Using A Public Computer? Protect Yourself

It seems like, wherever you go, there is always a computer available for public use. Computer access, whether for reading email, or surfing the web, is almost a necessity today.

But don't let these public conveniences misguide you. If not properly used, they can place your bank account, or your identity, at risk. Any time you use a public computer, for anything other than anonymous web access, take precautions. Using a public computer may involve many of the same security risks as using a public WiFi network. It will also present additional security challenges.


  • Take note of your surroundings. Don't use a public computer unless absolutely necessary, where it's within casual view of any passerby.
  • If you must use a public computer for any authenticated activity, like reading web email, you will be entering your account name and password. Try and block the view of the keyboard, and the monitor, from any casual passerby or nearby customers, as you enter your account and password. Watch the stranger next to you, using a cellphone (camera?).
  • Remember what you're reading, and writing, is visible to anybody near you. This may not be the best place to start a long involved letter to anybody with any privacy concerns. Treat your friends (the recepients of your email) with respect.
  • When you're on a public computer, would you walk away and leave your purse or notebook sitting on a table? I'd bet not. Don't go strolling to the restroom, either, while logged in. Get your coffee, etc, before you login.
  • When you leave, make sure that you leave no traces of your presence. Don't leave yourself exposed to the next user of that computer.

    • Always log off whatever services you were using.
    • Never select "Remember Me" or anything similar, on any website or program, when asked for a name, nym, or password. You do not want to be remembered. Always plan on logging in, each time.
    • If at all possible, clear all cookies, and delete temporary Internet files. Here's where knowing the menu options on the browser becomes essential. You don't want to have to go ask a staff member at the coffeeshop how to clear your cookies (as if they would know).
    • If convenient, shut down and restart the computer before leaving. Watch it until it goes into the BIOS check, to ensure that it is shutting down. A shutdown and restart is the best way to refresh memory, and ensure that no memory based traces of your visit remain.


You don't have to be paranoid - 9 out of 10 of the folks watching you are simply wishing that they knew how to use the computer so confidently. Or they're waiting their turn (will he hurry up and finish!). Regardless, take reasonable precautions. Don't become an identity theft victim, from using a public computer.

Blogspot and Server Access

As you may have noticed, this website is currently hosted by Blogspot. That's for a very simple reason - I wanted to start developing content, without worrying about page design, or about hosting and publishing. Admittedly, this entire website is ugly, and clunky. It doesn't have a polished look and feel, nor very many pretty pictures. Just content. I'm working on both issues - be patient please. Or leave me a message on My Guestbook, if the mood strikes you.

Anyway, to develop my content, I chose Blogspot. Blogspot is big, and has lots of bandwidth. And generally, this is beneficial.

But not always. Recently, I observed a problem. I would see one of several very odd errors when trying to publish articles, or update articles already published.


  • This error I saw several days ago. It went away after several hours.

    Please republish your blog in 10 minutes.
    This post has been saved and your blog is still publicly viewable while we perform system enhancements.

  • This error I saw a couple days ago. It did NOT go away, and I waited for about 8 hours before continuing.

    The server has encountered an error. A technician has been dispatched...

  • Occasionally, I would attempt to refresh from the second error, and get a simple white screen (blank page).


Obviously, this was not an acceptable condition. Since I constantly make changes here, this website, at least as far as being updated when appropriate, was down for almost 2 days.

Then, I got analytical. I went to another computer on my LAN, and tried to update an article. Lo and behold, I was able to update from my other computers. Just not from my most productive computer, where all of my tools reside. Noting that I was looking at one computer only, I investigated further.

Looking at the cookies in Firefox, where I do my work, I noted a cookie for Blogger, titled "ServerID". I compared the ServerID for the problem computer, and noted that it was a different value from the others. I then deleted all Blogger cookies and restarted my browser. Upon trying to publish and update articles, I was then successful.

Since you are changing your Blogger server because the server is providing a corrupt (garbled / incomplete) copy of your blog, your browser cache will now have garbled / incomplete content. So, you also need to clear the cache.

For details on clearing Cache and Cookies, see The Real Blogger Status: Change Your Blogger Server.

Now, the problem server was "1291". After restarting Blogger, I am now on "1547". Obviously, they have one heck of a huge server farm. Knowing that, I don't think it all unlikely that hundreds of Bloggers might be blogging away with no problem, yet one or two have a problem like mine at any time.

