I n f o B u l l e t i n

so everything's fine then ... isn't it?

Who's peeking in at your network ?

The big difference with broadband services, like ADSL (what is ADSL?), is that they connect you permanently to the Internet (hence 'Always-On'), making your internal network (LAN) a more susceptible target for external hackers. Suddenly you could find all sorts of undesirable folk 'breaking in' and committing data theft or wreckage.

How do you deal with it ?

Do you only make jokes to distract yourself from the truth or are you the sort that says "I don't like it, Carruthers, - it's too quiet out there!"

Here are the essential tips for protecting your broadband-connected network, as well as your colleagues' PCs who connect to your LAN from home. In a nutshell:

1. Update PC system files regularly
2. Install anti-virus software on all PCs
3. Put a firewall between you and the Internet

You should apply these almost as rigorously if you have a dialup line too. If you're organisation is hammering the modem or ISDN dialup all day long, it's as good as a permanent connection, with the exception that at night it's effectively 'closed for hacking' - often when a lot of damage can be carried out unnoticed.

1. Update PC system files regularly

   Microsoft provides an automatic updating tool for Windows systems at http://windowsupdate.microsoft.com that selects appropriate patches based on an analysis of your PC and, if you so choose, downloads those "Critical Updates" to plug the security holes. Read more in our Windows security article.
   Want more information about security issues ?

   • Subscribe to the Microsoft Security Notification Service at : http://www.microsoft.com/technet/security/bulletin/notify.asp. This is a free e-mail notification service that Microsoft uses to send technical information to subscribers about the security of Microsoft products like Windows, Outlook and Internet Explorer.
     
   • For the latest on Linux security issues, visit http://www.linuxsecurity.com/. Here you can subscribe by email to "Linux Security Week" and/or "Linux Advisory Watch" - a comprehensive list of all the security bulletins that were distributed for the week.
     
   • The superlative and detailed CERT (http://www.cert.org/) advisories and bulletins, operated by Carnegie Mellon University, cover all computer systems and can received by email by visiting http://www.cert.org/contact_cert/certmaillist.html.

2. Install anti-virus software on all PCs

   The trends in virus delivery methods are now heavily biased towards email. Running your own email system means you must have excellent anti-virus scanning in place. Suppliers will often allow home users to be included in the allocation of licensed anti-virus users, even though they are not on the same site, which saves buying extra licences or leaving remote workers to buy and install their own (maybe inferior) choices. These are the top Anti-Virus suppliers.

   The subscription pages for the major Anti-Virus suppliers are:

   • Sophos http://www.sophos.com/virusinfo/notifications/
   • Symantec http://www.symantec.com/avcenter/newsletter.html
   • Datafellows http://www.datafellows.com http://www.datafellows.com/support/av-workstation/generic/faq.shtml Find it under this FAQ (needs the BackWeb client).
   • Network Associates (NAI) and McAfee :
     You can find AV software updates at the sites below but they don't run an email alerting or subscription service.
     http://nai.com/
     http://www.mcafeeb2b.com/international/uk/

3. Put a firewall between you and the Internet

   A firewall prevents hackers from connecting to your computer or network. They broadly come in software or hardware varieties, with software firewalls being generally less expensive, because you have to supply a computer to run them on.

   For teleworkers:
   Three things make teleworkers especially vulnerable to hackers:

   1. Home users often don't understand that their broadband connections are 'always-on'
   2. Broadband ISPs often assign a permanent IP address (as opposed to an dynamic one) to each customer, making it easier for hackers to re-locate the teleworker's machine
   3. Firewalls are not supplied by default with many broadband services

   A software firewall is going to be the simplest and cheapest option and single versions cost between £20 and £40 to buy. Although it will use some of the PC's resources while it's running, a software firewall is easy to configure, conventionally beginning with a default of all transmissions blocked. As you use the PC, simple prompts query to allow or block transmissions and whether to make those rules permanent. ZoneAlarm ranks among the favourites, partly due it's free downloadable version.

