For small to mid-sized businesses with no technical staff, Internet security may seem overwhelming.
Most Internet connections are made through what's known as TCP/IP, which stands for Transmission Control Protocol and Internet Protocol. TCP/IP allows information sharing and improves connectivity, but includes only minimum security features.
Three common forms of TCP/IP security attacks are:
- Denial of service attack: This attack is used to disable a device or network, preventing users from having access to network resources.
- Network packet sniffing: Programs used to "packet sniff" capture binary data transmissions from a local area network (LAN) and display them as readable text.
- IP spoofing: The attacker pretends to be - or "spoofs" - a trusted IP address or Web site. The IP address of a particular server on the Internet or within an intranet is controlled by the attacker, and not the administrator.
Dial-up connections pose security risks when you are dialed in and connected to the Internet. When you disconnect, you eliminate the security risk, but you also eliminate your business access to the outside world.
Cable connections to the Internet are designed like local area networks (LANs), where every computer shares a common node. With many cable LANs, however, your business isn't the only business sharing a neighborhood node. The security risk is between the computers on your network and the computers on your neighbors' networks, as well as between your network and the public Internet. Cable connections are always on, so the risk is constant.
DSL, or Digital Subscriber Line, introduces no additional security risks, other than those inherent with an always-on connection. DSL supports a multitude of preventative measures.
To keep your computers and your business secure, Internet Express recommends a complete network firewall. The job of a firewall is to control access. The firewall does this using identification information from TCP/IP packets to decide whether to deny or allow access.
With the growing availability of high-speed connections, more and more companies are coming out with firewalls geared to the average user.
Business-grade DSL routers (hardware):
Unlike typical residential modems, business-grade DSL routers have built-in filtering and Network Address Translation (NAT). NAT creates a temporary connection between your private IP address and the Internet-routable IP address. This protects you by keeping your computer's IP address off the Internet, averting hackers' prying eyes.
Proxy servers (software):
The proxy's job is to accept requests from a computer on the internal network (your connection), screen it, and then forward it to a remote host on the Internet
Proxy servers (hardware):
Proxy servers are also called Ethernet-to-Ethernet routers. They offer a combination of filtering and routing capabilities.
Firewall appliance (hardware):
Known as Internet appliances, these devices provide the highest level of security and offer routing capabilities. Many newer appliances are made specifically for smaller businesses looking for a single solution "in a box".
Other security precautions you can and should take include:
- Purchase virus software and scan all files downloaded from the Internet.
- Use credit cards only on e-commerce sites that provide a secure server.
- Never use your email password as a password for an e-commerce or registered user site.
No matter how you connect to the Internet, it's wise to take precautions to protect your computer, your data and your privacy.