configuration tab, Make sure that the check box "I want to be able to give others access to my files" is blank. Likewise for the option, "I want to be able to allow others to print from my printers".
Click OK. Then click OK again.
•  Preventive measures •  Pump up your software •  Going biometric

Pump up your machine
Apart from securing your PCs and network, you also need to be aware of security when you are going to different Web sites or even when sending email. Encryption ensures that no one can snoop on you as you buy books, transfer funds or buy stocks.
Secure surfing
Whenever you do any transactions online, make sure you are using a browser with the highest possible security option. At e-commerce sites and banks, all transactions take place using an encryption standard called SSL or Secure Socket Layers.
Make sure your browser has implemented 128-bit SSL encryption support, the highest possible. If you are using Netscape, ensure that you are using at least Navigator 4.61 and above. If you are deploying Internet Explorer, use version 5.5 and higher. If you have an older version of Explorer, you can choose to just download the High Encryption Pack.
Encrypted email
If you wish to ensure that your email remains private, encrypt your email.
For secure email, PGP is the way to go. PGP stands for Pretty Good Privacy. PGPfreeware is an application which integrates with Eudora and Outlook and encrypts your email. You get two encryption keys: one that is known publicly; the other is kept private. When someone wants to send you an encrypted email, they encrypt it using your public key and you decrypt it using your private key. Without the private key, all anyone will see is gibberish.
Hide your IP
As you go out onto the Net, make sure you leave as little information about yourself as possible. Details you leave behind could be used for something as mildly annoying as spam email, or information about yourself that could help hackers get into your system.
For the paranoid among you, for US$5 a month, you can hide your IP address when you go online by subscribing to Freedom from Zero Knowledge Systems. This way, when you surf, your true IP address is masked as all your Internet data is routed through the Zero-Knowledge network.
If you are that paranoid, you will also want to ensure that ICQ and MSN Messenger do not reveal your IP address. In ICQ 2000, click on the ICQ button and pick the Security and Privacy option. Choose the General tab. Ensure that the check box for Web Aware is unchecked. Then choose the Direct Connection tab and section the option "Allow direct connection with any user upon your authorization".
In MSN Messenger, go the Preferences and choose the Options dialog. Then de-select the three options that appear under the General header.
Use Hotmail or Yahoo! mail
To avoid getting spammed, sign up for a free email address with Hotmail or Yahoo. If you have to post anything publicly on a newsgroup or forum, use that address instead. Spammers obtain your email address by trawling through the Net looking for text with the "@" sign. Use this account for Web forms and shopping pages.
Keep your main email address private, available only to friends and family. Don't even enter it into your Web browser or Usenet readers preferences. Some sites can pull out your email address straight from the browser without you having to do anything beyond visiting that page.
Be wary of HTML email
Spammers can be very sneaky. Once they have your email address, they can use it to raid your address books so that they can get more email addresses.
They do this by sending you an HTML email message which contains hidden scripts that can grab your address book and send it back to them.
You can prevent this from happening by disabling HTML email messages. All you need to do it to go into your email program's preferences and unselect the option to view mail in the HTML format.
Toss those cookies
Cookies are very small text files that are stored on your hard drive. They are used so that you don't have to remember passwords and so it will remember your preferences. They are also useful as they help Amazon remember what's in your shopping cart.
Cookies aren't malicious in and of themselves. However, cookies leave a trail that allows others to put together a profile of you. If you're big on privacy, you'll want to manage the cookie situation.
Fortunately, your browser makes it easy to disable cookies: Netscape lets you disable all cookies or choose which sites to accept cookies from. Unfortunately, with Internet Explorer, it's all or nothing. To get some flexibility, get CookieWall from AnalogX. CookieWall monitors your system tray and alerts you when it comes across a cookie it hasn't seen before. Then you can choose to keep or delete the cookie.
•  Preventive measures •  Pump up your software •  Going biometric

Biometrics, the future of security
Biometrics, or the use of parts of our body for authentication, is no longer the stuff of science fiction movies. Advanced types of biometrics such as face recognition are still very immature technologies, but devices which recognize fingerprints and our iris patterns are starting to filter down to the consumer level.
The advantage of biometrics is that it is a very secure way of authenticating users. Our fingerprints and the patterns on our irises are unique, which means that someone else can't break into our system by guessing our passwords.
Biometrics also an efficient way of dealing with the problem of forgotten passwords. With biometrics, you'll never have to worry about remembering a 16-digit alphanumeric password which you didn't write down.
Finger identification
This is one of the oldest and best known examples of biometrics in action. Devices which recognize fingerprints are now almost common. They are used to allow physical access or to allow access to the computer itself. At NEC Singapore, which sells biometrics technology, its staff do not carry a card to allow them access to their offices. They simply put their thumb on a small reader and key in their staff number. The system recognizes them in seconds.
Fingerprint identification can also be used to allow people access to their computers. Compaq sells the Biometrics PC card which is inserted into the PC card slot of a laptop. A tiny camera in the PC card captures an image of the user's fingerprint. The card converts the image into a unique "fingerprint map".
To log on, the user removes the PC card, places a registered finger on the scanner located on the PC card itself, and then re-inserts the PC card. The card reader then authenticates the fingerprint map.
Iris recognition
Iris recognition has been given a bad name because it is commonly associated with that science fiction favorite: retinal scanning. However, retinal scanning has fallen out of favor and is no longer used. Iris recognition, which does not involved a laser scanning your retina, is gaining in popularity.
With iris recognition, a video camera takes a picture of your iris and compares it to the registered version. If there is a match, you are authenticated. NEC Singapore also makes iris recognition devices. It announced last year that the Singapore Anti-Tuberculosis Association was planning to turn to iris recognition to register its patients.
Iris recognition solutions are also now being made available to desktop users. Panasonic, for example, now sells the Panasonic Authenticam which recognizes your iris before allowing you to use the PC. The nice thing about this is that it can also double as a Web camera.
More biometrics
Palm and face recognition are new technologies which are just starting to emerge out of the labs. There is no doubt that once the technology is stable, they, too, will make their way to the small businesses and home offices which need better security.
•  Preventive measures •  Pump up your software •  Going biometric

Editorial standards