So, if you use Blogger, and start getting an odd error condition like mine, and if your problem doesn't go away shortly, investigate, and take action. You may help a few folks, like you and me, if we can identify a pattern, or some consistency.

And, when you do note Blogger / Blogspot problems, publish a description of the problem and solution at Blogger Forums - Newbies, and at Google Blogger Help. You'll have to register (free!) to publish, but it's well worth your time. I promise.

Diagnosing Network Problems Using PingPlotter

Many network problems, given enough test cases, can be diagnosd by simple observation and comparison. If you can access Computer C from Computers A and B, but you can't from Computer D, better look at Computer D. If Computer A can access Websites 1 and 2, but can't access Website 3, what's different about Website 3?

What if the problem comes and goes - now you can access with no problem, and now you can't? Maybe Computer A doesn't work now, but it's working later when Computer B stops working? Or if Website 1 is accessible, but Website 2 isn't, how do you identify the problem?

I start with PingPlotter. PingPlotter combines a traceroute (traditionally a single timed ping of all addressed hosts between one computer and another) with repetitious pinging, and an interactive GUI display. PingPlotter lets you look for geographical problems (showing that you have connectivity between your computer and the first router, but not the second), or for repetitous problems (showing when you lose connectivity, whether chronic, cyclical, or randomly).

Let's say that you are losing connection with the Internet, on all computers on your LAN, periodically. By running PingPlotter on your computers, you can note whether the problem is with your router (if all computers show loss of connectivity with that router), with your ISP (if all computers show loss of connectivity with your ISPs gateway, but no problem with your router), or with a given server on the Internet. If the problem is intermittent, the PingPlotter display will show when the problem happens - and if its a chronic problem which includes loss of connectivity with your ISP, having a PingPlotter display may be worth a thousand words.

Since PingPlotter shows ping times for every host between you and your target, when there is a break in connectivity somewhere, it will show the break. You will see a red ping display for any hosts that do not respond at all, and the host that is causing the problem should be the first one showing as red.

A PingPlotter display is interactive too. If there are a dozen hosts between you and a given website, maybe you only want to examine connectivity details with 4 hosts - yours, your ISPs gateway, your ISPs border, and the target server. You can selectively configure PingPlotter to show only those hosts, saving valuable screen space for other tasks. At any time, you can add any of the other hosts to the display, and the past history for those hosts will be visible too.

You can also vary the time scope of the display. You can look at an entire 48 hours in a 6 inch horizontal display, or zoom in on any 5 minutes, and look at those 5 minutes in detail. Or you can select any of 8 other scales in the display.

The paid version of PingPlotter can even be set to trigger alerts when certain definable network conditions occur, and to contact you by text messaging, or by email. So you need not be at your desk, watching the display, to be notified of a chronic problem.

All in all, PingPlotter is one network diagnostic that has a place in my toolbox. The paid version, PingPlotter Pro, is well worth the expense.

A Hidden Personal Firewall - The nVidia nForce Network Adapter

The nVidia corporation, probably best known for their industry leading video cards like the GeForce, is now marketing a hardware based personal firewall. The nForce comes in two forms - an Ethernet adapter PCI card, and a motherboard with an embedded Ethernet adapter.

The nForce is an ICSA certified firewall, with full firewall functionality, that sits inside your computer.

If you're having a Windows Networking, or file sharing, problem, and you have an nForce component in your computer, you need to know this. During January and February 2006, I assisted in diagnosing several network issues that involved the nForce. In at least one case, the person with the computer had no idea what he had purchased, and innocently installed.

Run an "ipconfig /all" on your computer. If you see something like


Windows IP Configuration

Host Name . . . . . . . . . . . . : PChuck1
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : NVIDIA nforce Networking Controller

and you're having any type of problem pinging that computer, seeing it in Network Neighborhood, or otherwise accessing that computer thru the network, take a few minutes and read the manual. Or peruse the nVidia Support Forum, and in particular, POST HERE, Problems with nvidia network port. And my latest effort, Firewall Behaviour - And Windows Networking.

And be aware - the drivers for the nVidia nForce Versions 2, 3, and 4 contain shared components. And the installable component in the firewall, the nVidia Access Manager, has been reported to fail open. That is, if you don't install NAM, or don't activate it, the firewall blocks traffic, and not necessarily all traffic.

Be aware of what you're buying, please.

