There are additional vulnerabilities associated with having a computer directly connected to the Internet for an extended period of time. This applies to all users but it is extremely important for users with cable modem or digital subscriber line (DSL) Internet access. These methods of connection do not require 'dialing' into the Internet and thus are sometimes described as 'always on' connections. Unfortunately, as long as the computer remains 'on' and connected to the Internet, malicious parties have a continuous window of opportunity for attacks on the user's personal computer.
If you use a cable modem or DSL connection for Internet access, you can limit this security risk by disconnecting from the Internet when your session is complete, or by turning off the cable or DSL modem. However, if you want to continue to take advantage of the 'always on' feature of cable and DSL connections or if you run extended dial-up sessions on the Internet, we recommend the following security measures be taken:
- Disable File Sharing on Your Personal Computer File sharing is a feature of Windows1 that allows other computers to access your personal computer, even from across the Internet. Microsoft1 has provided instructions on how to disable file sharing in Windows Help (Click Start, Help, then choose the 'Index' tab and type "file sharing, disabling").
Our recommendation is to disable file sharing. However, if you choose to retain this option for your particular environment, exercise due care and apply appropriate security measures.
- Install a Personal Firewall
Install and frequently update a proven personal firewall product, such as Personal Firewall Plus1, Zone Alarm1 that can be configured to prevent unauthorized access to your personal computer and keep it up-to-date.
- Get Computer Security Updates
Ensure that you are using a legally licensed operating system. You may be able to improve the security of your system by getting updates to help correct issues that may make your computer vulnerable to virus or worm attacks. As such, you should diligently apply security patches as they become available. Find out more:
If you have a wireless network, there are additional measures that should be taken to protect your Internet connection:
- Use encryption - Enable the highest level of encryption available for your router; newer wireless routers typically use Wi-Fi Protected Access (WPA), and older versions use Wired Equivalent Privacy (WEP). This will encrypt all data transferred between your personal computer and wireless router. In addition, devices without your encryption key cannot connect to your wireless router.
- Change your default password - All wireless routers are given a default administrator password by their manufacturers, so make sure to change this password to prevent unauthorized access to your wireless router.
- Change SSID (Service Set Identifier) - The SSID is the name of your wireless network. In order for a computer to connect to your wireless network, the SSID must be known. You should change the manufacturer's default SSID name to a unique name that will not be easily guessed, and has no direct connection to you or where you are located (e.g. don't use your last name or street address).
- Switch off SSID broadcasting - You can further secure your network by disabling SSID broadcasting, which will hide your network from outsiders. It would be very difficult for an outsider to access your network once you have changed your SSID and turned off broadcasting, as they would have to start guessing the name of your network to access it.