The most popular forum in our message boards is Virus, Spyware and Trojan Removal. After we’ve helped someone remove one or more infection from their system, the most popular question is, “How can I keep it from happening again”?

One of our experts has authored a post, Preventing Malware and Safe Computing. It’s a wealth of knowledge, and people are often referred to it.

Today, I came across Diane Wilson’s comment at Ed Bott’s blog. I like it. Concise, no-nonsense advice. I  agree with most everything. It mostly mirrors my philosophy, and current configuration:

1. Stay behind a router. NAS is a great filter for many attacks.
2. Use a firewall. Windows firewall works well enough.
3. Keep your OS up to date, not just in updates, but in versions. I’m already running Win 7 RC as my primary system at home, and I’ll be on Win 7 for good as soon as it goes RTM. Remember (or learn) that security must be pro-active, and that Vista and Win7 took huge steps in this direction. Address space randomization. Array and string range-checking to limit buffer overruns. And more.
4. UAC. Live with it. It’s your friend.
5. 64-bit. Required driver signing is your friend.
6. IE protected mode.
7. Data Execution Protection, turned on for everything. No exceptions.
8. Windows Defender.
9. Oh, one more thing. Anti-virus software.

I think the first suggestion contains a typo. It refers to a NAS, or Network Attached Storage. While they have become inexpensive, and easy to configure. They offer limited security protection. However, they can help protect your data. Most likely she meant NAT, or Network Address Translation. NAT hides your system’s IP address behind another IP (the router’s). Another advantage to a wireless router is that almost all of them now contain a hardware firewall.

Read the rest of this entry »

With wireless internet taking over our lives, internet cables have become a rare sight. Today, what has been a breakthrough, cutting edge discovery just several years ago, is being utilized by most of us every day. It’s called Wireless LAN (otherwise referred to as WiFi, or WLAN) and while it did bring about a revolution in the way we access the internet, it doesn’t come without drawbacks.

Unlike a traditional, wired internet connection, Wireless LAN is transmitted through the air – and thus, anyone with the proper equipment can intercept it. In the best case scenario, someone steals your internet connection. But in the worst case, sensitive data may be intercepted and stolen.

So, just how do you make your wireless internet activity safer? How do you secure your connection? Here’s how.

Secure your wireless connection

If you connect to the internet wirelessly, you have a router. This device allows several wireless connections at a time. There are several methods to secure your home or business connection. They can be used separately or best –  together, for ultimate protection. Note: Refer to your router’s user manual to determine the exact procedures needed to change the various settings mentioned in this article. They may vary from router to router.

MAC filtering

MAC, not to confuse with Apple’s operating system, is an acronym which stands for Media Access Control. A unique MAC address is assigned to network adapters, in our case, in order to identify the computer. Most routers allow filtering MAC addresses, so only specific addresses can connect to the network. This is a rather simple method, which has several drawbacks. First, even a not particularly seasoned hacker can spoof a MAC address and gain access to the router. Second, this system proves to be inefficient over time, as any device or computer you might want to add to the trusted list, needs to be manually entered into the system.

To find out your network adapter’s MAC address in Windows, you first need to open a command prompt – in Windows 98/2000/XP, click Start > Run > type “cmd” (without the quotes) then hit OK. In Windows Vista, click Start > All Programs > Accessories > Command Prompt. In the window that appears, type “ipconfig/all” (without the quotes) and hit Enter. You will see a plethora of information on the screen – we’re looking for Physical Address under Ethernet Adapter.

After you’ve found out the relevant MAC address, open up your router’s interface through a browser (see the manual). You will then need to look for an option called MAC Filtering or similar. There, enable MAC filtering and add the address we’ve just found to the list. Note that you will need to do the same procedure for every additional computer, as well as when changing network adapters.

Secret Access Point name

Every wireless connection – or Access Point -– has a Service Set Identifier (SSID), which translates to the name of the wireless network you’re connecting to. By default, the SSID will automatically show when one searches for a wireless network.  However, most routers allow you to hide the SSID, so it’s only possible to connect to the network by entering the exact SSID. This is where you come in – you can give the connection a particularly nasty or long name, essentially serving as a password. The major disadvantage here, like with MAC filtering, is that any average hacker will be able to sniff out a hidden SSID’s name, and effortlessly connect to your network if it’s not encrypted.

To make a hidden SSID, search for this option in the router’s menu – it can usually be found under Wireless Setup or similar. After this, you will need to enter the exact SSID when connecting to this network.

Encryption

This is by far the most popular and secure method of protecting your wireless connection. Wireless Network encryption means that you have to enter a password to gain access to  a WLAN or the information streamed through the connection.

There are two main encryption protocols in use today. The first is called WEP – which stands for Wired Equivalent Protection. WEP is an aged technology, having been developed in the early days of WLAN. Therefore, although it still remains a very popular encryption method, it is the most insecure – it’s very easy to crack this encryption protocol with no technical knowledge and simply with a few minutes to spare. WEP is offered in several degrees of complexity: 64, 128 and 256 bits, which directly influence the encryption key’s length. The more complex the cipher is, the better.

To answer the disadvantages of WEP, a new protocol – called WPA (WiFi Protected Access) – was developed by the Wi-Fi Alliance. It utilizes a more complex algorithm which is far more secure than WEP. Unfortunately, WPA and WPA2 – the newest iteration of the protocol – are not readily available on all routers on sale today, so if you’re shopping for a router in the lower price range, make sure it supports WPA for ultimate security. The encryption key, in WPA’s case, can be entered as 8-63 characters – but generally speaking, a random, 13 character WPA key is nearly impossible to crack.

Which protocol to use is your decision – however, using WPA is highly recommended, as it provides a much better layer of security than WEP. Whichever you choose, remember to use a random combination of letters and numbers as your password – if your router has a ‘Generate Password’ feature, use it.

To set up encryption, enter your router’s menu and look for Wireless Security. Choose the appropriate protocol and follow the instructions.

Additional tips on wireless security

• When using public wireless networks, like in a café or  restaurant, pay extra attention to online security. Avoid entering your banking information, or credit card number, while connected in public networks, as it’s very easy for hackers to intercept this information and steal it.