I have a new addiction, Pandora. Pandora calls itself the “music genome 
project.” You create “stations” based on artists or songs that you like and it tries to predict what other songs you might like. The amazing thing is - it is VERY good. Unlike Amazon, it does not predict your likes or dislikes based upon what other users have bought, but actually looks at the make up of the music and finds other mucic in that “genome.” Thus, whenever I pull up my Radiohead station it plays other music with “subtle use of vocal harmony, mixed acoustic and electric instrumentation, a vocal-centric aesthetic, and a clear focus on recording studio procuction.” Oh how well it knows me.
Archive for the 'Internet' Category
One of the greatest assets of our new house is my office. Not since high school have I had 200 square feet that was solely mine. My office is on the end of the house and backs up to several homes on a busy street behind us. From my office I can “see” six wireless networks including my own. All of these wireless networks belong to my neighbors.
A few of them have innocuous SSID’s such as “Linksys” but many of them identify the house from which they originate, usually with a last name. Of those six networks that are available only two of those have any type of encryption on them and one of those is my own. I have offered my neighbors my tech services to help them lock those up but to date have not been taken up on my offer. I have heard a few of them say that they like the idea of being altruistic and sharing their bandwidth, however I wish I could thoroughly explain to them the danger of leaving your wireless network unencrypted.
It is truly dangerous not to secure your wireless hub. I have vowed not to allow this blog to become too technical but there are a few things that I need to discuss to explain this. Wireless hubs work like a network hub and not a switch, meaning that all of the traffic from your computer is broadcast to every other computer on that network. This is normally not a problem on wired hub driven networks in that you can usually trust everyone on your network. However, on a wireless network, without encryption, you are trusting anyone who decides to logon to your network. Techniques such as ARP spoofing allow hackers to easily play the man in the middle between you and anyone you are contacting on the Internet. This would allow anyone to read any of your email and watch your traffic.
So how does one protect themselves from such attacks? It is really simple but sounds complicated. Depending on your wireless router all of the setups will be different but will all have some or all of the following wireless security options.
- WEP
- WPA Personal
- WPA2 Personal
- WPA Enterprise
- WPA2 Enterprise
Do not use WEP encryption. It uses a very secure form of encryption called RC4, however it was implemented poorly and is easily hacked. There are no less than 1000 pages on the Internet explaining how to hack WEP encryption. It can be done in less than 30 minutes if you know what you are doing. WPA encryption on the other hand is virtually uncrackable depending on the length and randomness of your password. I do not see much benefit between WPA and WPA2 and most newer wireless routers will do both at the same time upon detecting what kind of wireless card is trying to logon. If your wireless router does not offer both simultaneously I suggest using just WPA as you never know if the wireless card trying to logon will support WPA2.
The difference between personal and enterprise has to do with the method used for authentication. WPA Enterprise can authenticate against databases as the personal version simply uses a key (password). For home use I truly believe that WPA Personal is more than adequate and is much easier to setup. All that is required is a key that is shared between the wireless router and the client which is your computer with a wireless card.
I mentioned a moment ago length and randomness. It is very important that your key or password for WPA encryption be long and random. Using your pet’s name fluffy will not do the trick, as anyone with a password dictionary will come up with that one pretty quick. I recommend using a very long and random key. I use a key generator to come up with my keys. It is a hassle when someone comes over to use my network but worth the trouble for the security. When someone comes over I do one of two things. I either temporarily turn off the network security while they are here, or I copy and paste the password key from a USB flash drive.
So this is the quick and dirty on setting up a safe wireless network. It really is not that big a deal, just important to follow a few basics. Maybe I will get my neighbors to add a little security to their networks sometime soon.
I have for many years hosted pcnelson.com on WebHostingBuzz. There is a considerable barrier to changing ones host for their website. It takes no small amount of time to move files over and get your email working on a new host. There is also the added chance of missing important emails as DNS changes propogate over the Internet. But my inertia was overcome a few weeks ago by some fairly major problems that I had with WebHostingBuzz. The problems had always been there, but I was able to overlook most of them until my email bounced for two days with not much response from their tech support. I have since been in contact with their COO, Matt Russell who made me fell much better about the situation, but by that time the change was already made.
I spent an evening searching the Internet for a new hosting company which is an overwhelming task. So after just a few minutes I decided to ask who my friends were using. A quick, “they are awesome” from Robb and I was half way sold. I was pushed over the edge when I noticed that my GTD mentor, Merlin Mann was a user of A2 Hosting.
I did a quick signup and began to upload information. On a whim I decided to ask A2 if they would be willing to let me relay email from my spam firewall at the office. After thoroughly expaining what I wanted to do they actually made it happen. The opened a port to my Barracuda spam firewall, made the DNS changes and wow - now I am filtering all my email through this box.
I really could not believe that they were willing to make this happen for me since it required a specific server setting to allow the relay. Thanks A2 and I will send all that I can your way.
