A reader wrote me to ask about IP address security. I'm not really sure whether he meant keeping his IP address a secret, or whether he was asking if someone could break into his network and use his ISP connection with his IP address, so, let's first look at the idea of keeping one's IP address a secret...

Terry,I just recently came across your site and have joined your online email newletter. I have a question relating to I.P.addresses.I have a home network,router(encrypted /password required ),a firewall (not Win xp),several antispyware programs.The other day my ISP sent me an email,alleging I had violated copyright laws and had downloaded a movie from some place in [identifying information removed - Terry].I called my ISP and we discussed it,I did not download any movies and never heard of the film co.in question,my concern was how would they obtain my IP address,as it is like a fingerprint.I asked my ISP is there any way a 3rd.party could gain access to my wireless network and they could not provide an answer as to how this happened and advised me to disregard it.Is there a way for a 3rd.party to obtain my IP address ?? this is a security concern to myself and my wife. Thank you for your time

I wrote back to him to explain thatt the real question is not how they got his IP address, but how they tied that IP address to him. Only his ISP can do that, unless you logged in somewhere (or used an ID that linked to his name or email address) or in the program used to access it.

First, let's go through how TCP/IP works - how the computers commnucicate like this on theh Internet. By necessity, I'm going to write this to explain how they could identify the IP address and how they'd tie it back to you. I'm not accusing you of downloading the movies -- this is a "how would it happen if you had done it" exercise.

If he used any of the filesharing networks - or for that matter, just going to a web site - his IP address is presented to the web site. It has to be - that's the way the Internet works. Otherwise the reply packets would never get to you - although we term them "reply," that's really only the perspective from the sending and receiving computers. As far as the routers between the sender and receiver are concerned, the data packets are simply packets of information with a source and a destination.

To you go to a web site, you type a Uniform Resource Locator, a "URL", for example www.terryscomputertips.com , into the address bar of your web browser (IE, Opera, Firefox, Safari, whatever other web browser you might use).

Your computer sends a query to the Domain Name Servers (DNS) run by your ISP in order to translate the URL into the dotted-quad numbers that are the IP address of the web server you're trying to reach. www.terryscomputertips.com, for example, translates to 74.54.131.210. Every IP address that is reachable across the Internet is assigned to a specific entity, sometimes a smalll company, sometimes a huge ISP who may assign some of them as static (unchanging) IP addresses and others as dynamic (DHCP) IP addresses. Most consumer-level ISP's assign IP addresses via DHCP for ease in their administration of their system.

The next thing to understand is that your ISP knows at all times, and logs, which IP addresses are assigned to which MAC addresses (Media Access Control address). MAC addresses are unique addresses assigned to individual pieces of hardware that are capable of connecting to a network via the usual TCP/IP protocol.

You may or may not remember, but when you signed up with your ISP and any time you change or replace your Cable Modem or DSL modem, you have to tell your ISP the MAC address of your modem. They log it into their system so that their routers are willing to talk to your modem.

[This is getting long, but I'm trying to simplify the concepts, rather than making any assumptions about experience level.]

Anyway, when you request a web page, your ISP knows that your IP address is assigned to you. No one else does, except if you have provided identifying information to someone at the receiving end of the connection (for example, if you logged in to the web site).

The web site knows your IP address, whether you log in or not. If you haven't provided any identifying information, it doesn't know who you are, but it knows your IP address. If you've requesed a web page, it uses your IP address to send the packets of data containing the text of the web page and the HTML instructions telling your browser what fonts to use, etc., as well as telling it where to find and download any images to be shown on the web page. If you'vee requested to downloading a file from a web site, it sends the file to you in a lot of small data packets, which your computer reconstructs to make the file on your computer.

In other words, your web browser asks for a page (or file) to be sent to it. The web site sends it back to you as a number of individual packets of information addressed to your IP address using a specific TCP port number (which was assigned by your own router when it sent the request to the web site).

Bottom line: Any web site or any other server that you connect to HAS to know your IP address in order to send you the information you requested by your web browser or any other program. The real question is "How did they tie your IP address to your name?" Only your ISP and the server you contacted (if you had to log in to the site) or service you used would have the information to tie your name and IP address together at that specific time.

After receiving my explanations, the reader wrote back to say that the "claim" was that he had downloaded using software called BitTorrent.

He didn't indicate whether he had used BitTorrent or not, but that is a file sharing system that's used for a lot of fully legitimate sharing of files. Some Linux operating system distributions are available legally for free download as multiple CD's and are available with everything on one DVD, but only via BitTorrent.

The concept of BitTorrent is distributed file sharing, where you may be uploading to others at the same time you are downloading for yourself. Of course, systems like BitTorrent can be used for legal file sharing and can also be used for copyright infringement.

