Fix Network Problems - But Clean Up The Protocol Stack First

Windows Networking, the set of programs that let your computer share files with other computers, is built around TCP/IP. It uses Server Message Blocks (SMBs) hosted over NetBIOS Over TCP/IP, as the preferred transport for file and printer sharing. You can use alternate transports, if you wish, but you should make sure that all computers in your network use the same transports. With some computers using one transport, and other computers using another, you will get unpredictable results.

• Network Neighborhood may be inconsistent between computers. Some computers may be inaccessible, or invisible, in Network Neighborhood.
  
• One or more computers may be slow, when connecting to network shares.
  
• Refreshing a display of Network Neighborhood may take a long time.
  

The protocols are the languages which the computers speak, when they talk to each other (advertise shared files, etc). Your computers will share files best, when they all speak the same languages.

You can ensure that all computers speak the same language, if you cleanup, and standardise, the protocol / transport stack on each computer. Examine the list in the (Settings - Network Connections - ) Local Area Connection - Properties wizard.

On a properly setup, and standard, system, you should require only the following items in the components list:

• Client for Microsoft Networks.
  
• File and Printer Sharing For Microsoft Networks.
  
• Internet Protocol (TCP/IP).
  

You may also see, and wish to leave, any of the following items in the list:

• AEGIS Protocol (IEEE 802.1x) (AEGIS is seen on some WiFi clients, and on otherwise properly working configurations, does not cause problems).
  
• Network Monitor Packet Driver (NMPD is seen on some WiFi clients, and on otherwise properly working configurations, does not cause problems).
  
• QoS Packet Scheduler (QPS is optional, and has caused no known problems).
  

There are several network components, that you normally do not need, which you might see in the transports list. Depending upon your version of Windows, the names may vary.

• IPV6, which is not always compatible with NetBIOS Over TCP/IP, may be listed as:
  
  
  
  • Automatic Tunneling.
    
  • Teredo Tunneling.
    
  • Microsoft TCP/IP Version 6.
    
  
  
• Netware Client, which is legitimately necessary in one specific case, may be listed as:
  
  
  
  • NWLink IPX/SPX.
    
  • NWLink IPX/SPX/NetBIOS Compatible Transport Protocol.
    
  
  
• NWLink NetBEUI.
  

The presence of IPV6 may hamper the diagnosis of your problems. Please remove IPV6 while we are working on your problems; if you truly need it, you can re install it later.

Installation of alternate transports, like IPX/SPX or NetBEUI, has been used as a workaround, in the past, if there's a problem related to TCP/IP on the LAN. Understand the drawbacks and limitations of using alternate transports.

Removal of unnecessary entries, from the transports list, is simple. Don't bother with de activating the components in question, un install them.

• Highlight the network component to be removed.
  
• Hit the Uninstall button below the list.
  
• Follow instructions.
  
• Restart the system when requested.
  

Finally, make sure that NetBIOS Over TCP/IP (aka NetBT) is explicitly Enabled (unless you're intentionally using IPX/SPX or NetBEUI, or you're using Directly Hosted SMBs).

For additional discussion, see these articles:

• Microsoft: (KB128233): Comparison of Windows NT Network Protocols.
  
• Network Magazine: NetBEUI vs. NetBIOS.
  
• Pchuck: Windows Networking And Alternate Transports.
  
• UltraTech: The Need For Name Resolution.
  

Fix the problem. Don't add to it.

Disabling the SSID

Many security experts think that broadcasting your SSID, which identifies your WiFi LAN to all of your wireless neighbors, creates a substantial security risk to your LAN. This concept is similar to the justification of stealthing your IP address, as I discussed in Security By Obscurity.

You can disable the broadcast of the SSID in the beacon. This will make your AP invisible, as long as there are no stations associating with it. As soon as any stations (wireless computers) associate with the AP, the SSID will be out there for everybody to see.

Associating with an AP, with SSID beacon disabled, can be done, as long as the SSID is known to the station wishing to associate. But the process is complex, and generates a lot of excess traffic. This traffic exposes your SSID even more than if you had been broadcasting the SSID in the first place.