   • ZoneAlarm Pro
   • Norton Personal Firewall
   • McAfee Firewall
   • BlackIce PC Protection now acquired by Internet Security Systems (ISS).

   Firewalls are also now available as plugins for laptops on a Flash memory module.

   For the local network:

   For any network that enables several computers to connect to the Internet using an 'Always-on' broadband (Cable, xDSL) connection, get a hardware router box with firewall features.
   

   Entry-level firewall hardware routers currently come in around the £300-400 (ex VAT) range and the WatchGuard Firebox SoHo for small offices, typically 10 to 50 users strong, is suitable rated.

   For serious, multiple branch offices using Virtual Private Networking (VPN), a GNAT box solution is the answer, starting at £1000 upwards.

   For a small office/home office (SoHo) network, a low-cost router with network address translation (NAT) will suffice . For more security, consider a firewall router with stateful packet inspection (SPI). SPI capabilities vary for each router and vendor.

   Example Hardware Router manufacturers

   SPI Routers	NAT Routers
   D-Link	Asante
   Netgear	D-Link
   Snapgear	Linksys
   SonicWall	MultiTech
   WatchGuard	NetGear
   	SMC

   What is NAT ?

   Network Address Translation (NAT) effectively hides individual IP addresses of PCs from the outside world. Like a proxy server, NAT acts mediates between a group of computers (your LAN) and the Internet and represents your network with just a single IP address. Thus, intruders scanning the Internet for IP addresses cannot identify local computers on your network or capture their details.

   What is SPI ?

   Stateful Packet Inspection is like super-charged packet filtering. It looks at the contents of Internet packets of information flying across your firewall and examines where they came from and where they are going to. If one of your local computers didn't request that packet, it gets blocked. SPI also ensures unused ports remain closed by default, thus closing down avenues to potential hackers who use port scanners.

   Learn more about firewalls in Great walls of fire.

Summary

While no security measure can offer 100 percent protection, taking a few simple steps can greatly reduce the chance that a home PC will fall prey to hackers. More importantly, it just might save your company network.

Contacts

Related articles:
See "Kitting out teleworkers" and "Get patched!"

Want to know more? Talk to us or write to us here.

What is it ?

In a similar way that we might take a course of flu jabs, we all keep our networks secure from computer viruses by subscribing to anti-virus software from one of the major vendors. But if your body is susceptible to colds in some way, that may not be enough. Likewise, computer systems have many weaknesses, or vulnerabilities - and these can be exploited by hackers or by the second-order effect of other viruses.
These 'holes' must be patched before anti-virus software can do its job properly. In 2001, a large percentage of virus attacks were successful precisely because users did not patch their computers adequately, even though anti-virus software was running on them.

Where are the vulnerabilities ?

The most common vulnerabilities fall into these categories, although viruses may use combinations of them to launch attacks :

• Microsoft Outlook
  Viruses are increasingly email-borne and the No.1 favourite with hackers is still Outlook or Outlook Express. Viruses can 'disguise' themselves and appear genuine by collecting information as they travel - like "Reply-to" addresses, subject headers, address book data and document titles - and substituting that data into bogus emails to encourage unsuspecting recipients to open them, thus triggering malicious payloads. Early viruses like Bubble Boy made use of an Outlook vulnerability without even requiring the email to be opened.

• Microsoft Internet Explorer
  IE has been the subject of numerous patches to vulnerabilities like the cache bypass one. Hackers are hoping to lure potential victims, say from advertising in an email, to a web site they control. While the victim browses the site, malicious files may be downloaded undetected to their PC, possibly to be activated later on, or sensitive information like password files could be uploaded from the PC to the site.

• System files and scripts
  A large number of viruses gain control over your PC by renaming system and library files or editing startup files or the registry. Microsoft Visual Basic (VB) is a favourite route for hacking since it provides an up-and-running engine that can run a script (VBS), which although executing many everyday tasks, can just as easily run a damaging script if a hacker can place one on your PC.

