Internet Security Choices

This article provides an overview and summary of what you can do to protect your security and privacy when connected to the Internet. The Internet is a hostile network like the wild-west without a sheriff. In the last two years it has gotten worse, not better.

What steps can an end user take for protection? Layers of security are your best bet. Each step can be relatively simple and not too technical but taken together can provide significant security and privacy. There are many more options available now than there were just two years ago.

You do not need to take all of these steps all at once. Most people reading this article already have a computer, software and an Internet service provider. So the initial layers of defense may not apply to you right now. But a over a period of time as you face some of these choices you should keep these other options in mind.

Your Internet service provider (ISP) should be your first line of defense. If you have a choice, choose an ISP that offers antivirus and spam filters for your email. This will reduce, but not eliminate, the amount of spam and the number of infected email that you receive. If you do not have a choice or want to keep your current ISP, consider using an online email service that offers these filters and then forward cleaner email to your ISP based email account.

Another layer of security can be your broadband (cable/dsl) modem. The Aastra PipeRider Enhanced Security Cable Modem – http://www.aastra.com/products/cablemodems/HM204c/index.html – has a built in stateful packet inspection (SPI) firewall; check to see if your ISP offers and/or supports it. The 2Wire Residential Gateway – http://www.2wire.com/home/index.html – is available in several versions which include a SPI firewall, connections for Ethernet, phone line, and USB as well as a wireless access point and/or a DSL modem all in one unit.

You can also use hardware as an Internet connection sentry. Two products that break the connection between your computer and the Internet automatically when you stop surfing are the PathLock e100 NETimer – http://www.pathlock.com/ – and AlphaShield – http://www.alphashield.com/. Your “always on” broadband (cable, DSL) connection is not effected and the connection between your computer and modem is restarted automatically when you resume surfing. The Aastra cable modem (see above) also has a similar feature.

Many security and privacy attacks are aimed at Windows and Microsoft products like Internet Explorer and Outlook Express. Switching to Linux or Macintosh can be a partial solution. An easier one is keeping Windows but switching to another browser like Opera – http://www.opera.com/ – and another email program like Eudora – http://www.eudora.com/. Most people will keep using Windows, Internet Explorer and Outlook Express. If so, be sure to use the security features built into the software and to check for security updates from Microsoft at least once per week. You can set up Windows to automatically check and download critical updates every time that you go online. You should not store passwords or personal information in Explorer or Express. It’s tempting to do but hazardous.

Personal firewalls have two basic functions. They protect your system from unsolicited scans coming from the Internet. Secondly, they usually offer outbound control. An inbound scan may be looking for a Trojan horse on you system. Outbound controls watch for a Trojan horse or spyware trying to call out from your system. There are about thirty personal firewall products available. The top payware products are Sygate Pro – http://soho.sygate.com/products/pspf_ov.htm, ZoneAlarm Pro – http://www.zonelabs.com/store/content/home.jsp, and Norton Personal Firewall – http://www.symantec.com/sabu/nis/npf/. The top freeware programs are Kerio – http://www.kerio.com/us/kpf_home.html, Sygate – http://soho.sygate.com/products/shield_ov.htm and ZoneAlarm – http://www.zonelabs.com/store/content/home.jsp. After installing a firewall, test it with an online security service to make sure that it is working correctly.

Anti-Virus software scans your hard disk to find and remove viruses. To some extent these products can also scan and may be able to remove worms and Trojan horses. The top products are Norton – http://www.symantec.com/nav/nav_9xnt/ – and Panda – http://www.pandasecurity.com. Freeware is also available. To be effective, you should update the virus definitions at least once a week. Since most infections get into your system via email, be sure that the product you pick includes an email scanner and that it is compatible with your email software. Your friends and associates will appreciate it if you use a product that also checks your outgoing email for viruses.

Anti-Trojan software should be used in addition to, but not instead of, antivirus software. Anti-Trojan products can identify and remove more Trojans than antivirus software. Top products are PestPatrol – http://www.pestpatrol.com/ – and Tauscan – http://www.agnitum.com/products/tauscan/.

Anti-Spyware removes commercial Trojan horses often included with or hidden inside of freeware products and services. The top product is Ad-aware. It’s freeware. Their payware product offers additional features.

A variety of Privacy Software is available to clean your browser, stop spam, filter content for kids, catch web bugs, manage cookies, and block banner, pop-up and pop-under ads. Top products include AdSubtract Pro – http://www.adsubtract.com/pro/features.html, Window Washer – http://www.webroot.com/washer.htm – and Pop-Up Stopper Companion – http://www.panicware.com/product_companion.html. For freeware, take a look at WebWasher – http://www.webwasher.com/en/products/wwash/functions.htm.

Internet Security Suites include or integrate several functions such as personal firewall, antivirus, privacy and parental controls, ad blocking, and others. Products are available from Norton – http://www.symantec.com/sabu/nis/nis_pe/, OnTrack – http://www.ontrack.com/systemsuite/, ZeroKnowledge – http://www.freedom.net/, and others. A suite may be easier to install, use and get support for than individual products. It may not include all of the features that you want.

If you are connecting two or more computers to the Internet, you should use a low-cost hardware Router with firewall features. They come in two flavors. Most use network address translation (NAT) which hides your small computer network. From the Internet, a hacker sees your router not your computers. Routers with stateful packet inspection (SPI) check the data going though the router as well providing additional protection. Popular NAT routers are made by Linksys – http://www.linksys.com/, D-Link – http://www.dlink.com/, NetGear – http://www.netgear.com/, and SMC – http://www.smc.com. A low-cost SPI router is available from Hawking – http://www.hawkingtech.com/products/pn9245f.htm. For SOHO (small office, home office) use, look at SPI products from SonicWall – http://www.sonicwall.com – and Watchguard – http://www.watchguard.com/. If you have or want a wireless router, be sure to use the security features; even if you do, they are less secure than wired versions. Other features that you may need such as VPN and content filters are available.

For those who use a Macintosh computer, Linux or have a personal digital assistance (PDA), security software and hardware products are available for and should be used with them too.

Best Internet Security Web Sites For End Users — For more information about these topics, take a look at the Home PC Firewall Guide – http://www.firewallguide.com/, StormRanger – http://www.stormranger.net/, TomCat – http://www.tom-cat.com/security.html, UIUC – http://www.staff.uiuc.edu/~ehowes/main-nf.htm, and Wilders – http://www.wilders.org.

This summary is based on reading of hundreds of Internet security articles and product reviews over the last two years. Many of the conclusions are based on testing and evaluations prepared by other people. Before selecting products for yourself, you should read reviews too.

– Henry Markus –
Home PC Firewall Guide
http://www.firewallguide.com
Seattle, WA, USA

Leave a Comment:

Breanne Patch says

This protocol is designed to protect communication in a secure manner using TCP/IP. It is a set of security extensions developed by IETF, and it provides security and authentication at the IP layer by using cryptography. To protect the content, the data is transformed using encryption techniques. There are two main types of transformation that form the basis of IPsec: the Authentication Header (AH) and Encapsulating Security Payload (ESP). These two protocols provide data integrity, data origin authentication, and anti-replay service. These protocols can be used alone or in combination to provide the desired set of security services for the Internet Protocol (IP) layer.,.-;

Reply
Add Your Reply