• DSLReports Forums provides 2 FAQs - Disabling SSID, and What happens when I disable SSID Broadcast?, both discussing this topic.
• ICSA Labs did a detailed study of SSID disabling, and wrote a white paper Debunking the Myth of SSID Hiding exploring the pros and cons.
• Jesper Johansson, MS-MVP Security, in Regulatory Silliness, points out that hiding your SSID may make your clients susceptible to connecting to rogue access points, and possibly to man-in-the-middle hijacks.
• Microsoft (KB811427): Wireless Zero Config does not support disabling the SSID in the beacon, and notes that doing so is useless.

  Disabling SSID broadcasts is not a sufficiently strong method for securing a wireless network.

And, as I said above, you can hide yourself, as long as there is nobody connecting to you. But what's the purpose of having a AP with no clients? And as soon as you have clients, you'll be visible again. Only the truly lame script kiddies don't know about NetStumbler. You won't be invisible to NetStumbler, or similar tools.

Disabling SSID beaconing MAY make you invisible in normal WiFi client manager displays. This is both good, and bad.

• The upside is that your neighbour, who knows barely enough to find the Ethernet port ("big fat phone plug thingy") on his cable modem, won't know that you're there. You're safe from him trying to hack your WLAN.
• The downside is that your neighbour doesn't know that you're there. If he picks the same channel that you're using, and your bandwidth suffers because you have to share the channel, you can only blame yourself. Your neighbour will probably end up taking his WiFi Access Point back to the store, because "it doesn't work right". That, too, will be your fault. He won't even know that you're in the area, and come ask for advice, because you're "invisible".
• A second downside is that you won't be invisible to your neighbour's son, the l33t hax0r. Any script kiddie, or true hacker with any experience, will know about NetStumbler and similar products. He'll scan the channels, and make a list of Access Points, and their SSIDs.
  1. APs with SSID "Linksys", "Netgear", "My Network". Ho hum, so many of those. Check them out when I'm really bored.
  2. APs with obscure SSIDs. Probably well protected - stay away.
  3. And here's an AP with no SSID. This tells Mr L33t Hax0r two things.
     • The owner doesn't want to be seen, so he has something to hide.
     • The owner thinks he can't be seen. If he's that dumb, I'll bet he won't have his AP properly protected either.
     Now we're talking! Let's have some fun with this one.

The reason for having channel number and relative signal strength, in the client manager (WZC and similar products) displays, is to allow your neighbour, when he sets up his WiFi LAN, to pick a channel that is less used. If your neighbour can't see your Access Point on the channel, because you want to be invisible, how is he going to, reliably, pick a less used channel?

Did you ever see the movie The Invisible Man? What were some of the first things that Nick Halloway learned from experience?

• Don't wear clothes in public, if you want to be invisible.
• Don't expect folks not to run into you, if you want to walk around in a crowd.

If you think about it, both practices are pretty antisocial. Walking around naked, and walking around invisible, are not keeping to social norms. Neither is using WiFi "naked" (without proper security), or "invisible" (SSID beaconing disabled).

>> Top

Essential Tools For Desktop and Network Support

Every Desktop Support or Security specialist has his own suite of essential software tools, and this is mine. All of these products are free, except as noted. All products install easily, also except as noted.

Note, this list, like most of my lists, is alphabetised. Please don't ever take relative list position, as any evidence of my personal preference for any one item over another.

• AngryZiber Angry IP Scanner


• A-Squared HijackFree


• DiamondCS Port Explorer


• DUMeter DUMeter


• Hover RegSeeker


• HTTrack HTTrack


• Jam Software TreeSize


• Lavalys Everest, previously known as AIDA


• Merijn HijackThis


• Mike Lin Startup Control Panel


• Mikrotek The Dude


• NetStumbler NetStumbler


• PingPlotter PingPlotter


• SiteMeter SiteMeter


• SoftPerfect Research Network Scanner


• StatCounter StatCounter


• SysInternals
  
  
  
  • Autoruns
  
  
  • Filemon
  
  
  • ProcessExplorer
  
  
  • PSTools
  
  
  • Regjump
  
  
  • Regmon
  
  
  • RootkitRevealer
  
  
  • TCPView
  
  


• Technische Universiteit Eindhoven SequoiaView


• UltraVNC Project (SourceForge) UltraVNC


• Visualware VisualRoute

AngryZiber
Angry IP Scanner enumerates each host on your network, listing IP address, MAC address, and Name. It requires no installation, and can be run from any convenient folder. Like SoftPerfect Network Scanner, it's a useful tool in finding out what computers are on your LAN.