• Microsoft Word macro
  Word provides a simple method of executing actions (rather than just inputting passive text, tables and images), but this has proved to be another entry route for hackers who can deceive recipients into opening a macro virus.

Plugging the holes: How to make it happen

Oh no - what is it now ? I've got a headache!

One of the most tiring forms of computer related strain.

A poorly-adjusted screen can go undetected for months or years, partly because people have different degrees of tolerance to flickering light sources, but also because, even when it's known about, users will often just plough on, thinking "I'll get around to fixing it later".

A simple way to check flicker

This is an easy test and, what's more, it's subjective - so it checks your interaction with the monitor, rather than measuring the monitor against some technical benchmark.

To do the test, you need to display as much white surface on your screen as possible. For instance, maximising an empty wordprocessor or editor like Notepad does the job admirably.

• Start your wordprocessor or editor
  ( Start | Programs | Accessories | Notepad )
• maximise it (click middle button in top RH corner)
• now check the flicker by staring into the distance above or to the side of the monitor - about 4" or 100cm above. If there is flickering, you will notice it 'out of the corner of your eye' while still staring into the distance.

You may want a few attempts at this, perhaps checking several monitors to see what the effect looks like.

Benefits

Reduces the strain on your eyes.

How to make it happen

We need to alter the "refresh rate" of the screen: the frequency with which it is painted. The default is often 60 Hertz (60 times per second) but, unless you need an incredibly high resolution for detailed work, this figure is usually too low and well within the 'bounds of annoyance' for most people.

In Windows :

What is it ?

BT’s mass-market internet business, BTopenworld, kicked off a series of nationwide 'Broadband Summits for Business' at BT Centre in London on 17th May, headed up by speakers like TV presenter Nick Ross and director of industry at the Office of the e-Envoy, Richard Barrington. The aim of the summits is to raise awareness of the benefits of broadband and act as a forum for debate and dialogue and hopefully encourage a greater number of smaller companies to join the broadband revolution.

Supporting the general theme of "working together to build a broadband nation", BTopenworld's chief executive officer Alison Ritchie said: "BT is now putting broadband at the heart of the company and we have a major commitment to support and promote its development." It seems that 2,000 businesses a week are taking up broadband connections like ADSL.

Contentions

Our recent experiences with consulting on and setting up several ADSL connections suggest things are less than rosy behind the scenes.
Conversations with the various strata of BTopenworld sales and technical people have resulted in contentions over what is and isn't technical possible or providable by them, notably:

What is it ?

Many organisations that have already upgraded to NetWare 5.x or 6.x overlooked what was required to move from an IPX to a pure IP environment, or did not even realise that these later versions supported pure IP. Older versions of NetWare encapsulated NCP (NetWare Core Protocol) commands in IPX/SPX packets only. Modern versions of NetWare can also encapsulate NCP in TCP/IP packets, thus allowing network clients to login using IP only (IPX is not even required on the workstation). The experience to the end user is really no different, but the overhead with supporting multiple protocols is completely removed. However, unlike IPX, an IP environment requires careful initial planning, and possible subsequent day-to-day management.

Benefits

So you might be wondering why you would want to move to a pure IP environment?

Possible reasons and benefits include:

• Simplifies network routing and troubleshooting by moving to a single protocol. This is especially useful for large networks that span physical locations, as expensive routers only need to be equipped with IP software, and configured for IP routing only.
• Removes the need for complex legacy IPX queue-based printing. NetWare 5.x and 6.x supports pure IP printing utilising NDPS (Novell Directory Printing Services). Each printer is represented by a single NDS object - not three as in NetWare 4.x.
• Reduces configuration complexities on networked PCs - only a single protocol stack is required to connect to all local and remote network, and Internet resources. This also saves memory, and reduces processing overhead.
• Allows the implementation of proper DNS (Domain Name Service) and DHCP (Dynamic Host Configuration Protocol) services onto the local network. DNS allows users to refer to network resources by friendly names rather than awkward IP addresses. DHCP dynamically allocates IP addresses to networked PCs, substantially reducing day-to-day administration.
• Modern NetWare applications (e.g. backup) support IP only, and support for applications that depend on IPX or bindery services is fading.

