I know many of you have new computers in your homes, but how many of you realize that this computer is already vulnerable? How can this be? How can a brand new computer be vulnerable? There are many reasons for this:
- Most computers have insecure default configurations.
- Your software is probably already outdated. New vulnerabilities have likely been discovered between the time the computer was built and configured by the manufacturer and the day you power on your new system.
- Numerous viruses and worms are already circulating on the Internet capable of taking advantage of the latest vulnerabilities.
- Hackers know where you are! They regularly scan the common broadband and dial-up IP address ranges.
Before You Connect
Let's talk about what you should do before you connect this new system to the Internet.
You should not connect your computer directly to the Internet. You should, instead, use a network firewall or firewall router. A network firewall or firewall router is a hardware device that users can install between the computers on their Local Area Network (LAN) and their broadband device (cable/DSL modem). By blocking inbound access to the computers on the LAN from the Internet at large (yet still allowing the LAN computers' outbound access), a hardware-based firewall can often provide sufficient protection for a user to complete the downloading and installation of necessary software patches. A hardware-based firewall provides a high degree of protection for new computers being brought online.
If you're running Windows XP (and if this is a new system, you probably are) you enable the Internet Connection Firewall (ICF). Microsoft has provided instructions for enabling the built-in Internet Connection Firewall on Windows XP.
If your operating system does not include a built-in software firewall, you may wish to install a third-party firewall application. Many such applications are available at relatively little (or sometimes no) cost. However, given that the issue we're trying to address is the relatively short lifespan of an unprotected computer on the open Internet, we recommend that any third-party firewall application be installed from media (CD-ROM if possible) before connecting to a network rather than downloaded directly to the unprotected computer. Otherwise, it may be possible for the computer to be exploited before the download and installation of such software is complete. If possible, download the software to a protected computer and burn it to CD. If you do not have this capability yourself, then you need to limit your exposure as much as possible. Connect the system to the Internet, go to one of the following website and download the desired firewall product, then disconnect immediately. My two personal favorites are:ZoneAlarm from ZoneLabs and Personal Firewall from Kerio.
ZoneAlarm is a nice and easy firewall that anyone can use without a technical background. If you're a bit more technical, or would like to learn more about firewalls in general, Kerio's product has a bit more granularity. There is a comprehensive listing of firewall software available here and here.
Disable nonessential services, such as file and print sharing