A-Squared
HijackFree analyses each process that's automatically started on your computer. Like HijackThis, it checks all known startup lists, and various other system databases, and enumerates each one. But HijackFree goes several steps beyond HijackThis.

• HijackFree presents its findings in a GUI display, with click to sort columns.
  
• HijackFree analyses its findings against the online SysInfo malware database.
  

Like HijackThis, HijackFree requires no install procedure, though I still recommend installing it into a dedicated, well placed folder, such as "C:\Program Files\HijackFree".

DiamondCS
Port Explorer is a detailed port monitor, with numerous configurations to let you identify ip traffic in various ways. The paid version of Port Explorer includes a small packet analyser. Port Explorer makes extensive changes to the network stack, including installing several protocol components, so you will end up closing other programs before installing, and rebooting afterwards, for best results.

DUMeter
DUMeter provides a graphic display of the volume of network traffic flowing into, and out of, your computer. It will alert, or notify, you when specific traffic patterns are detected. DUMeter installs and upgrades unobtrusively. The 30 day trial version of DUMeter is free.

Hover
RegSeeker is a very powerful tool to search the contents of the Windows Registry. It will let you select specific hives, limit the search to data, keys, and / or values, and display a tabular list of all entries found which match the search criteria. It will automatically open the Windows Registry Editor for you, and scroll to display any entry found, which interests you.

HTTrack
HTTrack will download an entire website to your local system, with graphics and links. It will translate all links within the website that you download, and effectually let you create a complete mirror of your entire website, locally on your personal computer. If you have a website, or especially if your website is a blog (where the content is primaruly located on somebody else's computers), and you're not using HTTrack (or a complementary product), why aren't you? HTTrack is free, and it's easy to use. It does require an install, but doesn't force a reboot of the system.

Jam Software
TreeSize shows you, at a glance, where your disk space is being used. Its look and feel is similar to Windows Explorer, with many of the context menu (right mouse click) selections available. The free version, TreeSize Free, lacks many features of the Professional version, but it still gives you detail usage figures which may save you a lot of work. It will require all other programs to be closed when installed, though it won't force a system restart.

Lavalys
Everest, previously known as AIDA, provides a standard analysis and report of all hardware and software on the computer. Any time I am helping to diagnose a computer that I can't stand in front of, I instruct the owner to download and install Everest. Everest Home Edition, previously distributed by Lavalys, was free, though only the Corporate or Ultimate Edition will run on a computer that's a domain member.

Everest / Aida is an essential tool for anybody with a computer. Since Lavalys, having decided to market only to corporate customers, does not provide Aida for small LANs any more, Jim Eshelman and Aumha is now distributing a copy of Aida on his website.

Merijn (Now TrendMicro)
HijackThis is a well known malware dianosis and removal tool. The problem with most malware diagnosis and removal tools is the false positives / false negatives issue. Every security product in this class is known for removing software that some folk wanted to keep, and for leaving bad software that other security products will remove. HijackThis takes a different approach - it presents you with a list of everything that it finds, lets you interpret the findings, and then removes based upon your selections. See Interpreting HijackThis Logs - With Practice, It's Not Too Hard!, for instructions on interpreting, and on installing HijackThis.

Mike Lin
Startup Control Panel is similar in nature to Autoruns. It's a bit more mature than Autoruns, but hasn't been kept as current, and doesn't have as many startup lists enumerated - just a total of 5 lists. It does have two major features that Autoruns doesn't have, though - it allows shortcut creation and relocation. If you want to have a program autostarted, you can drag its shortcut onto the Startup display for any of the 4 best known startup lists. Also, you can move an existing shortcut from one list to another.

