Minimize network presence
Last revision October 17, 2007
One way to prevent your computer from being hacked is by preventing others from accessing it over the network. Many corporations will use a device called a "firewall" that blocks outside users from gaining access to critical systems or services. In particular, many firewalls are designed to block hacker scans. Stanford University provides only a minimal firewall where the campus backbone connects to the Internet. This firewall lets almost all data flow through the network unchecked.
Local network managers are encouraged to implement a "department firewall". The School of Earth Sciences has such a firewall, covering all wired network jacks in its three buildings. The wireless network is separately managed by ITS and not protected by the Earth Sciences firewall. See this page for details about how the Earth Sciences firewall works.
A firewall reduces the likelihood that a hacker can probe our network and take advantage of vulnerabilities in individual computers. But some essential services must be left open through the firewall, and in addition, computers behind the firewall can become infected by hacker programs by other means and then probe all other computers on the Earth Sciences network. So everyone must still maintain security on their own computers.
The primary method to secure your computer on the network is to turn off all nonessential network services, such as file sharing, FTP, telnet, and web hosting. If your computer is not listening for network connections, a hacker cannot break into it. Services that you do provide, such as file sharing, must be protected with strong passwords.
Turning off non-essential services is especially important for Microsoft Windows PCs, which come with full file sharing turned on by default. Unix/Linux systems also usually offer many network services that must be properly configured. Follow the instructions for Unix/Linux security configuration on the ITSS Unix Security web site. Apple Macintosh computers offer no network services "out of the box", and thus are initially safe from network hacking. Be sure to understand the security implications of any service before you turn it on.