Which Types of Network Security Should I Use?

For home users, there are two types of network security that are important to you: preventing intrusions from elsewhere in the network and keeping sensitive data secret as it is transferred across the network. Personal firewalls are readily available and can prevent network intrusions. Encryption is available in many kinds of software and is vital for protecting sensitive data.

Personal firewalls

Although the word firewall can sound intimidating, you can think of a personal firewall as the network equivalent of antivirus software: it prevents bad things from getting into your computer. In many cases, a personal firewall prevents bad things that antivirus software wouldn't be able to detect or block.

In recent years, personal firewalls have also become extremely simple to configure. For users of both Windows XP and Macintosh OS X, all you'll need to do is make a couple of clicks and your computer's firewall will be turned on. (XP Service Pack 2 and later and Vista users' firewalls will be automatically turned on by default.) Everything should work as usual from your side of the firewall, but unwanted intrusions from the outside can be blocked without interrupting your workflow.

For more information about modern operating systems' built-in firewall capabilities, see CITES documentation about the Windows XP firewall and the Macintosh OS X firewall.

If you have an older operating system, you can still benefit from firewall use. Some software companies offer simple-to-configure personal firewalls that are provided for free to individual users. For more information about free and inexpensive personal firewalls, see CITES documentation about third-party firewalls.

Encryption

Encryption is a way of protecting data by scrambling it in a way that makes it unreadable unless you have the correct decoding key. With encryption, you can make sure that only your computer and the computer you're communicating with can understand the conversation, whether you're accessing an email server or an e-commerce web site or something else entirely. Encryption is handled by the software that you use to communicate with the other computer. Sometimes the connections are encrypted, and other times they aren't. Pay attention to whether you're using an encrypted method or an unencrypted method of communicating.

For example, in the past, many email systems used unencrypted communication for everything, even for important data like passwords. More recently, however, some email systems (like CITES Express Email) require secure methods of exchanging passwords.

If you can access CITES Express Email, your mail reader is using secure password protocols. Some other email systems don't require secure password protocols, however.

Email tips:

• If your email provider offers the choice of using Secure POP or Secure IMAP in place of the insecure equivalents, make sure that you set up your mail reader to use the secure option.
• If you use a web browser rather than a mail reader to check your email, make sure that your email web page's address begins with https:// and that the security lock in the browser window is closed.
• Never email sensitive information like a password or credit card number. Even though many email programs encrypt communication between you and your server, the email could be read between your server and your recipient, as explained in the email security scenario.

Web pages are another case where some connections are encrypted and others are not. Most e-commerce web sites (such as eBay and Amazon) are careful to make sure that your password and financial information is always encrypted. However, many small web boards and forums don't use financial information, so they don't bother protecting passwords as much. If you use the same password on both a financial site and a small web forum that doesn't encrypt passwords (i.e. doesn't use an https:// web address), your financial data could be in danger.

Web browsing tips:

• Pay attention to whether your web browser is visiting a page that begins with http:// (insecure) or https:// (secure), and whether the security lock in the border of your browser window is open (insecure) or closed (secure).
  
• Never reuse an "important" password on a site that doesn't offer secure password protection. If you have difficulty remembering your different passwords at different sites, try the site-licensed PasswordVault program, available at no charge from the CITES Software WebStore.

For more information about protecting your personal information on the Internet, see the CITES Security passwords scenario and online purchases scenario.

More information

Different kinds of network communication need more protection than others. Did you know that standard wireless networking can be overheard by anyone else on the same network? The "How Far Should My Information Be Encrypted?" page explains more about the most common uses of encryption and how far they protect you.