• HKLM Run
• HKCU Run
• Startup (Common)
• Startup (Current User)

Mikrotek
The Dude. What a name for a free network monitoring tool. It does an autodiscovery of all network devices on your network, and lets you manually add devices. It then provides configurable polling of each device, using any of the services available on that server - DNS, HTTP, imap4, ping, and/or SNMP. And a GUI colour display, visually providing the status of each device. And a mouseover display showing historical metrics for each device. And configurable SMTP alerts, if any device, when being polled, fails to respond.

NetStumbler
NetStumbler provides a site survey of your WiFi neighborhood. It inventories, over time, all of the WiFi Access Points visible from your location, and provides useful detail like Channel used, SSID, and various signal strength figures, at any time. For each AP inventoried, it also builds a running signal strength graph, with measurements taken every 5 seconds. If you have a GPS, NetStumbler will use the GPS to gather location and distance measurements for each AP observed. NetStumbler takes a bit of effort to install, but it is worth the effort.

PingPlotter
PingPlotter combines the standard IP utilities ping and traceroute, and presents the results in a GUI display, over time. It has numerous configurations that let you change the graph to show the results in different time scales, and to let you dynamically zoom in on time periods of interest. I can think of no better tool to help identify and document time of day, and location in route, of a network problem. For more discussion about PingPlotter, see Diagnosing Network Problems Using PingPlotter. PingPlotter installs and upgrades unobtrusively. The trial version of PingPlotter is free.

Site Meter
Site Meter places a meter on your web page, and counts individual visitors to the web page. It will also record numerous details about each visitor, and their various views of your website. It's similar to Stat Counter. Site Meter records each individual visitor to any page being tracked; the free version limits itself to 100 unique visitor tracked at any time. You will see more visitor information overall than Stat Counter; though Site Meter shows you only the first and last pages viewed by each visitor.

SoftPerfect Research
SoftPerfect Network Scanner enumerates each host on your network, listing IP address, MAC address, and Name. It requires no installation, and can be run from any convenient folder. Like Angry IP Scanner, it's a useful tool in finding out what computers are on your LAN.

Stat Counter
Stat Counter places a meter on your web page, and counts individual visits to the web page. It will also record numerous details about each visit, and the unique visitors to your website. It's similar to Site Meter. Stat Counter records each individual page load of any page being tracked; the free version limits itself to 100 page loads tracked at any time. You will see more complete visit information than Site Meter; though Stat Counter shows you detail about less unique visitors overall.

SysInternals
I'm almost tempted to write a whole separate article on SysInternals, which is now an elite division of Microsoft. They put so many excellent products out there, free for us. But let me start with the ones I know best. All SysInternals utilities require no installation, and can be run from any convenient folder.

• Autoruns lists each process automatically started by the system, looking in close to a dozen startup lists, including the well known 4 lists, and a host of lesser known ones. This is an excellent lightweight process inventory tool, similar in effect to HijackThis. For one example (of many possible) use of Autoruns, see LSP / Winsock Analysis Using A Log From Autoruns.


• Filemon makes a scrolling display of each file as it is accessed, including the process accessing it, the action used in the access, and the status (success / failure). Its display, and logged output, can be filtered by a variable string, which can be used to identify a process, or a file, as you need.


• Process Explorer shows a very detailed list of all processes running on your computer, including how each process started, what resources each is using, what components are used in each process. It is highly configurable, and constantly keeps me busy with new discoveries.


• PSTools is a collection of command line utilities that let you diagnose and maintain your computer, and the other computers on the network. The name PSTools is based, in the words of the author, upon "the fact that the standard UNIX process listing command-line tool is named "ps". It does, in fact, give UNIX like command control to you.


• Regjump is a batch utility, that opens Regedit, and jumps immediately to the registry key which you specify. Copy and paste a registry key, from any text, into a command window, preceded by "regjump ". Instant access to any key which you need to access, without having to parse down the registry tree (opening half a dozen branches, repeatedly, gets tiresome).


• Regmon makes a scrolling display of each registry value as it is accessed, including the process accessing it, the action used in the access, and the status (success / failure). Its display, and logged output, can be filtered by a variable string, which can be used to identify a process, or a registry value, as you need.