I don't know if he was using BitTorrent or not, and I don't support copyright infringement. Unfortunately, if you don't secure your wireless network adequately, someone else might be using your Internet connection to do their downloading...or uploading.

We'll look at wireless networking security issues in the next article.

 

Your PC doesn't have to be that slow... The more you use your computer, the slower it will get, as it fills up temporary directories and adds more and more programs and services that run all the time. Run the all-new, free PC Pitstop PC Optimize 2.0 scan now and in just minutes receive a custom report showing you how to keep your PC running like new. Download & Scan with Optimize 2.0. Read my latest review of Optimize 2.0.

In the previous article, I wrote about how the Internet works — your computer has an IP address, your intended destination has an IP address, and both have to know and use the IP address of the other in order for communication to occur between them.

The article was in response to a reader who wrote to ask if he could keep his IP address secret, since he had been accused of copyright infringment by downloading a movie (which he says he didn't do).

One of the potential issues was that his IP address could have been involved, even without him or anyone in his family being involved.

He uses a wireless router, as many of us do. He mentioned that he had a wireless password that had to be used in order to access his router. This kind of password is not a log-in password to the router — it is a password to the router's encryption. Over the years, though, password security has gotten better and better. Unfortunately, some of the older encryption methods have become almost trivial for someone to crack with today's fast computers.

However, even using the best wireless encryption available isn't enough. There are other steps necessary to secure a wireless network.

First, though, let's look at encryption method. Today's state of the art for consumer-level encryption is WPA2. If you have Windows XP Service Pack 2 or earlier on your computer, your Windows XP computer probably can't do WPA2. All you have to do to get it is to either install Service Pack 3 or download the WPA2 update from www.microsoft.com.

You may have to update the firmware in your wireless router so that it handles WPA2. That's a pretty easy, but kind of scary, step.

One problem I've seen with some people's wireless networks, though, is that they have older Windows Me computers or older versions of wireless printers, where they have to use WEP (so-called Wired Equivalent Privacy — yeah, right, like that's possible with wireless — no, it's not possible.)

If you have hardware that's forcing you to use WEP on your network, you need to upgrade that hardware. WEP is easily cracked with enough sample data, which a neighbor kid can easily obtain as you wirelessly communicate on your network.

So, our second step is to set up the router to only talk to the specific network adapters we want to authorize for our network.

To do this, you configure the MAC address filter in your router. Wireless routers have configuration options where you can specify a list of Media Access Control (MAC) addresses, which are unique to each network interface device (network card, wireless card, router, etc.) — not just unique to each model of hardware, but unique as to each individual piece of hardware.

Find the MAC addresses of each of your computers' wireless adapters. Then, using your web browser, open the wireless router's configuration menu, pick the tab to set up the wireless MAC address filter, set it to "Allow only these MAC addresses to connect" and enter them into the table. Although Windows XP puts dashes in the MAC address, your router probably will make you type the address without dashes. By the way, this step helps, but it doesn't solve the issue, as every broadcast data packet includes the MAC address — and there's software that will let an attacker spoof your MAC address.

You should also change the default SSID name for your router. This will make it easier for you to make sure that you've connected to your router and not a neighbor's. It will also mean that, if you have Windows set to automatically log onto a network called Linksys (the default SSID for Linksys wireless routers), you won't accidentally connect to the one at your local coffee shop before you are ready (who remembers to change settings before leaving home?).

You might turn off broadcasting of the SSID. This could help, but there are arguments over whether it does or doesn't.

Don't forget to change the default Login ID (if your router actually uses it) and the default password on your router.

Read my Wireless Security article for more details on settings for your router and your wireless PC's and notebooks. Some issues are ways to set up your home network in order to help you stay safe when you take your notebook elsewhere.

Don't forget to open the manual for your wireless router. It will have details on how to perform the configuration steps you need to take, and sometimes also includes a good explanation of why you should take those steps.

Finally, don't ever believe that you can actually secure your wireless network. If you want the convenience of wireless, you will have security risks that you would not have if you used Ethernet cables to each of your computers. With wireless, all you can do is to make it harder for someone to connect to your wireless router and, through it, to the Internet and to your home network. Your goal is to make it difficult enough that the bad guy goes elsewhere.

Related articles:

• Wireless Networking Problems & Wireless Networking Security
• Wireless Security
• Improving Your Wireless Security
• Router Security — Wired & Wireless Routers
• Security versus the Open Wireless Network
• Switching to WPA2 Wireless Encryption

3.  My Computer Security Software Recommendations

Anti-Virus

I'm often asked about several other popular anti-virus or anti-virus combination packages. Yes, I realize that they are not in my recommendation list. "Enough said..."

