Sie sind auf Seite 1von 3

Improve Your Internet Security with These 8 Techniques

Mark Altenbernd
The security and integrity of your information systems has always been important, something that
required special care and attention. But the explosive growth of the Internet has brought with it a
significant increase of threat to your systems. If you dont feel threatened about it, you should.
There really are people who really want to hurt you. Fortunately there are a number of things that
you can do, with relatively little cost and effort, that will greatly improve your security.
The Threat
Because you are connected to the Internet, you and your business face a significant threat to your
security and well being. This threat is posed by people with malicious intent, those who would
break into your computer in one way or another and either steal information for misuse (e.g. credit
card or bank account information), cause damage of some kind (e.g. erasing your hard disk), or
simply use your computer and its resources for their own purposes (possibly to use your identity to
mount an attack on someone elses system so that if someone gets caught, it is you, not them;
possibly just so they can boast about their exploits).
The cost of such an intrusion can be anything from a minor annoyance through a major disruption
to a catastrophe.
The Response
As you might expect, the subject of Internet security is almost as complex as the Internet itself.
There are a number of consulting firms that specialize in Internet security and nothing else. And
there are hundreds of books currently in print that address the subject. Large, high-value Web sites
spend lots of money, sometimes millions of dollars per year, to see that they remain as secure as
possible. But on a much smaller scale, there are a number of things that you can do, on your own
and at modest cost, to improve the security of your Web site and your network and to discourage all
but the most committed vandals. Following is a list of 8 steps you can take to protect yourself.
1. Take Security Seriously
Probably the single most important thing you can do to protect yourself and your network from
malicious intrusion is to be aware that a problem exists and to resolve to resist. Part of that resolve
should be a written security policy. It need not be long or elaborate, but it should contain a list of
security steps to be enforced, a list of periodic security review activities, a list of prohibited
activities, and so on. (Indeed this article can form the foundation of a rudimentary security policy.)
But of course the mere existence of a security policy means little in itself. It is important that the
policy be enforced and that it be reviewed and revised periodically. The Web is a dynamic place,
and it changes rapidly; the threats to the integrity of your Web site and network change in step. Your
written security policy must be a living document, constantly updated in response to evolving
threats. And it must be central to the way you do business.
2. Install Virus Protection
Computer viruses, in all their forms and variations, have been around for a long time. They are
created by the evil geniuses who are among the brightest and most misguided technocrats of our
age. Some viruses are worse than others, but all are bad; my personal view is that there is no such
thing as a benign virus. Hiding in the petticoats of e-mail messages or masquerading as cute images
or helpful programs, they are aimed at disrupting and destroying other peoples computer resources.
Fortunately we have a number of well-guided geniuses who are dedicated to eradicating viruses,
and there are available several anti-virus programs that do an excellent job of identifying and
trapping viruses before they can infect your system. There are several ways to implement virus
protection: you can install an anti-virus program on each of your computers, and you can have you
Internet service provider and Web site host run virus checkers on all of your e-mail. You can do one