• Rootkit Revealer lists each resource on the system from two perspectives, first by enumerating each resource thru standard system calls, then by analysing the contents of the system itself, byte by byte. It compares the difference between the two lists, and identifies everything it finds in the detailed system analysis that is NOT reflected in the standard enumeration. This final list it presents to you for interpretation.


• TCPView lists all open ports on the system, what process owns each port, and its local and remote endpoints. It complements Process Explorer quite nicely.

Technische Universiteit Eindhoven
SequoiaView shows you, at a glance, where your disk space is being used. It uses a technique known as Cushion Treemaps, to graphically map, by relative size, the larger folders or files in your storage. It will require all other programs to be closed when installed, though it won't force a system restart.

UltraVNC Project (SourceForge)
UltraVNC provides a remote desktop support structure that runs on all operating systems, not just Windows XP as Remote Desktop does. It also has a solution for your clients who may use dynamic public ip addresses, and / or connect thru a NAT router, a problem that has always hampered server access. You make a server out of your desktop, and let your client connect to you, even though it's their desktop on display. It does have a rather complex setup procedure, but you can do most of the setup yourself, or walk your client thru the process. It's worth the time, in the resulting support ability that you will have.

Visualware
VisualRoute superimposes a traceroute over a map, to geographically show the various hops traversed between you and the host that interests you. It provides a suite of details about the network, and the hosts traversed by the path. VisualRoute requires Java; other than that, its installation (and periodic upgrade) is painless and unobtrusive.

Please Protect Yourself - Layer Your Defenses

One of the earliest ways of making yourself safe in the Internet was not letting yourself be seen. There are many forms of Security By Obscurity, and they all sound logical.

Security By Obscurity, which may or may not be a good idea, does not replace a good layered defense. Each layer is necessary, because no single layer can produce complete protection. And consider each component carefully, and uniquely, for each network or person being protected.

Now if you're just getting started here, this advice may seem like a lot to take in at once. And it is just that, so take your time reading. Consider one layer at a time, and ask questions.

• Introduction
  
• Layer 1 - Perimeter Network Protection
  
• Layer 2 - Individual Network Protection
  
• Layer 3 - Software Protection
  
• Layer 4 - Common Sense
  
• Layer 5 - Education
  
• Overall Strategy
  

>>Top

What is a layered defense?
Start by considering a typical medieval castle - classically, one of those would have:

• A moat - a wide and deep ditch, filled with water.
  
• High and thick castle walls.
  
• Guard towers, small castles in themselves, in key portions of the castle walls, but more fortified.
  
• Small, narrow windows that were used for thru shooting outwardly.
  
• An inner sanctum, typically called a "keep", that was a small fortified castle in itself.
  

Each one of these elements was designed to be enough to protect the inhabitants against intruders. Frequently, though, the intruders would breach the outer defenses, and the inner defenses were needed to protect the owners (though not all the inhabitants) of the castle.

A layered defense for your network is similar to a castle in concept. The outer layers should be sufficient, but in case an intruder gets thru one layer, you have another layer protecting you. Better too much protection than not enough.

>>Top

Layer 1 - Perimeter Network Protection
First, you need to protect your perimeter - the outer edge of your network. Perimeter protection, such as a NAT router, is the first layer in a good layered defense.

A NAT router acts as a firewall, in that it passes only requested traffic back to the computer that requested it. It won't selectively filter traffic from hostile addresses, nor selectively filter bad protocols or programs, however. Some NAT routers also contain firewall components, but they will probably not be as comprehensive, or as configurable, as an ICSA certified firewall.

For more information about firewalls in general:

• Microsoft (KB321050): Description of a Personal Firewall.
  
• PChuck Better Protection - Hardware or Software Firewall?.
  
• Wikipedia Firewall (networking).
  

Please don't confuse the perimeter firewall, which is hardware based, with a personal firewall, which is generally software based. Personal firewalls are discussed in Layer2.

One firewall or NAT router protects your entire LAN, and is a good idea even if your LAN consists of only one computer. A NAT router today is equivalent in concept to perimeter protection, which was considered sufficient 5 years ago. Now we know to use multi-layered defense (aka layered defense).

All NAT routers don't have the same features. Some are designed for special needs.

• If you have dial-up Internet service, you can still use a NAT router for protection.
  