For the last five years, until very recently, my personal choice has been ESET's small, fast NOD32 anti-virus program, which offers a FREE 30-day evaluation license. I consider NOD32 one of the best in anti-virus protection. Unlike some of its competitors, ESET offers multiple-year licenses also, and includes program updates in the multiple-year license.

Now, I've changed from my long-time programs NOD32 (antivirus) and CounterSpy (antispyware) to Sunbelt's new VIPRE Antivirus + Antispyware.

I've found that VIPRE puts even less load on my computer than the speedy combination of NOD32 and CounterSpy. I've also been impressed with the way its "deep scan" has found and eliminated risks that were stored in zip files, which is one of the latest malware email tricks.

Read more about anti-virus programs on my web site.

Related articles:

• Anti-Virus Programs and Online Scanners
• Free Online Antivirus Scan
• NOD32 Anti-Virus Review - A Look at NOD32
• VIPRE Antivirus + Antispyware Review

Click here for more information about VIPRE.

Firewall Software

While the Windows XP firewall is much better than no firewall at all, don't count on the Windows XP firewall to meet your needs. You need a two-way firewall, which the Windows XP firewall is not!. Microsoft woke up and supplied a two-way firewall with Windows Vista.

The Windows XP firewall does not control outbound communications originating from your computer — and you should want to have control if adware/trojans/spyware or even commercial products want to talk to the Internet. Whether they are calling home or spewing spam, you want to be able to control your computer.

Do you want Windows Media Player to call home every time you play something? It does! Do you use the Search function in Windows Explorer to find things on your hard drive? Did you know that every time you search, Windows Explorer talks to Microsoft?

I didn't know that when I ran ZoneAlarm, but the Sunbelt Personal Firewall flags that to me, and I can stop it or allow it to happen. Many other programs try to call home when you run them, too.

I recommend my choice for a firewall program, which is Sunbelt Personal Firewall.

You can try the full-featured "paid version" of Sunbelt Personal Firewall free for 30 days — after that, you can register it or, if you're using it on a home non-business computer, you can let it revert to the free, lesser-function license.

Sunbelt Personal Firewall is regularly $19.95 (with discounts for multiple computers and/or multiple years!) for a non-expiring license for the program and includes one year of their updates subscription.

Related articles:

• The Internet Versus You
• Do I Need a Firewall Program?
• My Sunbelt Personal Firewall Review

Anti-Spyware / Anti-Adware Software

CounterSpy, from Sunbelt Software, has received many kudos from the computer press for its always-running and periodic full system scans. It has been my personal choice for my PC's and my family's PC's.

Sunbelt's CounterSpy v2.5, both improved CounterSpy's performance against malware and reduced its impact on system resources and responsiveness when its scanning.

Sunbelt continues to release updated program versions — the current version is v3.1. Nicely, they do NOT install the updated programs automatically. You have to use the Update process in the program, which means that you'll know that something significant has changed.

Now, I've changed from my long-time programs NOD32 (antivirus) and CounterSpy (antispyware) to Sunbelt's new VIPRE Antivirus + Antispyware.

I've found that VIPRE puts even less load on my computer than the speedy combination of NOD32 and CounterSpy. My computer seems to have much more pep and power than it had previously. I've also been impressed with the way its "deep scan" has found and eliminated risks that were stored in zip files, which is one of the latest malware email tricks.

Related articles:

• Fighting Against Spyware & Malware
• My CounterSpy Review
• My VIPRE Antivirus + Antispyware Review

Anti-spam Software

In today's Internet world, the question is not "if" you will get spam, but "how much will you get?"

I use and now I recommend POPFile as my first choice for handling spam. POPFile sits on your computer, between your email program and your ISP mailbox, and handles emial as it downloads.

POPFile uses a different approach to handle spam than some other programs do — it does nothing to reduce spam. It is designed as an email classification tool — you train it to recognize spam and any other type of email that you want to classify. These classifications can help you sort your emails into appropriate folders in your email program.

Sunbelt Software, who makes the anti-spyware program CounterSpy (which I use and recommend) and the firewall that I use and recommend (Sunbelt Personal Firewall) also has a well-regarded, award-winning anti-spam program called iHateSpam for Outlook and Outlook Express. Since I don't use Outlook or Outlook Express for email, I haven't tried iHateSpam.

Mailwasher Pro would be my first choice to handle spam before it ever gets into your computer's Inbox. Mailwasher Pro uses on-line Realtime Black Lists mail servers sending spam recently, "training" by you of what you think is spam, and your own "friends" and "blacklist" lists. Note: I found that PopFile generally meets my needs and stopped using Mailwasher Pro, even though PopFile works AFTER the emails have been downloaded. If I used a dialup connection, I would be more interested in Mailwasher Pro.

Mailwasher Pro can even bounce spam messages, as if your email address was not valid, although the usefulness and appropriateness of this is questionable. There is a free version called "Mailwasher," but it omits the functions that I consider critical for this purpose -- such as safely previewing the emails safely before they ever get to your email inbox.

