Software // Enterprise Applications
Commentary
1/7/2004
11:40 AM
Fred Langa
Fred Langa
Commentary
Connect Directly
RSS
E-Mail
50%
50%

The Explorer: Four Myths of Online Security

Make sure your PC is really secure from 'Net-based hacker attacks -- without spending a dime.

A One-Minute Primer In Networking Basics
If geekspeak makes your eyes glaze over, you may wish to skip to the next section. But reading this will only take a minute, and will help you understand the "why" of the information in the next section:

In simplified form, you can envision that your working connections have three levels or "layers." The deepest layer is the one that physically connects you to a network you're trying to reach -- and it involves hardware. For dial-up, it's the "Dial-Up Adapter" that lets your PC's networking plumbing talk to your modem. On a LAN, it's the "Network Adapter" software that lets your PC talk to your network card. DSL, cable, and similar systems also usually use a network card. A PC can have one or more hardware adapters simultaneously running, side by side: For example, I have a PC connected to a cable modem; it's also on my office LAN, and is connected to a dial-up modem. That system has two network adapters and a dial-up adapter in its networking setup.

The middle networking layer is made up of the communication protocols or "languages" that your system uses to talk to other networks. The Internet's lingua franca is "TCP/IP." Other commonly used protocols are NetBEUI and IPX/SPX. These protocols also can operate side-by-side: Any protocol can simultaneously be tied (or "bound") to one or more hardware adapters; likewise a hardware adapter may simultaneously be bound to multiple protocols.

The topmost layer is the networking services -- the logons, the "print and file sharing," the "client" software that sits on top of the rest of the plumbing and lets you do the things you want to do on the network. Unfortunately, they're a two-way street, so they may also let hackers do what they want to do!

So, the trick to making your PC secure is to ensure that any dangerous settings or services (such as "print and file sharing") are never needlessly connected to a protocol or adapter that's accessible from the Internet at large, where hackers might exploit them. In other words, by carefully selecting what gets "bound" to what, you can ensure that inherently unsafe services and protocols are simply not accessible to or from your Internet connection.

How to Make Windows Safer on the Internet
The information I'll present here isn't dangerous, but it's always a good idea to make a backup of critical data on your system before you start making any system changes; and to write down what your settings were so you can restore things if you need to. If you're on a LAN or if you have special networking needs (such as the need to connect remotely to a corporate LAN or VPN from a home office) talk to your network administrator before implementing any changes.

Let's start by examining your networking setup: Right-click Network Neighborhood and select Properties. (Or click the Network icon in Control Panel, which is the same thing.)

What we'll now do is remove the parts of your networking setup that make it easy for someone to connect to your PC via the Internet's protocol: TCP/IP:

If you don't have a dial-up connection, skip to the next paragraph. Otherwise, double click Dial-Up Adapter, then Bindings. UNcheck anything in the bindings box except TCP/IP; then click OK. Next, in the main network dialog, double-click the item labeled "TCP/IP -> Dial-Up Adapter." (You may have to scroll down in the window to see it. Also, if a Dial Up Adapter is the only adapter in your system, it may simply say "TCP/IP.") You may get a warning from Windows about the danger of changing these settings; ignore the warning -- the real danger is in not changing these settings. After you dismiss the warning dialog box, click on the Bindings tab. In the Bindings box, if "Client for Microsoft networks" and/or "File and printer sharing for Microsoft networks" are present and checked, UNcheck them, and click OK. If they were the only things TCP/IP was bound to, you'll get a warning that states: "TCP/IP is no longer bound to any drivers" and asks whether you want to select one. Answer "No." You do not want clients or sharing services bound to TCP/IP.

If you have a network card or cards in your system, for each card click on the TCP/IP label. For example, in my system, which uses an inexpensive Realtek brand network interface card (NIC), I'd click on "TCP/IP -> Realtek RT8029(as) PCI Ethernet NIC." Click the bindings tab, and be sure that "Client for Microsoft networks" and "File and printer sharing for Microsoft networks" are UNchecked.

Previous
2 of 3
Next
Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps – and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July10, 2014
When selecting servers to support analytics, consider data center capacity, storage, and computational intensity.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join InformationWeek’s Lorna Garey and Mike Healey, president of Yeoman Technology Group, an engineering and research firm focused on maximizing technology investments, to discuss the right way to go digital.
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.