28 |MAMAMAXIMXIMXIMXIMUUUUMMPPPCC|JAN 2011|www.maximumpc.com
Use Google Public DNS
If the crooks can’t convince you to visit their
phony-baloney banking webpage, the next
step is to get you there against your will. One
way to do that is to poison the DNS cache
you’re using. The DNS server translates URLs
into IP addresses. By exploiting fl aws in the
DNS soft ware, crooks are able to redirect you to
any sight of their choice—even if you typed in
the correct URL of your bank.
To avoid this, we recommend switching
from your ISP’s DNS to Google’s public DNS
(http://bit.ly/7Ti5tM). It’s free and the company
has implemented many of the recommended
safeguards against cache poisoning. To change
the DNS on your client PC, go to Network Con-
nections, right-click on your connection, and
double-click Internet Protocol. Then simply
enter the preferred DNS of 8.8.8.8 and alternate
of 8.8.4.4 and click OK.Conduct Personal
Business at HomeYou want a simple reason not to check your
personal email at work? Someone in your
network could be using a so-called “man inthe middle” attack to spy on you. Whether by
exploiting ARP cache poisoning, session hi-
jacking, or some other technique, MITM attacks
let a crook steal the credentials issued to your
machine and then fool, say, Yahoo or Gmail
into thinking he’s you.
At work, with hundreds of computers and
a network that stretches the coasts, you really
wouldn’t know where the MITM attack is
coming from. This risk negates the possibility
that your corporate network is more secure
than your home network. So, assuming you
have secured your home Wi-Fi (or don’t use
wireless) and that the other machines on your
home LAN are secure, save your personal
email and banking for home.Secure Your Wireless
Quick, what’s the most secure wireless
available today? None. OK, we jest, but
probably no wireless protocol is 100 percent
secure. But just because there’s a theoretical
way to break the latest wireless encryp-
tions doesn’t mean you should be using
the weakest form. The weakest, of course,
is WEP. Easily broken in under a minute
by anyone capable of reading an Internet
how-to, WEP is far less secure than WPA
or WPA2. If you’re running WEP because
some old hardware doesn’t support WPA2,
consider junking the old equipment or
upgrading your router to one that supportsguest networks. This lets you keep your
internal network behind WPA2, while keep-
ing guests roped off with the weaker WEP
protocol to access the Internet. If you’re
running WPA2, the adage in security circles
is that the longer and more randomized the
key, the better.
Although not a guarantee, you can also
set up your router’s wireless to only accept
connections from known MAC addresses.
These are the unique IDs assigned to each
computer’s network card. The hole there is
that an intruder could easily spoof a MAC
address from a trusted client to still access
your wireless network.Check Each Machine’s
Shares and Services
You can check what fi les are shared on a
machine by right-clicking My Computer,
selecting Manage, and clicking Shared
Folders. Great, now how do you do it for
all of the machines on your network? One
way is to use NetBrute Scanner (www.
rawlogic.com). This free utility will scan
your internal network and report on shared
resources that are available.Protect Your
Network
Keep your digital bits out of
the hands of baddiesBypass your ISP’s DNS for one that’s likely
faster and more secure, Google DNS.Running an internal port scan may help reveal intruders freeloading on your network’s bandwidth.SECURITY