or the other; you probably should do both. One caution: virus protection tends to age rapidly and
fall out of date. Be sure to subscribe to the ongoing update service that your anti-virus vendor
offers, and then be sure to perform an update at least once a week.
3. Secure Your Machines
By default, your personal computer has lots of vulnerabilities, points of entry for foreign programs.
These entry ports were intentionally left open so that application programs that you might acquire
would be able to configure themselves and gain legitimate access to your computer. This was
judged to be especially important for casual or unsophisticated computer users who did not have the
expertise to configure their machines for each new application that they wished to install. But there
are lots of evil geniuses about who will find your machine and then poke about until they locate one
of the vulnerable open ports; and then they probably will do some real damage. However there are
quick and efficient ways to audit the vulnerability of your computers and then to button them up to
keep the evil genius out.
4. Consult with Your ISP / Host
Anyone who is in the business of providing Internet service and hosting Web sites and e-mail has
more experience than they like with Internet security problems. They are a good source for
consultation about protecting your site, and they probably have implemented a number of security
solutions (such as e-mail virus protection, see point 2, above) that they will make available to you
for a reasonable price. In addition, they are probably willing to consult to you at a reasonable rate
about how you can secure your Web site and your network.
5. Build A Firewall
"Firewall" is a fairly broad term to cover a variety of ways of monitoring and managing the traffic
that comes in over the Internet to your site. Firewalls are a complex subject, reflecting the inherent
complexity of the Internet, and there are many ways to design, build, and configure them. But as
with the other techniques outlined in this article, it is possible to get much of the benefit of a
firewall at a fairly modest cost and with a reasonable amount of setup required of the nontechnician. Firewalls can be implemented either as hardware devices (and if so, as either standalone boxes or integrated into some other piece of hardware, such as a cable modem or an ISDN
router), or as software running on a computer that mediates the connections between the Internet
and the computer(s) on your internal network. Most firewalls come pre-configured so that they
provide a large measure of protection with virtually no manual configuration required. If you have a
certain level of expertise and are willing to take the time, you can customize the configuration of the
firewall to gain additional protection while maintaining flexibility and ease of use.
6. Delete Unknown E-Mail Attachments
One popular way to invade someones computer is to send an enticing e-mail with an evil
attachment. The e-mail is From: someone you know, because a virus invaded their machine, found
your e-mail address in their address book, and immediately dispatched the e-mail to you. The
subject line and/or the body of the e-mail message might be something encouraging like "I thought
you would enjoy this" or "Heres the information you requested". And the evil attachment might
have an intriguing name, such as "AnnaKournikovaNude.jpg.exe" or some such. The (almost)
natural expectation is that the attachment is a photograph of the young Russian tennis player. So
you double-click to look at the picture, and your system crashes. What happened? Well, the
filename extension was not .JPG, meaning that it was a photographic image file; the extension was
really ".exe", meaning that it was an executable file, that is, a program, which, in your excitement,
you may have overlooked. The operating system said, "Well, its a program, thats what .exe means,
so let it run." And it turned out to be a malicious program that erased your hard disk or did some
other damage. The moral of this story is: look carefully at any e-mail with an attachment, doublecheck the extensions, have virus detection fully implemented and up to date, and be very careful
about any unsolicited e-mail with an attachment, even if its from someone you know and trust. If

you have any questions about an attachments content or integrity, delete it. Contact the nominal
sender to be sure that they did, or did not, send it.
7. Configure Your Browsers Security
There are a number of individual security settings that can be made within the browser on each
machine on your network. If you use Microsoft Internet Explorer, as most people do these days, you
will find the Tools > Internet Options... menu item. On the Security tab, select the Internet icon and
then click the Custom level button. You will find a number of options, most of which have three
choices: Enable (always do it, dont even bother to ask); Prompt (Ask me and wait until I reply, then
either do it or dont do it, as I select); or Disable (never do it, dont even bother to ask). Disabling
everything provides a very high level of security at the expense of making the Internet impossibly
difficult to use; enabling everything exposes you to some real vulnerabilities and at the same time
makes the Internet so easy to use that you could do a lot of damage to yourself very quickly; and
setting Prompt for everything provides a fairly high level of security but requires you to answer Yes
or No many, many times during a session on the Web. As with many things in life, the correct
balance is difficult to determine and probably must be converged on over time. A little bit of trialand-error experimentation is probably the best way to approach browser tuning.
8. Be Ever Vigilant
Unfortunately, ensuring Internet security is a never-ending process. It isnt helpful to set up a policy,
install virus protection, configure a firewall, set browser security levels, and then forget about the
issue. Things change too quickly on the Web, and as soon as protection against one evil is
implemented, one of those little Moriarities will find a new weakness to exploit. Security must be
an ongoing proposition. Its an unfortunate reality of the Internet, a reality whose cost is a modest
reduction of the otherwise significant benefits that we realize form this new technology.
Nevertheless, eternal vigilance is essential. Your best approach probably is to make a brief security
audit a regularly recurring task, assigned to a specific person in your organization. Each week the
assigned person should execute the checklist as outlined in your security policy see point 1 above
- and make a brief but formal written report of the results. (A simple e-mail to the effect that "I have
made the security audit this week, and everything seems to be in order" is probably sufficient.)
In future articles I will look more closely at each of these 8 areas, providing greater depth of
information and insight. Please feel free to contact us with any your reaction to this series, to ask
specific questions, or to make suggestions about additional material you might like to see covered.