The move from proprietary to standard protocols

Unlike earlier versions of NetWare that used SAP (Service Advertising Protocol) to locate services (e.g. servers, printers, etc) on the network, NetWare 5.x and 6.x uses SLP (Service Location Protocol). SLP is a fully ratified TCP/IP standard - not a Novell proprietary protocol like IPX. Service Location Protocol in an IP environment provides a similar role to SAP in an IPX environment. However, SLP is a far more efficient protocol and is not a “broadcasty” protocol like SAP, thus saving bandwidth utilisation, especially on wide area networks.

How to make it happen

Implementing pure IP in a NetWare 5.x or 6.x environment has advantages for both small and large networks, and makes good sense in today’s connected world. But careful planning and forethought is required, especially if your current use of TCP/IP has just evolved gradually over time.

Phasing in pure IP slowly

When setting up NetWare 5.x and 6.x servers, it is normal to configure IPX and IP at the same time. Thus :

• Clients and/or devices that use legacy IPX clients can continue to login over IPX
• Applications or devices with newer versions of client software or firmware use IP

Summary

Overall it really is quite simple. More thought is only really required in a multi-server, multi-site environment where SLP, NDS Replication, Time Sync and IP routing considerations may apply.
Once the core infrastructure is in, you can migrate to pure IP (from a client perspective) by simply removing IPX (it's best to reinstall the client). A check worth doing is to ensure there are no applications that use SPX, such as RCONSOLE which is replaced with an IP equivalent.

Contacts

Setting up Novell's NetWare 5.

Novell document Migrating IPX to IP.

What is it ?

Another hoax - of sorts.

What is it called ?

A warning message is being distributed via email in various languages asking you to search and destroy a file on your PC called JDBGMGR.EXE. The warning claims you should do this because it is infected by a virus which may trigger after 14 days. Sound familiar? Well, its been slowly spreading its way round quite a few people lately.

What to do

In the first instance, be sceptical.

If - and only if - you have anti-virus software installed with regular functioning updates, then don't delete the file.

The JDBGMGR.EXE file may reside quite legitimately on your computer, being the Microsoft Debugger Registrar for Java.

But is it a hoax ?

Another older virus, W32/Magistr-A dating back to last year, confuses the issue, however, because this virus is capable of emailing out infected copies of JDBGMGR.EXE to recipients. A potential scare may have started this way. Your anti-virus software will have been detecting and foiling W32/Magistr-A since around March 2001.

The JDBGMGR scare in print

Usually looks like this:

The objective of this e-mail is to warn all Hotmail users about a new virus that is spreading by MSN Messenger. The name of this virus is jdbgmgr.exe and it is sent automatically by the Messenger and by the address book too. The virus is not detected by McAfee or Norton and it stays quiet for 14 days before damaging the system.
The virus can be cleaned before it deletes the files from your system. In order to eliminate it, it is just necessary to do the following steps:
1. Go to Start, click "Search"
2.- In the "Files or Folders option" write the name jdbgmgr.exe
3.- Be sure that you are searching in the drive "C"
4.- Click "find now"
5.- If the virus is there (it has a little bear-like icon with the name of jdbgmgr.exe DO NOT OPEN IT FOR ANY REASON
6.- Right click and delete it (it will go to the Recycle bin)
7.- Go to the recycle bin and delete it or empty the recycle bin.

IF YOU FIND THE VIRUS IN ALL OF YOUR SYSTEMS SEND THIS MESSAGE TO ALL OF YOUR CONTACTS LOCATED IN YOUR ADDRESS BOOK BEFORE IT CAN CAUSE ANY DAMAGE.