• You can complement your Ethernet network with the convenience of WiFi, but be aware of the specific security needs of WiFi networks.
  

One of the problems with the medieval moat was that it only protected against ground based attacks. The attackers could stand well outside the castle, and fire arrows, or use a catapult to lob rocks, at the castle and its inhabitants.

You can block Internet based threats with your firewall, or NAT router, but WiFi will be a danger unless you use both encryption (preventing malicious eavesdropping of your WiFi traffic), and authentication (preventing injection of malicious WiFi traffic, or access to your servers). WEP is the absolute minimum security that you may use, but I will never recommend anything less than WPA.

>>Top

Layer 2 - Individual Network Protection
Besides protecting the outer edges of your network, you need to protect its interior components. Interior (individual computer) protection requires a port monitor or a personal firewall.

• A port monitor lets you see what network traffic is active on your computer. There are two which I use. TCPView, from Sysinternals, is free, easy to install, and lightweight. Port Explorer, from DiamondCS, is free for the basic version, takes a bit of work to install (but is well worth the time), and is very configurable.
  
• A personal firewall lets you actively control what network traffic is allowed to reach your computer. In some cases, it will also be used to control what traffic is allowed to exit it, directed towards other computers on your local network, or towards the Internet itself. See various discussions in comp.security.firewalls for good advice on choosing a personal firewall. A personal firewall can selectively block incoming or outgoing traffic, while a port monitor can provide more detail about network conditions, and can provide you additional warning about problems.
  
• Besides a personal firewall, which filters network traffic between your computer and the outside world, you can use a sandbox or virtual machine to keep all untrusted network activity separate from the rest of your computer. SandboxIE, which is a lightweight virtual machine, was originally developed to keep Internet Explorer isolated from the rest of your computer; but it can just as well isolate any browser, or any single application, from the rest of your applications.

You need a personal firewall on each computer in your LAN; in case one computer gets infected, a personal firewall on the others could save you a lot of trouble. Note that traditionally, a personal firewall would be software based. Now, there is also the possibility of a hardware firewall, sitting inside your computer. The nVidia nForce is probably the first, but surely not the last, device of this type.

Relying solely upon a personal firewall or a port monitor, to protect you against hostile outgoing network activity, is like relying upon a dentist for protection, and having him fill the cavities in your teeth. Brushing and flossing (here equivalent to the Third Layer) is a so much more pleasant way to spend time, in the long term.

>>Top

Layer 3 - Software Protection
Perimeter and individual network protection protects you against malicious network traffic. You also need to protect yourself against malicious content. Properly chosen content protection, on each individual computer, complements network based protection. Content protection has many components, to counter the many ways the bad guys will try to take control of your computer. Use as many as possible - better one or two, than none.

• Activity related protection.
  • Always use AntiMalware protection. Make sure that it includes real time (on demand) scanning, plus a regularly scheduled complete system scan, and make sure that it's regularly updated. See discussions in alt.comp.virus, and alt.privacy.spyware, for advice. Complete instructions, using Spybot S&D and HijackThis (both free), are provided by SpywareInfo.
  • If you download files, use an on-demand trojan scanner. I have been using A-Squared Free for a while. I have also seen recommendations for BOClean, Ewido, and TDS-3 from DiamondCS. A-Squared Free (aka A2) is free, I am not sure about cost for the others.
  • Understand the differences between trojans (adware / spyware) and viruses.
  • Secure your operating system, and applications. Don't use, or leave activated, any accounts with names or passwords with trivial (guessable) values. Don't use an account with administrative authority, except when you're intentionally doing administrative tasks.
• Component related protection.
  • If you feel up to it, you can learn to interpret a HijackThis log - on your own, or with carefully chosen assistance.
  • Harden your browser. There are various websites which will check for vulnerabilities; I use and recommend two:
    • Jasons Toolbox.
    • Scanit.
  • Consider using an alternate browser, like Firefox, for the majority of your browsing activities.
  • Harden Firefox - Eric Howes tells us how in Mozilla Firefox Privacy & Security Settings.
  • Harden Internet Explorer - block ActiveX scripts from malicious websites. Populate the Restricted Zone database, using Eric Howes IE-SpyAd, or configure IE to safely browse untrusted Internet Zone websites.
  • Block known dangerous scripts from running, and possibly installing spyware, using SpywareBlaster.
  • Block known spyware from installing, using SpywareGuard.
  • Make sure that the spyware detection / protection products that you use are reliable, with Eric Howes Rogue/Suspect Anti-Spyware Products & Web Sites Database.
  • Harden your operating system. Check at least monthly for security updates, with Windows Update. Or do as Microsoft wants you to, and enable Automatic Update (I prefer retaining a small amount of control; your needs may differ).
• Web site related protection.
  • Block Browser Helper Objects (a type of script) from installing into Internet Explorer, using BHODemon (free) from Definitive Solutions.
  • Block script execution, from unknown websites, using NoScript, for Firefox.
  • Protect yourself from web sites with malicious content - either don't go there, or know when you are surfing a web site with malicious content.