In one of my previous postings I mentioned the importance of having a physical firewall between your computer(s) and the modem provided by your cable or phone provider. In addition to this front-line protection, I also believe that it is important to have a software firewall on your system. I have made this recommendation to several people in the past and they have asked why they need two. The answer is fairly simple, if one is good, then two is even better.
The hardware router or firewall that sits at your modem is good but a software firewall can be more specific and targeted in what it blocks and looks for. Many of them are also updated by the manufacturer with patches that protect against the latest threats. But, the greatest asset to having a software firewall on your personal computer is the outbound protection that it provides. Hardware firewalls only block or protect your network from incoming traffic. By design, they allow all traffic to flow out. This means that if your computer has been taken over by a virus or by malware then any traffic generated by that critter will be allowed out. Software firewalls prevent this and alert the user to any suspicious outgoing traffic. This could prevent your system from becoming a zombie bot on the Internet and sending thousands of spam messages for some teenager in Montana.
The annoying thing about software firewalls is that they do alert you to all kind of things that your computer is doing. The alerts will pop up from time to time making sure that you are meaning for certain traffic to leave your computer. The temptation is to not read them carefully and to always approve them, but by doing this you would be defeating the purpose of having the software in the first place. Always make sure to read them carefully and if you are not sure about allowing the traffic, just say no.
So which software firewall should I use? First, turn on the one that comes with your computer. If you are using Windows XP service pack 2 then there is one built into Windows. If you are on Windows XP and have not upgraded to SP2 then Lord help you (read this post). Windows 2000 and Windows 98 users are out of luck as far as a built in firewall is concerened. To activate the firewall, go to the Control Panel / Security, and make sure that it is turned on. Like hardware firewalls, it only blocks incoming traffic but again, with security, more is better. Apple also has a built in firewall in OS X; turn it on. As for 3rd party firewalls, I used to like Zone Alarm, however recent versions have become quite bloated and heavy. It takes up a lot of system resources and it just a little too much these days. Today, I really like Kerio which was recently acquired by Sunbelt Software. The purchase price is only $19.95 and is worth every penny. Kerio is well written an will suffice for all your firewall needs.
If you look at the last three postings about the Internet you will start to see a pattern; defend yourself! There is a lot of code out on the Internet just waiting to attack your computer - make sure you do all you can to stop it.
As DSL and Cable Internet connections have become more prolific so have active attacks on computers that just sit on the Internet. This is a little known fact, but just simply plugging your computer directly into your new cable or DSL modem is asking for trouble.
Sitting on the Internet this very minute are 10’s of thousand of computers infected by worms that are actively searching the Internet for unprotected machines to infect. It is not unusual for an unpatched Windows machine placed directly on the Internet to become infected with some form of the Sasser virus within just a few minutes.Â
The way to protect yourself against these attacks is to place a layer of defense between you and the whole of the Internet. I highly recommend to my friends and family that they invest the money in a NAT router. These are sometimes called firewalls and the terms are more or less synonymous. This hardware can be bought at most any office supply store for less than $100. I hesitate to recommend a brand but suffice it to say as long as the word router or firewall is on the box you are “good to go.” If you spend just a little extra money these routers can also be a wireless access point for your home.
This layer of protection between you and the Internet will block 99% of active attacks against your comptuer from the background radiation that exists on the net today. Now all you have to do is not actively go looking for trouble, which we will discuss in later entries.
Every time that I sit down at a friends machine the first thing I do is see how many security patches need to be installed. It is always baffling, but it is not unusual for me to sit down at a machine that has not been patched in as many as 6 months. Let me fill you in on a secret, Microsoft and Apple spend many hours writing and releasing these patches for you. Take advantage of them they will save your skin. Because I can’t get any of my family to move over to the Mac I will concentrate on Windows.
- The first thing to do is go to Start / Control Panel / Security Center / Automatic Updates. Make sure that the button next to Automatic is filled and hit OK. This will automatically download all of the important updates from Microsoft so that you don’t have to think about it, but…
- In true Microsoft form automatic does not really mean automatic. Every now and then you will see a small yellow shield appear in the task bar (the row of icons in the bottom right corner fo the scree). If you click on this yellow shield it will ask you if you want to install the updates. Select the express option and hit OK. It will install all of the updates for you and probably ask you to reboot the computer. It is probably a good idea to make sure you are ready to reboot, i.e. not busy, because Windows will bug you to death wanting you to reboot.
For those of you that are feeling really brave this process may be performed manually by going to update.microsoft.com. You will have to use Internet Explorer for this as it requires some scripts that can only be run in IE, sorry Firefox users (we will talk about Firefox a little later). You can also get to this from the menu bar at the top of Internet Explorer. Go to tools / Windows Update. This will take you to the same place.
To use Windows Update you will have to have a fully licensed verison of Windows XP, 2000, or Lord forbid Windows 98. You may be asked to validate your license so just say OK as you get to these pages. If when you run Windows Update you see a ton of patches that need to be installed make sure you run it again after the reboot as some patches require previous patches to be installed first before they can download. Get busy updating - it will save you hours of headaches. You can sleep safely at night knowing that your windows machine is totally safe from the evil side of the Internet.