Disenchanted nVidia Customers
Here are some individual discussions and / or threads from folks who have experienced this problem first hand:
  • 2006/09/16: Even WikiPedia is involved now. Markus, in Updating Firewall rules for ActiveArmor Network Access Manager provides the link to WikiPedia: NForce4: Flaws, which contains an interesting summary of the problem.
  • 2006/08/13: NVIDIA "hidden firewall" causes networking problem, which makes immediate reference to a very long thread in the forum. Usenet technical details require that I archive the end of the thread here, since all posts by the person experiencing the problem are being removed:

  • >>>>>Good Morning, Chuck. And for the twentieth time, I appeciate your
    >>>>>tenacity and effort in trying to help me solve this frustrating
    >>>>>problem.

    >>>>>Update:
    >>>>>I think I followed your suggestions properly. Here's what I did:
    >>>>>1. Established a new account on all three (ASUS-AMD is back up!)
    >>>>>computers. They are adminstrative accounts with identical passwords.
    >>>>>2. Simple file sharing disabled on all three.
    >>>>>3. Created a test folder on AMD64, with full permissions for everyone
    >>>>>under "sharing" tab, and with "read" permissions for each user and
    >>>>>group under the "security" tab. (Some were greyed out).
    >>>>>4. Activated this user name on each computer with "net user name
    >>>>>/active:yes"
    >>>>>5. Checked TCP/IP for correct settings and did "repair" to flush.
    >>>>>6. Put remote registry service on automatic. There are very few
    >>>>>services now disabled (alerter, messenger, clip book)
    >>>>>6. Rebooted.
    >>>>>7. Tested system...Result --->No change. Working from amd64, I can
    >>>>>easily see and copy files from the other two computers. Working from
    >>>>>either asus-amd or mbx-notebook, I can see files and folders on amd64,
    >>>>>but I cannot open them. Tried again with all firewalls disabled. No
    >>>>>change.

    >>>>>

    >>>
    >>>***********************************************************
    >>>Soooo, Chuck, I guess I am essentially out of luck, and if my
    >>>persistent search for a "hidden" firewall proves to be fruitless, I
    >>>guess I must accept defeat. Or reinstall Windows.

    >>>Nothing came of the NVIDIA forum post except the one reply I quoted,
    >>>and there is nothing there which applies to my situation, although
    >>>they've had lots of firewall and driver problems, but not this kind.

    >>>I sincerely appreciate all your time and effort.
    >>>I will post a followup.
    >>>Of course if you have any other suggestions (please!), I'll be most
    >>>eager to pursue them

    >>>Jack

    >>Hello Chuck,
    >>Well, finally some good news. Success! You were right all along in
    >>suspecting a "hidden firewall" in the NVIDIA system. Apparently when I
    >>installed the latest drivers, a network manager was installed. This
    >>was acting as a firewall despite not having the actual NVIDIA firewall
    >>installed and despite not activating the firewall software (Active
    >>Armor or Armor On or something like that.) Fortunately, I was able to
    >>uninstall this manager without uninstalling the "NVIDIA drivers" which
    >>was a separate entity in the "Add-Remove programs". When I rebooted
    >>and went into Device Manager, I could see that there was now an older
    >>date on the driver for the NVIDIA network controller, which Windows
    >>must have silently installed.
    >>Caveat Emptor!
    >>My mind is so muddled now that I can't remember the exact name of the
    >>function I deleted.
    >>But I get easy access to the "server" now from the two secondary
    >>computers. Amen!
    >>Can't thank you enough for all the work you put in on this with me. I
    >>hope others may learn from this. If I have the energy (a bit burnt out
    >>now), I may go through this process again and make some notes to post
    >>for those who may be faced with this problem in the future. No help
    >>from NVIDIA or their forum, sadly.
    >>Sincere appreciation,
    >>Jack

    >All right, Jack!! Way to go!!

    >YOU will be the help to nVidia customers. Please write up what you can, and
    >whatever you write up will go into my article, and you will be able to help
    >other folks like you.

    Hi Chuck.
    I went through the process of reinstalling and uninstalling the
    troublesome NVIDIA network access manager, just so I could plan a post
    with some specific instructions for some unfortunate individual like
    me and try to save that person some time and frustration. So I plan to
    post it as a new topic under the heading

    "NVIDIA "hidden firewall" causes networking problem"

    I thought it might be more retrievable for someone with a similar
    problem if I put NVIDIA in the title of the topic.
    Many thanks again!

    Jack


>> Top

A Set Of Simple Network Components Definitions

Many folks, when they start connecting their computers, get lost in the terminology. Justifiably so, I would think. I can hear the pain in their voice.


