Securing Your Stand Alone Or Network Node Machine
Protection whilst downloading webpages/reading e-mail
Have your virus checking software monitor your access to the Internet whilst you are connected and switch off as many of the programming hosts, (covered below), as you can without disabling the operation of your machine.
Use one of the personal firewall that are now available such as ZoneAlarm, available from www.zonelabs.com. This monitors attempts to connect on to your machine from the Internet and the activity of 'back-doors' like 'Cult of the Dead Cows' BackOrifice program, which you may have unwittingly installed. Programs like BackOrifice can act as a server from your machine and allow anyone to access your data and find any information including things like passwords to other system resources such as servers, bank accounts, etc.
When you are connected to the Internet through your web-browser and wish to transmit information to sites securely always 'Look for the lock'. This refers to the method most web browsers have of displaying the fact that information is being transmitted over a secure socket layer (SSL) connection. This is a secure, encrypted (see below), method of transmitting data between particular computers using individually secured host computers via a particular connection (socket). The lock will be displayed as a small symbol, usually a picture of a small yellow lock at the bottom of the browser window. You will also notice that the site will have a URL of https instead of just http in the URL window.
Most importantly though - DON'T SEND CREDIT CARD OR OTHER SECURE DETAILS OVER THE INTERNET WITHOUT SOME FORM OF SECURITY. Check with the site webmaster if you are unsure as to the security method.
Virus infections and other problems often occur when the default settings in Internet software, such as Outlook Express and Internet Explorer are exploited. See the 'Secure settings for MS Internet software' link on the left to make your machine more secure. Often these security holes are due to the use of the built-in support for programming languages - such as Windows scripting host, Java, JavaScript, ActiveX, etc. These programming languages add extra functionality to email readers and browsers, but it is this that allows them to run dangerous or malicious programs that can attack your computer and data. The simplest method of avoiding these problems whilst browsing the Internet or reading emails is to switch off support for any programming languages that you don't need for the sites you commonly visit or for emails you commonly receive from known individuals.
Be aware that there are differences in the security models of ActiveX programs and Java Applets. They are both programs that can be downloaded from web-pages and run directly on your computer without your intervention. The security models used by these programming languages can be summarized as follows:-
|
Sandbox model (i.e. Java) |
Trust Model (i.e. ActiveX) |
|---|---|
|
The sandbox security model (as the name implies), only gives the program that is run a limited amount of functionality. This means, theoretically, these programs can do little harm provided the language interpreting functions in the browser are correctly written. However, see this. |
The trust security model makes the assumption that programs written by certain organisations can be trusted. It does this by only allowing programs created and digitally signed by organisations to be marked as being safe to download and run. The digital signature is authenticated by a security body. However, see this, you will need a postscript reader to read it - get one here. |
As you can see there are problems with both security models, but on balance I feel that ActiveX is probably the least secure of the two although there are methods available to reduce the vulnerabilities that can be exploited by malicious programs.
Internet Explorer and Outlook Express include the facility to have different levels of security policy for different uses, referred to as zones. I STRONGLY SUGGEST YOU USE THIS FACILITY TO IMPLEMENT A MORE SECURE POLICY FOR READING EMAILS THAN FOR BROWSING THE INTERNET. The reason I say this is that by definition, you have more choice as to which web-sites you visit than you do over who you receive emails from.
To do this, start up Internet Explorer and select 'View - Internet Options - Security' and select the zone you wish to change from the scroll down list like this:-
In the above example I am going to edit the settings for the restricted zone - it being the zone that, by default, assumes it is downloading content that may be unsafe. Select the 'Custom' option and click 'Settings' - select 'High' from the scroll-down list at the bottom of the screen. If you are asked to confirm whether you want to change the security settings for this zone, select 'Yes'. You should also change the settings for Java and Windows scripting host to disable them by selecting the disable radio button and clicking 'OK'. Actually the screen shots may differ from that given - it doesn't matter. The important thing to remember is that you are disabling scripting (i.e. Java) and program (i.e.ActiveX) settings for the restricted zone. We then install the restricted zone as the default zone for our mail client - Outlook Express.
Start-up Outlook Express and select 'Tools - Options - Security'. You will be presented with the screen below, or something very similar that asks the same questions. Select the security zone we just edited (Restricted Zone) and click 'Apply' and then OK. Of course, if the restricted zone is already selected as your email reader security setting the 'Apply' button will be 'greyed' as it is in the picture. As you can probably see, it is also possible to make the modifications to the security zone settings in the email reader itself by clicking the 'Settings' button and making the changes there. It is up to you where you make them.
As stated it is possible to have different settings for the different zones. My own preference is to have a severely limited 'Restricted Zone' for email reading, slightly less restrictive options for the 'Internet Zone' for general web browsing and a considerably relaxed setting for the 'Selected Sites' zone - for those sites I use regularly and which require my browser to run scripts or downloaded programs. To determine exactly what level of functionality these commonly accessed websites needed, I selected the 'prompt' option in the settings and then made the changes to the settings after a few weeks use. You can select the 'Prompt' option on these selections and leave them. For example if you select 'Prompt' on the scripting option and visit a site that assumes your browser or email reader runs JavaScript you will be prompted with a question whilst browsing asking 'Do you want to allow scripts to run?' - Select 'yes' or 'no' depending on how reliable you think the site you are connecting to is.
Protection When Connected To The Internet < Previous - Next > Protection Against Worms In Email
© Copyright Andrew Bennett 2006