Contacts

How to make it happen

Here is a suggested IT checklist of what to provide:

1. A properly patched PC and an anti-virus subscription.
2. An email account is essential, with a Webmail account being a hot favourite, due to the lack of setup required on the remote PC - all it needs is a working Web browser. Search http://www.emailaddresses.com/email_web.htm for suppliers of free email accounts.
3. Likewise, an phone with messaging machine should not be overlooked, even if it means using and recompensing the home phone bill.
4. A fast Internet connection. The basic phone line puts teleworkers at a disadvantage, compared to their office equivalents, in that they cannot make calls and Web surf simultaneously. An ISDN ("What is ISDN?") or xDSL ("What is ADSL?") is also much faster. Be aware that ADSL bandwidth is shared locally, though with little residential take-up at present, home workers stand a good chance of getting a decent throughput.
5. A firewall is essential to protect even a standalone home PC from scanners and hackers these days, particularly if it's connected via an 'Always-On' service like ADSL. Of the many choices, ZoneAlarm is the probably the simplest and safest to configure and what's more is a free download for the basic version. For a small fistful of dollars you can buy the Pro version containing 'pro' features.
6. Voice recognition software is hopeless in an open-plan office, but really comes into its own in a quieter home environment. As a much faster way of 'banging in text' for documents, it cuts down on typing and strain injuries (RSI). Look for packages like Dragon's "Naturally Speaking" series and IBM's "ViaVoice" series which can cost as little as £25. Around 15 minutes training may be needed for a package to 'learn' your voice characteristics, but training then progresses on-the-job and full 'joined-up speech' is translated into text at normal talking speeds.

Complement the software with some 'soft skills':

1. Allow for training teleworkers in communication skills and time management; replacing face-to-face contact in the office with email and voicemail may not come naturally to everyone and scheduling their own time can be more difficult than expected.
2. Delegate a 'corresponder' or 'buddy' for each teleworker.
   A conversation at least once a day helps to keep them in touch. Catching them in the morning ensures they're out of bed and not online yet; an evening call helps check if those end-of-day deadlines have been met. Agree the format first so it doesn't translate Big Brother/Sister - although to some extent, that's what a line manager should do.
3. Set a worksheet plan
   Don't miss out on agreeing the basics like which days are in or out of the office, when teleworkers should be 'available' (in contact), how often to check various message boxes (some of this can be automated).
4. Set up support mechanisms for when things go wrong
   These need to cover both technical and human problems.

Related articles

Homework becomes popular!

What is it ?

Two urban myths are newly circulating the Net, emails, gossip, grapevine, etc.

Namely the gift vouchers and postcodes one and the AT&T technician one.
(Clips provided below).

Out of 29 valid returns from the Net, only one identifies this as a myth - the remainder all effectively repeat the same story, from leading newspaper articles to local OAP newsletters.
So how do you call it?

The answer as with everything else on the Net is to ask yourself: do you believe in what you see? Does wider reporting make something true?

The key is to look at the sources in any article and also its pedigree. Do they provide references?
The other key here was to note that all the other 28 returns showed identical copies of the story - practically never occurs in real life!

In this case, it seems that the research on the snopes.com web site looks pretty sound, so we vote for myth not scam. Here are their analyses for gift vouchers and postcodes and AT&T technician.

Barbara and David P. Mikkelson, who run the site, provide some fairly rigorous references to the Royal Mail, Royal Ulster Constabulary and nail them down as having started as UK-specific myths, with a decent analysis to follow.
Elsewhere they define their philosophy as: "Unlike the plethora of anonymous individuals who create and send the unsigned, unsourced e-mail messages that are forwarded all over the Internet, we show our work. The research materials we've used in the preparation of any particular page are listed in the bibliography displayed at the bottom of that page so that readers who wish to verify the validity of our information may check those sources for themselves."

Gift vouchers and postcodes myth

... goes something like this :

"We have been informed of the following scam, which is targeting females in particular. They receive a phone call from the Post Office asking them to confirm their postcode. When this is given, they are told that they have become eligible for some gift vouchers for their co-operation and are asked to provide their home address and postcode in order to receive the vouchers.
So far 90% of the women who have provided this information have been burgled, as it is assumed that their homes are empty during office working hours. The police are aware of this scam and the Post Office have confirmed that they are NOT conducting any postcode surveys."