The Internet looms large as an entry source for both of these intruders. A Virus is a piece of “code” that replicates, reproduces, or propagates itself in its own image. Viruses embed this code in executable or other files in programs. Some viruses are written as “scripts” that attach to the underlying code in the carrying programs. In general, most viruses attempt to reproduce themselves.

Unauthorized entry by users who manipulate, copy, or otherwise steal data is accomplished by “hacking” or attempting to get pass the security of the machine. Again, the Internet provides a ready avenue for intruders to attempt “break-in” attacks on a computer.

Virus protection
Viruses come in many “sizes”, and generally attempt to reproduce themselves upon execution. Some, called Trojan Horses, lie undetected as part of an executable file, and upon execution, do damage to the computer hardware or software. There are worms that wait for a significant event such as a calender date such as Friday the 13th to execute. The macro viruses attach their code to the macros imbedded in the Microsoft Office Suite wordprocessor (Word), or spreadsheet (Excel) applications. The latest virus to attack is the scripting virus, which takes advantage of the Windows OS and applications.

Viruses are generally divided into three or four categories by their chosen area of attack. These attacks are on the computer Boot Sector, the operating system (OS), and as part of the executable files of programs. The macro and script viruses are new and may not need to be part of an executable. By executable, I mean an executable program file. These files normally end with extensions such as .EXE, .COM, .BIN, or .BAT. The macro viruses attach themselves to files generated in MS Word or Excel with extensions ending in .DOC or .XLS for example. Other macro files may be included.

Script viruses are one of the latest ways of attacking and use the built-in Windows OS and associated Windows application scripting capability to make the attack. These viruses can be defeated by turning the Windows 95/98 OS Default Scripting capability off. This is done by opening Control Panel, selecting the [Add/Remove Programs] icon, selecting the [Accessories | Details] button and clearing the [Windows Scripting] check box. Next, go into Outlook and Outlook Express and deselect the Scripting capability in each of those programs.

Viruses are combated by installing an Anti-Virus application program. Commercial and Internet download versions are available. Symantec Norton Anti Virus and McAfee Virus Scan are examples of commercial applications. Other programs include F-Secure Anti Virus and Dr. Solomons Anti Virus. Every computer should have a copy of one of these application programs installed. Only one is needed as the applications can get in conflict if more than one is running or installed on a computer.

I use Norton Anti Virus. I keep a copy on each of my computers as up to date as possible in version as well as Signatures. I like the Norton Live Update process and the Symantec Anti Virus research/knowledge Web site for information. I normally use the latest version until it is superceded by the next version or stops being supported by the Live Update process. This way I am fully covered with the Live Update process for new Signatures at all times. This is a very competitive market, making the latest versions of the programs available at reduced or bargain prices.

I have mentioned Signatures twice so far. Each known virus has code which makes it recognizable. This code is called it’s signature. This signature code is stored in the Anti Virus program for use by the program in automatic or manual scanning for viruses. Signatures change and new ones are added all the time. This is the reason for keeping them up to date by using the Live Update (or whatever it is called) utility which comes with most of them.

Most of the programs have “automatic scan” capability. Turn this feature on to catch any viruses that show up during downloads or other data input. It is a good idea to also use the manual checking capability of the anti virus program to check specific downloads before they are executed. Manual virus checking is a technique that must become standard in one’s use of a computer. The way to do this is to have one standard sub-folder (sub-directory) to place all downloads in. Use Windows Explorer to maneuver within your computer and place all downloads in the download directory. Run the anti virus program on that new file before it is executed (opened).

Security of the machine and the contained data implies that the data files be kept intact from virus problems. Viruses attack from many sources, unchecked floppy disks, traded software applications, the Internet, and many other places. The basic method of keeping viruses away from one’s machine is to never put unknown applications in it. Knowing that is not possible, the next best way to combat viruses is to have a Anti-virus program installed and working in the computer.

Firewalls
Data security also means to most of us, applying methods of keeping intruders away from our computers when we are connected to the Internet. Communications efficiency provided by the Internet has moved private networks to attach themselves directly to it. This rush to connect to the rest of the world leaves private computers and networks vulnerable for hackers to gain unauthorized access to the computer’s or network’s private resources. A connection directly to the Internet is a connection directly to every other network attached to it.

One of the methods of keeping intruders away is have a Firewall installed as software or hardware between the computer and the outside connectivity point. Firewalls are used to create security checkpoints on the boundaries of private computers or networks just like controlled borders around nations are done. The firewall routing function provides an inspection capability for all communication passing between the private computer or network to the Internet. These routers are called screening routers and perform three basic functions:

1. Packet Filtering
2. Network Address Translation (NAT)
3. Proxy Services

4. Encrypted Authentication
5. Encrypted Tunnels (Virtual Private Network (VPN).

Packet filters reject TCP/IP packets from unauthorized hosts and rejects connection attempts to unauthorized services. Packet filters may be implemented inside routers to prevent suspicious traffic from reaching the destination, whereas, TCP/IP filter modules in servers prevent that specific machine from responding to suspicious traffic. Filters normally drop inbound connection attempts and allow outbound connection attempts. They also restrict TCP/IP packets from using ports which have been made unavailable for traffic. Filters restrict inbound access to certain IP ranges.

Network Address Translation, known as IP masquerading, hides internal hosts (computers on network using TCP/IP protocol). The NAT host takes requests from all internal network hosts, thus hiding their identity from the public network. NAT provides multiplexing of a single IP address across an entire network, i.e., one public IP address is converted into many inside the internal network. NAT only works at the TCP/IP level.

Proxies allow the complete disconnection of the flow of network-level protocols through a firewall and restrict traffic only the higher level protocols. Proxies stand in for outbound connection attempts to servers and then make the request to the actual target server on behalf of the client.

Encrypted authentication allows external users on the Internet to prove to a firewall that they are authorized users and are authorized to open connections through the firewall to the internal network.

Encrypted tunnels (VPN) provides the ability to securely connect two physical networks over the Internet without exposing data to unauthorized monitors. Once established, the VPN is impervious to exploitation so long as the encryption remains secure.
Routers are being marketed to provide one or more of these functions. This is especially needed in the SOHO environment for security. SonicWALL SOHO routers, WatchGuard SOHO routers, and WebRAMP all make this class of router. Of course, Cisco, and Lucent do them for business. They provide NAT and Proxy services normally and usually add DHCP for addressing in the internal network.

Firewalls can also be software applications. NT Proxy Server is a business application. ZoneAlarm is a software application as is Black Ice Defender. 

All direct connections to the Internet need some mix of these functions to protect against outside intrusion.

Conclusion
I employ all of these functions in my network. I use a MultiTech ProxyServer in my network mix as well as software firewall versions such as ZoneAlarm.