Topic #2 - Firewalls

According to the latest research, about 8% of the people on the internet right now currently use a firewall.  This compares to 52% of people that actively use a virus scanner with up-to-date script files.  Yet more damage can occur from the lack of a firewall then 95% of the viruses currently in existence ever could cause.  Viruses erase files, and sometimes send information out from your computer.  A system without a firewall can be totally violated by a hacker.

So why don't more people use a firewall?  There are many reasons.  Some feel they are invulnerable.  Some feel a virus scanner is enough.  Some believe their actions on the internet are so inconspicuous, they'd never be the target of a hacker.  Most just don't know the risks.  This week's lesson is all about the risks, and how you can protect yourself.

The threat is...

So what are the risks in not protecting yourself?  Take this simple example.  You go to a web site, which asks you to sign up for a newsletter.  The site seems pretty safe, and you go to the sign up page.  From there it asks you a few simple pieces of information; your full name, your e-mail address, and your birthday (for security reasons).  Seems pretty safe, right?

99% of the time it probably is.  Most likely if it's a reputable site there's no real danger.  But let's examine the 1% of the time that it's not safe.  How do hackers work?  And what do they look for?

A good hacker only needs 2 pieces of information to start the process of hacking you.  With a full name including middle initial, and your birth date, a hacker has his start.  From that information, a hacker can get a copy of your birth certificate. Cost is about $32.  With your birth certificate in hand, he can then file for a credit report, which costs about $25.  On your credit report will be your current address, and your SSI. (SIN in Canada)  Starting to get a little frightened?

After getting your credit report, which includes your home address, your phone number, and other vital information, a hacker now has all he needs to start his work.  Total cost to him thus far is about $80.  Using an application commonly referred to as "netbussing", he can now use your phone number to gain access to your computer while you're on-line.  He now has access to your whole computer.  He also has the ability to take out loans and apply for credit cards in your name.  As far as anyone is concerned, that hacker is you.

What can you do?

There are several steps to protecting yourself.  

1. Make sure you have a good firewall program.  A firewall prevents your IP address from being seen by people outside of your system, which prevents them from hacking into it.  It can prevent many of the information leaks that occur on your system that you never know about.  Remember, even piece of information on your computer is accessible if you're not protected.

2. Try not to give out personal information on non-secure servers.  How do you tell if a server is secure?  Look for the lock symbol in the lower-right hand corner of your browser.  If that's there, make sure that the server is an HTTPS server. (As opposed to an HTTP server).  If you don't see the S or the lock in the closed position, be careful what information you give out and NEVER give out credit card information on a non-secure server.

3. The latest craze on the internet is resume posting services.  Be careful what information you post that is accessible to the average user.  Most of these services offer to keep your address and other information hidden.  Make sure you do this, as giving away that information for free is making the hacker's job that much easier.

4. One of my most common pieces of advice is also the one people laugh at the most.  Lie.  The easiest way to not have people find out about you is to make up a fake name, address, and other information that doesn't relate in any way back to you.  For sites that you must be truthful to, do so.  But if it doesn't really matter, lie about everything you can.

5. Get a free-mail account.  You can sign up for one on our front page.  They are web-based, free, and generally come with a built-in form of spam and virus protection.  That way you don't have to sign up with an account that leads to your home server and give people clues as to where you're from.  You'd be surprised how much information you can get simply by looking at where an e-mail comes from.

There are so many problems and pitfalls with surfing the net that no one method of protection can ever save you.  Even cash registers at pharmacies keep information on you that can be accessed.  But knowing how to limit the chances of being exploited increases your chances of remaining safe on the net.