  • I want to connect my computers. One guy in the store showed me a hub. Somebody else told me to buy a switch. And in the forum, I was told that a router was the only way to go. Help!
  • I want to connect my computers, but avoid using cables everywhere. One guy told me to buy a wireless router. Somebody else recommended an access point. And I hear about bridges, and repeaters.



Introduction to Networking
To learn about network components, and what each one does, you first need to learn the concept of the OSI network model. All network components are defined in term of the network layer which they work in. Components in any one layer connect to other components in that layer, or to components in the layer above or below.

A network cable would be an example of a component in the Physical, or bottom, layer. Ethernet, which is one of the most common network standards in use today, incorporates both the Physical Layer, and the Data Link Layer. An Ethernet cable, then, connects thru both the Physical (Layer 1) and Data Link (Layer 2) layers, and can connect to a Network device, such as a router.

Routers, which operate at Layer 3, connect networks that use Internet Protocol (IP). For intensive instruction in IP networking, see Microsoft TCP/IP Fundamentals for Microsoft Windows.

WiFi, which is not a totally physical medium, is similar to Ethernet, excepting that it uses a radio channel, instead of cable.

>>Top

Wired Devices - Bridges, Hubs, Routers, and Switches

Hubs, routers, and switches are devices used to connect computers, that are physically attached (using cables), or logically attached (using WiFi).

>>Top

A hub is one of the most basic network components; like a cable, it is a Physical (Layer 1) device. It is not addressable, it connects passively to a group of Ethernet (or other media) cables.

A hub effectively connects a group of computers in one big conversation, much like an old fashioned telephone party line. With all computers in a network connected by hubs, only one computer will be able to transmit, to another computer, at any time. Computers connected in this way must use a communications technique called Carrier Sense Multiple Access/Collision Detection (CSMA/CD).

CSMA/CD is a pretty inefficient protocol. If you are chatting with a friend, maybe over the telephone, do you ever notice that sometimes one of you wants to speak when the other is still talking? How about if both of you start talking simultaneously? What if a group of you, and many friends, try to carry on a conversation that way? Sometimes, you have to spend as long deciding who's going to speak next, as actually speaking.

In effect, with a hub connecting your computers, the more computers that get connected, the less productive network work will get done. Hubs are just not scalable - that is, you can't keep adding computers to a hub, and get any decent production out of a network.

Since the purpose of networking computers is to transmit massive amounts of data between those computers, the switching hub was developed.

>>Top

A switch is a Data Link (Layer 2) device. A switch, which was originally called a switching hub, connects specific computers to each other selectively, much like a telephone switch, for individual conversations. Individual computers are addressed (selected), by a switch, using their MAC addresses.

With a switch, individual pairs of computers can carry on simultaneous conversations. Essentially, a switch is to private line telephone (which is the telephone service we all take for granted) as a hub is to party line telephone (if any of you are old enough to remember that). A switch operates in full duplex mode (each computer can send and receive simultaneously), where a hub operates in half duplex mode.

>>Top

A bridge is a type of switch. Where a switch, in general, connects two or more networks that use identical media (such as Ethernet), a bridge may connect networks that use different media. In Internet connectivity, a modem will act as a bridge, and connect:

  • The Public Switched Telephone Network (PSTN) to a serial cable, leading to a computer or router (or connect as an internal component in your computer). A properly selected NAT router (though not all NAT routers) can connect to a properly selected external modem.
  • A cable broadband network to Ethernet, or USB cable.
  • A DSL broadband network to Ethernet, or USB cable.

A WiFi Bridge connects (bridges) Ethernet to WiFi.

There is one other difference between a bridge and a switch. A switch, by definition, connects multiple computers, and has 4 or more ports. A bridge generally connects only 2 different networks, and has 2 ports. A bridge with more than 2 ports generally has a hub or switch attached to one of the bridge ports.

Since the MAC address is factory assigned, and intentionally unique in all circumstances, it would be practically useless to designate groups of computers by MAC address. Switches are more effective than hubs for connecting large groups of computers, but the groups need to be local to each other for efficiency.

To associate groups of computers, where not all groups are local to each other, you need the ability to associate computers in location based groupings. This is where Internet Protocol addressing comes in to use - the IP address is assigned by physical grouping of computers.

