In some ways, computers have become easier to use. Graphical user interfaces (GUIs) have made it possible for even novices to punch away at buttons and menus until something useful happens. What GUIs produce is the way we work on computers like the Apple or the IBM PC using Windows.
But we also have to worry about a lot of stuff that used to be the domain of people with advanced degrees in computer science.
Take computer security. For years, government, academia and businesses have had to contend with hackers roving through their networks, which in turn led to the development of "computer security" experts and software to help them. Now, thanks to the advent of Internet connections in the home that are always on, you, too, must deal with the folks who want to leisurely probe your computer or crash it maliciously.
We've already spent a few weeks dealing with some of those issues, and now we're going to tackle one of the most complicated, namely, firewalls. These are programs, or hardware, that let you on to the Internet while keeping assorted baddies out. Unlike handling antivirus software, it helps to have a bit of theory under your belt.
To start with, here's what they didn't tell you in all those articles you've read about how wonderful the Internet is: Unless specifically protected, every computer on the Internet, including yours, is equally accessible to every other computer. In fact, that's the definition of the Internet - a set of protocols that connects computers.
If you have a home network, you can make your hard drive available to your child's or spouse's computer. In exactly the same way, any of those disk drives can be read across the Internet, and can be vulnerable to insertion of viruses and other cybercritters.
Now this potential problem has been hidden from home users for years. Why? Most of us have been using modems to connect to the Internet. We hopped on, grabbed e-mail, browsed some pages and logged off. We were, in other words, moving targets. A second reason: Our addresses were temporary. Our Internet service providers handed us a different IP address (our unique Internet identifier) every time we logged on. So, not only were we in transit, we were anonymous.
That's changed with the advent of high-speed connections with cable modems and DSL (digital subscriber lines). Both can keep your computer connected to the Internet permanently, and you usually retain your IP address unless you disconnect. You now have exactly the same security problems as all the other Internet sites - except you don't have corporate security systems and a full-time security expert to monitor them.
So what are the rest of us supposed to do? First, don't get too worked up; if you're like most folks, you have a lot less at stake than a company that keeps its systems connected to the Net.
No one is exactly targeting you. Unless you have some particularly valuable information, about all you need to worry about is the time and trouble it takes to fix a crashed computer and restore your address book and bookmarks. A second potential problem: Your PC can be exploited to get at an office system to which it has access.
In general, to a hacker you are a target of opportunity. These guys have automated software that scans hundreds of computers sequentially for egregious security flaws - open sharing of disk drives, for example.
You can get an idea of how this process works by testing your own computer via one of the many free security scan sites on the Net. You log onto a special Web page, enter the IP (numeric) address of your computer, and the remote system looks at your PC and tries to find vulnerabilities. A secure computer is "invisible," e.g. no services are shown as available to the external scanning system. We like Gibson's Research's "Shields Up" (www.grc.com) for its thorough explanations of what it is probing.
Assuming you get a negative result in one of these tests, most hackers will, too. They're a lot like burglars - a modest alarm system and a decent lock are usually enough to send them to a less secure place.
The computer equivalent of a burglar alarm and lock is the firewall. In big computer installations this is usually a highly secure PC that's running specialized software that sits between the internal network and the Internet at large. In the home, however, firewalls are more often incorporated into a device called a router,
Alternately, you can run firewall software on each PC you want to protect. You can use a stand-alone program or Windows XP, which has a simple built-in firewall.
The firewall determines which types of traffic are permissible and which are not. In its simplest form it would, for example, allow traffic to travel in each direction for Web browsing, but not for accessing your disk drive. Firewalls can perform this sort of filtering function because individual Internet services, such as Web browsing, e-mail or file transfer, are assigned so-called service ports, identified by numbers.
By closing off that numbered port, that particular service is disabled. There are literally hundreds of individual numbered ports that encompass not just general services such as Web browsing, but specific networked games or a particular brand of remote-control software.
A firewall has other tricks, too. It can block not just incoming traffic, but outgoing traffic as well.
A hardware firewall that sits between your network and the Internet and serves more than one computer can also be used to set different security levels on individual PCs. Computer No. 1, used by your daughter, can only have access to services on the World Wide Web. Your own computer, on the other hand, can use FTP (file transfer protocol). You could even designate a third computer as totally unrestricted, and all services to and from that computer would be available, so you could run a Web server or FTP site on it.
Sounds complicated? Well, it is. With hardware devices you have to know which ports to open and close and how to allocate them among the PCs on your home network. Games are particularly troublesome, as are videoconferencing systems. Software firewalls tend to be easier to use, because they prompt you whenever a service port makes an Internet connection; you're given the option of allowing a one-time connection or allowing all traffic of that type to connect. Of course, if you're not sure what you're do ing, it's pretty easy to inadvertently open a port that should otherwise stay closed.
Distributed by the Los Angeles Times-Washington Post News Service
Brainerd Dispatch ©2013. All Rights Reserved.