Related articles:

• Spam Filtering
• Keeping spam out of your Inbox
• Getting Control of Your Inbox
• How Can I Prevent spam?

Cable/DSL Router

If you have a cable modem or a DSL modem, you need to have another layer of inexpensive protection between you and the Internet. A cable/DSL router isolates your computer from direct connection to the Internet. Your computer can easily request your email, web pages, etc. through the router. The responses come back to the router and are smoothly routed to your computer. But, someone on the Internet side of the router can not initiate a connection to your computer — they can only respond to your request.

Even if you only have one computer to connect to your cable or DSL modem, I recommend that you purchase and use a cable/DSL router because of the protection it can give you against attempts to attack through some flaws in Windows itself.

A router isolates your local network, whether it is only one computer or several, from the Internet by actually making it a separate network. The router gets the "public" IP address and handles all your outbound communications and the responses to them. But, it blocks computers on the Internet side from being able to initiate communications with your computer! This will prevent you from falling prey to many worms that try to attack security holes in Windows itself.

For a wireless router, I recommend the Linksys WRT54G wireless router. I'm using the relatively new version 6 of this router.

If you don't want wireless, I recommend the Linksys BEFSR41 wired router, which I also use. Either way, based on my experience, I recommend Linksys routers for price, reliability and Linksys' habit of releasing updated firmware for their products..

See these related articles:

• Wireless Security
• Wi-Fi Hotspots and Computer Security
• Wireless Networking Problems & Wireless Networking Security

No, I'm not writing about finding pictures of famous clocks like Big Ben. Let's look at some of the clocks that are programmed to display on web sites.

First, my all time favorite, the Industrious Clock from Yugo Nakamura. This clock displays years, months, days, hours, minutes and seconds in a unique method — as hand-written numbers. By the way, time is reported in the 24-hour model used by most of the world, instead of the 12-hour with A.M. or P.M. to indicate morning or afternoon that is used in the U.S.A.

These clock numbers are not just images of numbers; we actually see individual images for each number, and when the number changes, we see a hand draw the next number!

Every second, you can see the hand draw the next digit. Every ten seconds, two hands draw the tens-of-seconds and individual seconds numbers.

Similarly, as minutes and hours increase, you can see up to six hands drawing six numbers. As you reach midnight, you see the date turn to the next day, and will see another one or two additional hands drawing their numbers.

The Javascript that runs this clock within your web browser shows your local time. In an even more interesting twist, as you resize your web browser window larger or smaller, the individual images also resize similarly.

Take a look at the Industrious Clock from Yugo Nakamura

(click on the image for a larger version)

Another neat clock from Yugo Nakamura is his ClockBlock. Conceptually similar to the Industorious Clock, the ClockBlock involves stacking blocks until they fall down at the point of incrementing the next digit.

Next, let's look at the PolarClock frorm Pixel Breaker.

This clock as a unique concept in a round clock — concentric circles. Each circle is partially complete representing the number of seconds, minutes, hours, day of the week, day of the month and month.

As an explanation, the outermost circle starts at the 12:00 position - top of the clock. As the seconds increase, the circle continues clockwise, so that at 30 seconds, we have a semi-circle, on the right side, from top to bottom. This continues until the seconds circle increments from 59 to 0, when the minutes circle extends a little bit more and the seconds circle springs back to the beginning and starts growing again.

Enjoy the Polar Clock at Pixel Breaker. I have not tried their downloadable PolarClock 3.0 screensaver for Mac and Windows, but I think I will...

Free NetZero Dialup!
Up to 10 Hours Per Month   Great Backup Access for Cable Modem Users!
terryscomputertips.com/NetZeroFree

Ads by Terry

Ads by Terry
Free NetZero Dialup Up to 10 Hours Per Month  Free! Great Backup for Cable Modem Users or for Travel terryscomputertips.com/NetZeroFree	NetZero Platinum Only $6.95/month - Limited Time Offer - First 12 Months only terryscomputertips.com/NetZero

5.  Recommend my Terry's Computer Tips Newsletter to Your Friends

If you like my  Terry's Computer Tips email newsletter or the online edition, you can help me increase the number of subscribers to my free emailed newsletter.

Tell a Friend about Terry's Computer Tips!

With my email newsletter, not only do you get notices that the newsletters are available and content that is not in the online newsletter, but subscribing is the only way to get my Special Edition Newsletters which go only to subscribers.

If you get my free Terry's Computer Tips email newsletter, please feel free to forward your copy of the newsletter to a friend or friends that you think would be interested. Be sure to forward the entire newsletter, including my copyright notices and any advertising.

Of course, if you do not get my free email newsletter, I invite you to subscribe, too!