JULY TUTOR ■

SAFE SURFING

safe
surfing
Making your Web connection secure and private while maintaining your system’s functionality is no small
task, especially considering the current vogue for electronic evil-doers. As news of Net-related bugs and
hack attacks abound, so have the letters from readers seeking shelter from the storm. Here are some of
the important questions raised about Internet security and, of course, the answers.

udging from the response to our ing is a connection between network com-

J article “Internet Security” (Janu-

ary 2000), readers are definitely
concerned about security while
ponents, both hard w a re and software .
These components include such things as
adapters, protocols, services and clients.
connected to the Internet. They sent in For example, your Ethernet adapter might
some important questions, so here’s a fol- be bound to the NetB E U Ip rotocol, and that
low-up with the answers. a d a p t e r / p rotocol combination might in
turn be bound to the File and Print Shar-

Q : How do I disable File and Print Shar-

ing for my Internet connection with-
out disabling File and Print Sharing on my
ing service.
These network components and their
bindings show up in the information you
local area network? see when you run the Network applet from

A: According to Microsoft, you must un-

bind the File and Print Sharing service
f rom the T C P / I P p rotocol stack that’s
bound to the hardware adapter used for
your Internet connection. That’s a mouth-
ful for sure, so let’s take a look at what it
means.
In the magical world of Windows 98’s
multi-protocol networking, the network
bindings are what count. A network bind-
Control Panel. From here, you have a con-
siderable amount of control over binding
and unbinding, which you must exercise
with care. A default set of bindings ap-
propriate to your hardware is created dur-
ing the Windows installation process. Af-
ter that, changes are usually made only
by your system or network administrator.
For more information on Windows 98
networking, refer to the Networking and

88 July 2000 www.DITnet.co.ae ■ www.pcmag-mideast.com


Intranets section of the Windows 98 Re-
source Kit or the excellent overview of
adapter, protocol and service binding avail-
able in the Shields UP! section on the Gib-
son Research Web site, www.grc.com.
Because you want to protect the Internet
connection and because that connection
uses the T C P / I Pp rotocol, you need to find
the unique binding of hardware adapter
and TCP/IP protocol used for your Inter-
net connection. You must then disable its
access to the File and Print Sharing service.
That will shut off File and Print access
from the Internet. As long as File and Print
S h a r in g r e m a i n e n a b l e d on t h e
adapter/protocol binding used for your
local area network, you’ll continue to have
LAN-based file and print sharing capabil-
ities.
Here are the steps to take in order to
disable File and Print Sharing on your In-
ternet connection: first, click on the Start
button, select Settings and Control Panel
and then run the Network applet. In the
Configuration tab, scroll down in the main
list until you find the component for the
TCP/IP protocol that’s bound to the hard-
ware adapter you use for Internet access.
My computer uses a V.90 modem with
dial-up networking for Internet access, so
the item reads TCP/IP g Dial-Up Adapter.
If you’re using a cable modem or DSL for
I n t e rnet access, you’ll have a diff e re n t
adapter.
Next, select that item and choose Prop-
erties. If you get a TCP/IP Properties In-
f o rmation warning box, dismiss it by
choosing OK. When you reach the TCP/IP
Properties dialog, select the Bindings tab.
This tab lists the network components that
will communicate using TCP/IP over your
adapter. At this point, make sure the check
box next to File and Print Sharing for Micro-
soft Networks is not checked (see Figure
1). If there are any other components called
File and Print Sharing, uncheck those, too.
Then press OK to close the dialog and
press OK to close the Network applet. If
you are asked to reboot the machine or in-
sert the Windows 98 CD-ROM, follow the
instructions.
Note that while turning off File and Print
Sharing on your Internet connection is im-
portant, you really need a personal firewall
product for complete protection.
Q: How do I protect myself and detect
intrusions if I’m using the Internet
Connection Sharing (ICS) feature of Win-
dows 98 to share Internet access over my
local area network?
A: You have a layer of protection al-
ready, in that you’re using Internet
Connection Sharing. ICS uses network ad-
www.DITnet.co.ae ■ www.pcmag-mideast.com
SAFE SURFING
FIGURE 1: To keep File and Print Sharing on your
LAN and disable it on your Internet connection, un-
bind File and Print Sharing from the TCP/IP proto-
col stack that’s bound to the hardware adapter
used for your Internet connection.
FIGURE 2: You can use the ShieldsUP! feature on
the Gibson Research Web site (www.grc.com) to
test your own system for Internet connection secu-
rity weaknesses.
dress translation (NAT) to let multiple com-
puters share an Internet connection. Be-
cause NAT presents only the shared IP ad-
dress of the ICS server to the external In-
t e rnet, the other machines sharing the
connection are hidden from view by out-
siders. Hackers sometimes use spoofing
techniques, however, to flesh out those
internal, “private” IP addresses.
I recommend using BlackICE Defender
(www.networkice.com) or some other per-
sonal firewall product on the ICS server.
You’ll have to list the IP addresses of the
ICS client computers as Trusted Address-
es in BlackICE for things to work correct-
ly. To do so, right click on the BlackI C ED e-
fender tray icon and choose Configure
B l a c kI C E. Then select the Trusted Ad-
dresses tab and add the IP addresses. When
you’re finished adding addresses, press
OK.
■ JULY TUTOR
Q: You suggested telling the browser to
accept only signed downloads and to
examine the digital certificate of each.
What does that mean and how do I do
that?
A: The downloads referred to here are
of ActiveX components. These pre-
sent a danger because they have access to
your system the same way a program you
run locally does. If you’re using the current
version of Internet Explorer 5, you prob-
ably don’t need to do anything. IE5 defaults
to a medium security setting that specifies
accepting only signed ActiveX downloads.
When your browser attempts to download
signed content, you’ll be prompted to ac-
cept or reject the download and you’ll see
the digital certificate information of the
signing author.
If the browser shows you the digital cer-
tificate information, then the downloaded
code was successfully decrypted using the
signing author’s public key, which the
browser obtains from a trusted certificate
authority. Because the code was original-
ly encrypted using the signing author’s
private key, you can be assured that the
code has not been altered since it was
signed (encrypted). This assurance goes a
long way because you know the code has
not been tampered with since its creation.
That does not mean the creator has no
malicious intent. Rather, it means that the
code’s been delivered intact and has not
been altered since it was signed. At this
point, you must decide whether to trust the
software publisher or not.
There’s an introduction to digital certifi-
cates and a wealth of related articles un-
der the Digital Certificates topic on the
Microsoft Security Advisor Web site (cur-
rently www.microsoft.com/security/tech/
certificates).
To check your browser security settings,
click on the Start button, select Settings, se-
lect Control Panel, run Internet Options
and then click on the Security tab.
Q:
ticle?
Where can I learn more about the
security issues mentioned in your ar-
A: One of the most useful sources of in-
formation is the Gibson Research Web
site, www.grc.com. Steve Gibson, author
of the indispensable SpinRite disk utility,
has done a great job assembling, organis-
ing and presenting the story behind Inter-
net connection security in the ShieldsUP!
section of the Web site. In addition, you can
use the Web site to test-probe your own PC
and generate a report showing the results
(see Figure 2). This feature is very useful
and it can help you see whether you’ve fi-
nally battened down the hatches.
July 2000 89