>>Top

Layer 4 - Common Sense
Next, use common sense when installing software, and when using your computer.

• Don't install software based upon advice from unknown sources.
• Don't install any software, without researching it carefully.
• Don't open email unless you know who it's from, how and why it was sent, and that it was sent intentionally to you.
  

The most critical tool, in your defense, is right between your ears. Keep your Chair To Keyboard Interface carefully tuned. If you're playing music, and a EULA pops up, ask why you're seeing a EULA.
>>Top

Layer 5 - Education
Finally, educate yourself. This is a constant activity. Stay informed - Know what the risks are.

• Check the logs from the other layers regularly, look for things that don't belong, and take action when necessary.
  
• Read Usenet forums. Here are but 5 - there are dozens more.
  
  
  
  • alt.computer.security
    
  • alt.privacy.spyware
    
  • comp.security.firewalls
    
  • microsoft.public.security
    
  • microsoft.public.security.virus
    
  
  
• Read Web forums. Here are 3 - and there are dozens others.
  
  
  
  • AUMHA Forums.
    
  • BBR / DSLR Security Forum.
    
  • SpywareInfo Forums.
    
  
  
• Read various web pages that discuss security issues.
  
  
  
  • CERT
    
  • CIS
    
  • ISC/SANS
    
  
  

>>Top

Overall Security
My personal philosophy about protection is that you should apply protection repeatedly, until you run out of money, paranoia, system resources, or time.

• Most of the above products are free.
  
• I am very paranoid - see my tag line (though not nearly so much as the experts at comp.security.firewalls).
  
• My main system, which is over 2 years old, runs 10% CPU / 20% memory utilisation when idle, and maybe 30% / 25% when in use. I have a suite of convenience and frivilous programs, that probably accounts for half of my idle resource utilisation; maybe 5% / 10% idle resource utilisation is from security products. I don't see that as excessive at all.
  
• I spend maybe 1/2 hour / day maintaining and running all of my security programs. Much less time than I've been spending with this blog, for instance.
  

There are many different opinions on this matter. I think that the resources that I spend preventing a malware infection are a far better investment than dealing with (experiencing, detecting, and removing) an infection that could have been prevented. So protect youself, and the rest of the internet, please. The rest of us, who see the effects of our friends becoming infected, thank you.

A Simple Network Definition

If you have more than one computer, or if your one computer connects to the internet, then you have a Network. Your network probably contains Client computers, and Server computers. Your network contains one or more groups of computers (even with one computer, you have a group of one) - Domains, and / or one or more Workgroups.

• If your computer accesses data on another computer - either another computer that's yours, or that's on the Internet, then you have a Client.
  
• If your computer provides, or offers to provide, data to another computer, you have a Server.
  
• Most Windows computers perform as both clients, and servers, at the same time.
  
• Membership in a domain or workgroup gives the ability to easily identify the computers that you need access to the most. This is other computers in your domain or workgroup.
  
• If your network includes a special Server that validates access for another Server, you have a Domain.
  
• If validation of access on your Network simply consists of setting up an account on each individual Server (and maybe a matching account on the Client), then you have a Workgroup.
  

See other articles in PChuck's Network for further discussion.

• A Set Of Simple Network Components Definitions for how we connect the above objects.
  
• Windows Networking for how we use the above objects.