Modems were a black art to setup and use. Communications software utilities did not follow a common method of set-up. We had to know about Serial (COM) Ports, Interrupt Requests (IRQ) settings, Plain Old Telephone Service (POTS), and internal vice external modems. How many of us remember that there were two IRQs to service the three COM ports in our personal computers (PC).

It was during this period that the Internet came in use by large numbers of computer users. My Comm Corner articles were among the first to cover the functioning of the Internet. I wrote about the three major functions of the Internet, namely, e-mail, file transfer, and remote log-in. Low and behold, today those are still the three uses of the Internet, even though most of us do not recognize them as such. Articles covered file transfer using File Transfer Protocol (FTP), remote log-in using TELNET, and e-mail using various e-mail utilities. There were articles about the use of the internet to retrieve data using GOPHER and ARCHIE, the forerunners of the World Wide Web (WWW).

All this is to say that I have been writing about computer communication for a long time. I will continue to lead the PwrSIG as I have done in the past. This SIG is an outgrowth of the old BBS Advanced Communications SIG. The core members in this SIG have been with it since the BBS days. We will continue to touch on the ragged edge of technology, both in hardware and software.

Security in Layers
Now for a little update on where this security series is and has been. As you remember, we have been looking at the security settings in Windows XP. We have been drilling down into the OS settings to make sure that all the necessary security is set in the OS. These OS settings are in addition to the normal anti-virus and firewall that should be in place on the computer. Again, as I have in the other five parts, I need to make my recommendation about keeping the Microsoft security settings on so that you will be notified about new security patches as they become available. Download them and get them installed. One of the trends that have been taking place is that an attack may trigger a new security patch from Microsoft, who get right on it and send out a patch. The attacks then increase drastically, after the patch has been issued. Part of the problem is that more hackers find the problem area and try to exploit it or they try variations to see if the patch itself has problems. Also, most of the hackers are not very smart and are lazy. They really do not know about the problem until the patch is issued. It is not just the OS that may be vulnerable, but the applications, especially the Microsoft applications, are also targets for hackers. Outlook, Outlook Express, and other Microsoft based communication utilities are especially easy pray for attackers as so many of us use them. Now we will again turn to the protection strategy that is becoming required for today's computer uses.

Layer security requires that we develop strategy ideas for the protection that we require just like the large business users. The attacks have become very sophisticated as the hackers have discovered that most of us have upgraded or otherwise obtained powerful machines. Again, let me make it clear, powerful computers coupled with open broadband Internet connections are tempting targets for unauthorized users to attempt to create bad things for you and others. We all need to be aware of the need for layered security. Thus, we need to develop a personal strategy on how to achieve that goal.

As has been noted by others, hackers are not just targeting your computer, but are targeting you as well as your identification, credit card, and other personal information become more digitized in your use of the computer for your banking, shopping, and other transactions.

Security protection starts by organizing multiple security barriers. Perimeter defense comes in the form of firewalls, either software or hardware. Protection inside the computer comes in the form of anti-virus applications. The gaps between this protection comes in the form of anti-spyware. Because the attacks are coming as Ablended@ attacks, i.e., a worm code within an e-mail that opens the computer to outside use via the Internet, it has become necessary to use a battery of protection utilities. Or, a hidden unauthorized set of code is embedded via spyware, causing a need to cover a new area. These malicious code attacks are even being given a new definition term to describe them. This term is malware and describes all malicious code.

Firewalls form the first line of defense. As I have noted before, the Microsoft TechNet representatives recommend that a firewall be part of every computer installation. Firewalls protect by blocking or opening the ports that are inherent in the computer OS communication stack. This is especially true for Small Office, Home Office (SOHO) users, as well as business users who have broadband connections to their networks installed. Broadband connections are always open to the world. There needs to be a shield between the computers and that outside connection. As has been noted before, broadband routers normally come with some built-in firewall protection in the form of Network Address Translation (NAT) and Dynamic Host Control Protocol (DHCP). The detailed functions of these two IP protocols have been covered by me previously in my February 2001 Comm Corner column. Broadband routers are off-the-shelf items now. Hardware firewall appliances also contain these protocols as part of their protection and can be substituted for broadband routers.

