Windows Internet Security

Protect your Windows system against Internet hackers—right now!

• Protect your Windows computer—NOW!
• Covers Windows 2000, Me, 98, 95, and Windows XP
• Stop sharing your files with the world
• Install your own personal firewall—step by step
• Block your employer from reading your private email
• Avoid worms, Trojans, viruses, and hostile Web pages

Windows Internet Security starts by reviewing the threats to your Windows PC: what hackers know about your computer and the Internet, and how they can use that knowledge to attack you. Then, step by step, you'll plan and implement today's most powerful defenses. Discover how to:

• Stop sharing resources you don't want to expose to the world
• Choose and implement the right "personal firewall"
• Protect your e-commerce transactions
• Avoid viruses, worms, Trojans, and hostile Web pages
• Protect your privacy and anonymity on the Web
• Cope with today's new wireless hacking attacks
• Respond and recover if you've already been hacked
• Make the most of Windows XP's new computer security features

Contents

Preface.

Studying the Battleground.

1. Computer Architecture and Operating System Review.

Understanding the Internals of Your Computer.
Size Matters.
The Hard Drive.
RAM.
The Processor (CPU).
Cache.
The Motherboard.
Bus Speed/Size.
The Modem.
The Network Interface Card.
Serial and Parallel Ports.
Summary of the Computer versus Library Analogy.
The Modem in Detail.
Operating Systems and Internet Security.
Windows 95/98/ME.
Windows NT/2000/XP.
Linux.
Other UNIX-Based Operating Systems and Macs.
Windows CE.
Summary.

2. Understanding the Internet.

A Little Byte of History.
The Internet Service Provider.
What Is an ISP?
POPs.
ISP Logging.
Proxy ISPs.
Web Addressing Explained.
URIs.
URNs.
URC.
URLs.
Internet Protocols.
http.
https.
ftp.
Other Protocols.
Breaking Down the URL.
The Internet Protocol Address.
Domain Name Servers.
URL Abuse.
Web Pages: Inside and Out.
Web Servers.
HTML.
Scripting and Codes.
Malicious Coding.

3. TCP/IP.

A Computer: A House.
Your Computer Ports: Your Doors and Windows.
Roads and Highways: The Internet.
TCP/IP: An Overview.
TCP/IP: Driving Rules.
CEO Analogy.
TCP/IP: The Gory Details.
Packets.
Layers.
TCP/IP Handshaking.

Knowing the Enemy.

4. Know Your Enemy.

The Hacker versus the Cracker.
The Script Kiddie.
The Phreaker.
Ethical versus Unethical Hackers.
Global Hackers.

5. Hacking Techniques for Unauthorized Access.

WetWare.
Social Engineering.
Social Spying.
Garbage Collecting.
Sniffing.
What is Sniffing?
How Does a Sniffer Work?
How Hackers Use Sniffers.
How Can I Block Sniffers?
How to Detect a Sniffer.
Spoofing and Session Hijacking.
An Example of Spoofing.
Buffer Overflows.
Character Manipulation and Unexpected Input Exploits.
The Normal Search Engine Process.
The Hacked Search Engine Process.
Exploiting Web Forms.

6. Hacking Techniques for Attacks.

SYN Flooding.
Smurf Attacks.
System Overloads.
DNS Spoofing.

7. Walk-Through of a Hacker Attack.

The Goal Stage.
Walk-Through of a Hack.
Information Gathering.
Planning.
Execution.
Clean Up.

Planning the Defense.

8. Building Your Defense Strategy

Fortifying Your Defenses
Virus/Trojan Protection
Virus Scanners
Trojan Scanners
Firewalls
Hardware Firewalls
Software Firewalls
Hardware/Software Combination Firewalls
Which Firewall is Best for You? Restricting Access by IP
Restricting Access by Port (Service)
Restricting Access by Protocol
Restricting Access by Keyword
Restricting Access by Application
Encryption
Encryption Details
Symmetric Encryption
Asymmetric Encryption
Putting Different Types of Encryption to the Test
Origin Verification
Secure Sockets Layer
Virtual Private Network
Disadvantages of Encryption
What Encryption Does Not Do
Recovery
Summary

9. Personal Firewalls and Intrusion Detection Systems

Do Personal Firewalls Really Work? The Fallacy of “Laying Low”
Why Do I Need a Personal Firewall? McAfee Personal Firewall
Norton Personal Firewall
BlackICE Defender
ZoneAlarm
Intrusion Detection Systems
Honeypots

10. Stop Sharing Your Computer

Network Shares
Password-Protecting Shares on Windows 95/98/ME
Removing Shares on Windows 95/98/ME
Removing Shares on Windows NT/2000/XP

11. E-Commerce Security Overview

Thwarting E-Criminals
Who is the Real Criminal? Stolen Goods Online
Secure Transactions

12. Mastering Network Tools

MS-DOS
NETSTAT
Ping
TRACERT
NBTSTAT
NETVIEW
NET USE
Password Crackers

13. Viruses, Worms, and Trojan Horses

Viruses
A Virus Defined
MBR Virus
Macro Virus
File Infectors
Combination Viruses
Worms
Virus and Worm Prevention
I've Been Infected! Now What? Trojans
How a Trojan Works
The Backdoor Blues
Detecting and Removing Trojans
Hostile Web Pages and Scripting

14. Malicious Code

Programming Languages
Low-Level Languages
High-Level Languages
Scripting Languages
Programming Concepts
Program Parts
Malicious Client-Side Scripting
Denial of Service Scripts
Intrusive Access Scripts
Malicious Server-Side Scripting
PHP
ASP
Perl
The Virus/Worm
An Example of Viral Code

Moving With Stealth

15. Privacy and Anonymity

Cookies
Cookie #1
Cookie #2
Cookie #3
Unpleasant Cookies
Cookie #1
Cookie #2
Controlling Those Cookies
Your Online Identity
Registration Requests and Unique IDs
Online Identification
Hardware IDs
Spyware in the Workplace
Chat Programs
Proxies and Anonymity
Browser Caching

16. Big Brother is Watching You

Email Spying
Keeping Your Email Private
Web Page Monitoring
Defeating Corporate Web Filters
Chat Program Monitoring
Keep Your Chats Private
Spyware
Spying on the Employee
Spying on the Consumer
Spying on the Family
Government Spyware
Commentary: Ethics and Privacy

Future Trends

17. Windows XP: New Security Features
The Microsoft Internet Connection Firewall
Windows XP Wireless Security
802
1x—Port-Based Network Access Control
New Windows XP Wireless Features
Microsoft's XP Hacker Test
Test Site Description
File Encryption and User Control

18. Future Security Threats

Mobile Computing
Wireless Network Hacking
Automated Hacking

Advanced Topics

19. Registry Editing

Introduction to Registry Editing
Purpose of the Registry
Parts of the Registry
Using the Registry
Backing Up the Registry
Restoring the Registry
Manipulating Registry Keys

20. Disaster Recovery

Creating a Boot Disk
Down but Not Out (Computer is Infected, but Still Functioning)
Down and Out (Computer is Inoperable)
Using FDISK/Format
Appendix A: Common Trojan Ports
Miscellaneous
Appendix B: Annotated Bibliography
On the Web
Books
Internet Search
Hacking/Security Conferences

Glossary

Index