If you access the Net using a broadband—cable modem
or DSL—service, chances are you have an always-on connection, which
means there’s a much greater chance that a malicious hacker could find
your computer and have his way with it. You might think that with
millions of people connected to the Internet at any given moment, there
would be little chance of a “script kiddy” finding you in the herd.
Unfortunately, one of the most common weapons in a black-hat hacker’s
arsenal is a program that runs through millions of IP addresses
automatically, looking for live connections. The problem is compounded
by the fact that many cable systems and some DSL systems use IP
addresses in a narrow range, thus making it easier to find always-on
connections. However, having a cracker locate your system isn’t a big
deal as long as he can’t get into your system. There are three ways to
prevent this:
Turn off file and printer sharing on your Internet connection
Turn on the Windows Firewall
Turn off the Messenger service
Turning Off File and Printer Sharing
File and printer sharing
is used to enable network users to see and work with shared files and
printers on your computer. Obviously, you don’t want to share your
system with strangers
on the Internet! By default, Windows XP turns off file and printer
sharing for Internet connections. To make sure of this, however, follow
these steps:
1. | Select
Start, All Programs, Accessories, Communications, Network Connections.
(Alternatively, open Control Panel and launch the Network Connections
icon.)
|
2. | Right-click the icon for the connection that gets you on the Internet and then click Properties.
|
3. | Display the Networking tab. (For some types of connections, you might need to display the General tab instead.)
|
4. | Make sure that the File and Printer Sharing for Microsoft Networks check box is deactivated. |
Turning On the Internet Connection Firewall
Although
disabling file and printer sharing is a must, it’s not enough. That’s
because when a hacker finds your address, he has many other avenues with
which to access your computer. Specifically, your connection uses many
different ports for sending and receiving data. For example, web data
and commands typically use port 80, email uses ports 25 and 110, file
transfer protocol (FTP) uses ports 20 and 21, domain name system (DNS)
uses port 53, and so on. In all, there are dozens of these ports, and
every one is an opening through which a clever cracker can gain access
to your computer.
As if that weren’t
enough, hackers also can check your system to see whether some kind of
Trojan horse virus is installed.If the hacker finds one, he can effectively
take control of your machine (turning it into a zombie computer) and either wreak havoc on its contents or use your computer to attack other systems.
Again, if you think
your computer is too obscure or worthless for someone else to bother
with, think again. A typical computer connected to the Internet all day
long will be probed for vulnerable ports or installed Trojan horses at
least a few times a day. If you want to see just how vulnerable your
computer is, several good sites on the Web will test your security:
The good news is that
Windows XP includes a personal firewall tool called Windows Firewall
that can lock down your ports and prevent unauthorized access to your
machine. In effect, your computer becomes invisible to the Internet
(although you can still surf the web and work with email normally).
Follow these steps to start Windows Firewall:
1. | Launch Control Panel’s Network Connections icon.
|
2. | Right-click the icon for the connection that gets you on the Internet and then click Properties.
|
3. | Choose the Advanced tab.
|
4. | In the Windows Firewall group, click Settings. The Windows Firewall dialog box appears.
|
5. | Activate the On option.
|
6. | Click OK.
|
Turning Off the Messenger Service
As a final barrier against
unwelcome intrusions, you should also turn off the Windows XP Messenger
Service. This service (which is not to be confused with the Windows
Messenger instant messaging program) is used by network administrators
to broadcast messages to users. However, some advertisers have figured
out how to use this service to have ads pop up on your computer. You can
block these ads by turning off the service. To do this, follow these
steps:
1. | Select
Start, Control Panel, Performance and Maintenance, Administrative
Tools, Services. Windows XP displays the Services window.
|
2. | Double-click the Messenger service.
|
3. | Click Stop to shut down the service.
|
4. | To prevent the service from starting in future Windows XP sessions, use the Startup type list to choose Manual.
|
5. | Click OK. |