t3technet.com Logo
Search This Site

Security


Security is somewhat of a misnomer. There is no absolute security. There are degrees of security, the increase of which can lessen risk. All implementations of computer, network, or system security are based on compromise. The question is where to draw the line of compromise or how much time and money should be expended on security to reduce the level of risk? The greatest risk in security is the human factor, in one form or another. Most often this is with regards to usability, as the increase of security increases the complexity and generally reduces the ease of use. This brings up another aspect of the human factor, which hinges on the knowledge of the user - the less knowledge the user has of security issues, the greater the risk to the user's computer or system.


Are critical security related patches from Microsoft up to date on PCs?

As of 2004, an unpatched PC is reported to last an average of 20 minutes on the internet before it's compromised. A Windows XP SP1 machine was compromised in less than 4 minutes in this experiment - [links to a PDF file]. A more recent report, in March 2006 and more focused on server Operating Systems, revealed that "Windows XP Professional, unpatched, lasted one hour and 12 seconds." While an unpatched Linux machine could be connected for months before being exploited, as reported on TechWeb and based on a report from The Honeynet Project.

Windows being the kludge that it is, there's plenty of security holes in it, moreso when IIS or other internet services are installed. Windows is notoriously insecure. Frequently a typical install of Windows runs several services which are unnecessary for the average user and leave the PC more vulnerable. Although more rare in a standard home user PC, there may on occasion be a system vulnerability discovered which could present a serious security issue on your particular machine or network.

It's not that a Windows machine can't be relatively secure, it's just that it requires an awful lot of work and constant maintenance to achieve.

One alternate solution to this problem is to use Linux and enjoy a secure, stable Operating System with a windows interface (now used on MACs) that's been available on UNIX systems since before MS put the Windows interface on top of DOS. A potential downside for the gamers is that many good games are only available for MS Windows. However, with WINE you can still run many of the same programs. Also available is Cedega from Transgaming, which allows many more Windows games to run natively in Linux.
For practically every application in Windows there is a suitable alternative which can also lower TCO, see my article on the Cost Benefits of Open Source Software.
Of course, Linux may not be the best solution in certain cases and there are still many situations where Windows must be used.

Is spyware/adware regularly scanned for and removed?

With Internet access the possibility of adware/spyware being present on PCs is quite good. Certain such software has been known to cause serious network access problems from an infected PC. Additionally, certain information may be gathered from an infected PC that you probably don't want outside of your own network.

Anti-virus software installed? Are virus definitions up-to-date?

Any Windows PC with Internet access should have AntiVirus software installed, and should have virus definitions regularly updated. As of 2006, there is an estimated 114,000 known viruses that affect Windows. Note that McAfee or Norton software requires a paid subscription for virus updates. Additionally, some versions of their software require manual scanning and/or updating. In particular, the so-called 'Web' versions. I recommend AVG for many users as they still provide a basic free version of their software which includes free definition updates. They also have a full range of Internet security products, including Linux/BSD versions. Visit Grisoft for details. For additional suggestions on Anti-Virus and other security related software see the Anti-Virus page.

Top 10 Ways to Protect Your Linux Home System

How secure is your Internet connection?

The typical Network Address Translation (NAT) routed network is relatively secure as it translates the IP addresses of the PCs on your network to a 'real' IP address out on the Internet. Although a knowledgeable and determined cracker can break through a simple NAT router into the network behind it. Also relying soley on NAT can allow internal PC's to leak sensitive data out to the internet, particularly if infected with a Trojan Horse program. Somewhat more secure is most 'firewall routers' in their default configuration. However, to get the most of such devices they need to be configured properly. The most secure firewall configurations include, among other things, outgoing rules to prevent all traffic going out to the Internet, except that which is necessary for your particular network.

Wifi network security

Is your wireless network secured? Or can anyone within range connect to your network? If you are using a wireless LAN, it should be setup securely as to allow only properly configured PCs or devices to attach to it, by using pre-shared key (PSK) encyrption and/or MAC Address restriction. The primary encryption or security algorithms for wireless are WEP and WPA. WPA is generally recommended since WEP can be cracked. These are just basic minimum recommendations since WPA-PSK can also be cracked, it just takes a little more time, and it is possible to spoof MAC addresses.

Many wireless router/access point units' default configuration will allow any compatible devices within range to connect and utilize the network. Meaning that someone could pull up in the parking lot of the building with a properly equipped laptop and access your network, use your Internet connection, connect to any network on the other side of any VPN connections you may have, etc. For most networks this is not desirable operation. Of course, if you're the benevolent sort and don't mind letting others use your connection to the internet, carry on. Rest assured there's probably at least one person thankful that your wireless access point was open to facilitate their internet access.


Additional Information

Hacker Mentality
Why SSNs Make Bad Keys in Databases
eWeek Internet Security Articles Of particular interest Windows XP Exploit Shuts Off Windows Firewall Proof-of-concept exploits have been released for a denial-of-service vulnerability in fully patched versions of Windows XP SP2.
Top 100 Network Security Tools - based on a survey of the nmap hackers mailing list users conducted by Insecure.org.




SysAdminDay
"...Tom did a superb job answering the numerous questions I had regarding the window's environment... He was proficient in his instruction and was always willing to assist with any question that I had..."
- Mary Mills
See this full testimonial, as well as more from other clients