>>Top

A router is a Network (Layer 3) device, that connects networks that use Internet Protocol. A router connects specific computers to each other selectively, like a switch. Unlike a switch, which addresses individual computers by their MAC addresses, a router addresses computers by their IP addresses.

Since a router addresses computers by their IP addresses, a router only transports Internet Protocol traffic. IPX/SPX and NetBEUI, which are alternate transports, do not produce routable traffic. Networks which use either alternate transport must be connected by hubs or switches, they won't work with routers.

Since Ethernet connects thru both the Physical (Layer 1) and Data Link (Layer 2) layers, an Ethernet cable can connect either a hub (Layer 1), a switch (Layer 2), or a router (Layer 3). A group of computers, connected by Ethernet or WiFi, thru a collection of hubs, switches, and routers, makes up a Local Area Network (LAN), or a Wide Area Network (WAN). Since the IP address is assigned to each group of computers based upon their physical location, all computers in one physical location can be easily identified by IP address grouping, or subnet.

A router is essentially a big switch, with multiple connections, each connection leading to one or more subnets. A subnet can be locally attached (by Ethernet), or distantly attached (by a long distance communications line). By knowing what subnet is accessible (immediately, or distantly), from any connection, a router can decide which connection should be used for a packet destined for any given IP address or subnet.

Now if you are buying, or just bought, a router for your home or small office, you probably are looking at a NAT router. A NAT router has the functionality of a regular router, and more. For a description of a NAT router, please see my article What Is A NAT Router?.

>>Top

Wireless Devices - Access Points, Bridges, Repeaters, Routers, and Switches

A WiFi channel is similar to a hub, in that all computers using a single WiFi channel have to share it with each other. They can choose not to listen to the conversations of their neighbors (properly designed software won't participate in conversations which don't apply to the network that it connects to), but you should not assume this to be true in all cases. You absolutely must practice WiFi security.

And whether or not a WiFi device listens to a conversation on another network, it won't be able to use the channel, while the other network is using the channel. The WiFi channel can only be used by one conversation at any time. All WiFi devices, within range of each other (able to detect radio from each other) have to share the channel, and only one device can transmit at any time. This is why we say that WiFi is a half duplex medium.

>>Top

A WiFi router is similar to a wired router, but with one extra component - a radio connected to the LAN switch. The computers that connect by WiFi become peers to the computers connected to the Ethernet LAN ports.

All computers connected directly to the Ethernet switch have the capability of multiple simultaneous, full duplex, communications, with all other computers connected directly to the Ethernet switch. All computers that connect by WiFi, though, have to share the channel with all other nearby WiFi devices.

>>Top

A WiFi bridge is similar to a wired router, but with one extra component - a radio connected to the WAN port. Like the wired router, all client computers connect to the bridge by Ethernet.

All computers connected directly to the Ethernet switch have the capability of multiple simultaneous, full duplex, communications, with all other computers connected directly to the Ethernet switch. Connection to the rest of the network, thru the WiFi WAN port, will have to share the WiFi channel with all other nearby WiFi devices.

You can buy WiFi bridges made for that purpose, and some WiFi NAT routers can be converted to bridge configuration. The Linksys WRT54G, with third party firmware, can be configured as a bridge.

>>Top

A WiFi access point is a wired switch, with a radio. As with a WiFi router, the computers that connect by WiFi become peers to the computers connected to the Ethernet LAN ports on the switch.

The computers connected to the Access Point - both wired and wireless - will have the same capabilities and restrictions as those connected to a WiFi router.

>>Top

A WiFi repeater is, simply, a radio that alternately receives and sends. Placed at a distance from a WiFi router (at a midpoint between the router and the clients), a repeater can extend the range of the router. A repeater that operates on one channel, though, will be very slow. It has to:

  • Receive a packet from one WiFi computer, that's intended for another.
  • Retransmit (repeat) the same packet.
  • Wait for a reply from the computer that the packet was intended for.
  • Pass that reply back to the sending computer.
  • Receive another packet from the sending computer.


Summary and References
All equipment, excepting the NAT Router component of any device, operates at Layer 2 of the OSI network model. Excepting the NAT Router component, all equipment will transport IPX/SPX and NetBEUI network traffic, in addition to IP traffic.

Any configuration of equipment, done thru your browser, will typically require Internet Protocol though. Most network components, when designed to be managed thru the network, is addressed (managed) by IP address. Both WiFi routers, and Wired Routers, will only transport IP traffic.

For additional discussion about wired components, see Hard Forum Networking FAQ Q1.

>> Top