Broadband: Are You Exposed?

The Five "A"s of Security

• Awareness (your computer is part of a bigger picture now)
• Authentication (set logins and passwords to verify users)
• Authorization (should this user be permitted access to your computer?)
• Access Control (set permissions to limit access to certain resources)
• Auditing (check your logs, and your monitoring and scan tools)

Awareness
Your computer is one among millions of other computers networked together. As a broadband subscriber, your computer is (generally) reliably connected to the Internet, and your connection is quickly responsive. You have physical control over your machine, and can take informed action to protect your resources and files.

Authentication and Authorization
If you don't want to allow global access to your files, you may need to set logins and passwords to limit your computer's users. Authentication means verifying the user. Authorization is allowing that user access to your system. Verifying users of your machine can help you track the activity in files and resources.

Access Control
To further limit access to your resources, you may wish to set permissions on individual files. For instance, you may have a text file that anyone can read. This is called global access. Another file may only be read by anyone in a special group that you design. This is group access. A third file may only be readable by you--individual access.

Auditing
Your computer may generate logs which can be important diagnostic tools. For instance, your web server keeps track of machines that have requested your web pages:

• machine and domain name or IP#,
• time and date of request,
• page or file requested,
• success or error code,
• number of bytes transferred, etc.

If you run an FTP server, you also have logs of who moved files in or out. Your security products also produce information logs that can inform you about traffic, system users, and more. In combination with active security products, logs can be a powerful tool to mitigate your security risks.

In reality, these five "A"s are somewhat intertwined. For example, it doesn't make sense to have Authentication without Authorization. Access control doesn't happen without Authentication and Authorization, and none of these make sense without Awareness.

Let's take a look at the first of these Five "A"s in practice.

The first step is awareness about your computerized self.

Most people keep stored computer files that reflect their lives. Generally, the "ordinary life" is not of interest to malicious hackers and crackers--unless they have easy access to your financial persona: transactions, credit card numbers, mother's maiden name, etc.

• Do you store this or other important information on your always-connected computer?
• Do you use your home computer for work? Do you ever store trade or other company secrets on your home computer?
• Do you back up your files regularly? How would your life be affected if all of your computer files were to suddenly disappear? If your computer were to become dysfunctional? If your computer were to be used by an outside force for illegal activities?

The second step is awareness about your system.

Many of your system's vulnerabilities are known and described on public security sites. In some cases, fixes (often called patches) are also published for your use.

What you can do to reduce your system's security risks:

• Turn off your computers and/or modem when not in use.
• Keep your operating system software up to date. This does not necessarily mean you should buy the latest version. Rather, it means you should make sure you've installed all available patches for your system.
• Use a hard-to-guess password to access your computer. Good passwords have mixed upper- and lower-case letters, numbers, and characters, and are not obvious. Do not use names or birthdates of family members, or common English words such as "password" or "guess."
• Back up your files regularly.
• Run virus scanning software, and keep your virus definition profiles up to date by visiting software manufacturer's sites and downloading their virus update files (updated monthly).

If you only have one computer:

• Turn off file and print sharing; you don't need them.

If you have a home network with more than one computer:

• Set up passwords to shared computers on your network.
• If you run file/printer sharing, make sure you set a password on all shared devices. (See Appendix 1 for more on this.)

The third step is awareness about your network.

• Don't open email attachments from strangers. Confirm attachments from friends. Be especially wary of unexpected files ending in .vbs or .exe

• Do not volunteer more info to web sites or strangers than is absolutely necessary. You already leave plenty of information behind in the logs of sites you've visited.

• Use encrypted email services and programs when possible. Encryption is a process by which plain text (what you type on the screen) is "scrambled" into a code that can't be read without a special "key" that unscrambles that code. Encryption programs such as PGP have plug-ins that enable them to work with common email programs. Encryption isn't very easy to use yet, but many developers are working on this problem. (Appendix I has a few resources that might be informative.)

• Do not run public servers without adequate protections. Many vulnerabilities are known and published on the net; many fixes and system patches are also available.

• Look at your logs and run security scans periodically. Your logs and tools can provide a picture of what's going on.

Being comfortable with your computer and the Internet, and being aware of the inherent risks, is an important part of the broadband environment. Many resources exist to help you get a handle on your situation. The following Appendices provide more links, perspectives, and information to help you with this important task.

Home or Next: Footnotes