Software firewalls also provide this perimeter protection. The router or firewall appliance covers the outside attacks. Software firewalls cover the computer from attacks that enter via the open ports in the perimeter security. Some blended attacks in the form of worms, Trojan horses, and spyware can enter the computer via the ports that are open for e-mail and browser functions. Permissions-based software firewalls provides a means of alerting and giving you, the user, the ability to block unauthorized malware attacks. There are several vendors offering various capabilities to block these attacks from happening within the computer. They include Microsoft Windows XP, SP2 Internet Firewall, Network Associates McAfee Internet Security Suite 6, Panda Platinum Internet Security, Sygate Personal Firewall Pro 5.5, Symantec Norton Internet Security 2004, trend Micro PC-cillin Internet Security 2004, and Zone Labs ZoneAlarm Pro 4.5. ZoneAlarm Pro 4.5 is by far the best software utility being offered.

Hardware firewall appliances such as the Symantec Model 100 (APCO network) and Model 360 (my network) provide excellent protection for SOHO networks. My Model 360R, for example, has two Wide Area Network (WAN) ports, four 10/100 Ethernet ports, and a secure 802.11b/g wireless port. There are other hardware firewall appliances by WatchGuard and SonicWall as well as other vendors. Hardware firewalls normally come out of the box with everything shut down. All ports are closed and require you to set them up as to what you want to go in and out.

 Anti-virus programs have been computer add-ons for some time. We all know the drill about keeping their virus signatures up to date and to keep them on-line. Anti-virus programs are the internal computer protection shields. These programs protect against the ports that must be open for e-mail, file downloads, and browser activities. The firewall can not guard against the ports that are open for such uses. So, the anti-virus program is used. There are several vendors, over 31, who make anti-virus programs. Notable among these vendors are Eset NOD32 2, Grisoft AVG Anti-Virus Pro, Network Associates McAfee Internet Security Suite 6, Panda Platinum Internet Security, Symantec Norton Internet Security 2004, Kaspersky Anti-Virus, and Trend Micro PC-cillin Internet Security 2004.

Commercial users may also want to use Symantec AntiVirus Small Business Edition 8.1 for network overall anti-virus security in networks. This program uses its ability to run from a server and control all the client computers anti-virus functions from one location. I use it in my network.

Anti-virus programs called by some as anti-virus scanners rely on being able to exactly match the virus signature code with the virus that intrudes into the computer. New threats are a problem even though some of the anti-virus programs might catch new viruses by using heuristics. Heuristics refers to the ability of existing signature code to recognize telltale characteristics of the new malware. This might be useful in identifying a new variant of a virus. Most anti-virus programs are only good at detecting new members of know malware virus families. They do not catch true new viruses.

Firewalls and anti-virus programs cover part of the computer landscape. They do not do a good job on several types of marketing-driven utilities that fall under the general heading of spyware. Spyware is a virus. Spyware falls between the hacker attacks on the computer perimeter and internally on the computer communication and is for the most part not protected against by these tools. Spyware comes in as part of the browser searches we do. It=s purpose is to identify and obtain information about our personal computer and life. Spyware loads without our permission and runs invasive processes that are not authorized. Spyware can be a marketing information gathering tool or it can be a browser highjacker that changes Registry entries without permission that redirects your browser to undesirable web locations. Real spyware is capable of monitoring what you do online and then deliver targeted advertising. It can be part of shareware or freeware programs. The anti-spyware vendors are beginning to make programs that can counter these attacks. Others are recommending that at least two anti-spyware programs be combined to thoroughly be protected. Vendors include Aluria Spyware Eliminator, InterMute SpySubtact Pro Version 2, Network Associates McAfee AntiSpyware, Network Associates McAfee Internet Security Suite 6, Panda Platinum Internet Security, Symantec Norton Internet Security 2004, Trend Micro PC-cillin Internet Security 2004, Lavasoft Ad-aware 6 Plus, and Spybot Search & Destroy. One test recommended the last two.

One Strategy Idea
Now we need to develop the in-depth strategy that will help to protect again these unauthorized attacks. It should include for starters all the settings that have been covered in the previous five articles about the Windows XP OS. This includes making sure that the anti-spam functions of Outlook and Outlook Express are turned on. It should include making sure that the ISP anti-attack functions have been initialized if they are offered. It should include a broadband router or hardware firewall appliance that has NAT and DHCP turned on. And/or, it should include a software firewall that helps protect the internal computer against the ports that must be open in the perimeter defense. It should contain a good anti-virus program to protect against attacks that come from e-mail. It should contain a good anti-spyware program to protect against browser attacks. There you have it, my proposed strategy for protection.