comp3123 internet security
DESCRIPTION
COMP3123 Internet Security. Richard Henson University of Worcester November 2010. Week 6: Securing a LAN connected to the Internet against Attack. Objectives: Explain what a Firewall is, why it is needed, and why users find it frustrating… - PowerPoint PPT PresentationTRANSCRIPT
COMP3123 COMP3123 Internet SecurityInternet Security
Richard HensonRichard HensonUniversity of WorcesterUniversity of Worcester
NovemberNovember 20102010
Week 6: Securing a LAN Week 6: Securing a LAN connected to the Internet connected to the Internet
against Attackagainst Attack Objectives:Objectives:
Explain what a Firewall is, why it is needed, Explain what a Firewall is, why it is needed, and why users find it frustrating…and why users find it frustrating…
Explain what a Proxy Service is, and why it Explain what a Proxy Service is, and why it can be a more flexible solution than a can be a more flexible solution than a firewallfirewall
Relate the principles of IP and TCP port Relate the principles of IP and TCP port filtering to the challenge posed by threats filtering to the challenge posed by threats to LAN server security from Internetto LAN server security from Internet
...
ROUTER – no packet filtering
INTERNET/EXTERNAL NETWORK
InternalNetwork
Unsecured LAN-Internet Unsecured LAN-Internet Connection via RouterConnection via Router
An Unsecured LAN-Internet An Unsecured LAN-Internet Connection via RouterConnection via Router
router
Layer 3
Layer 1
Layer 2
Layer 3
Layer 2
Layer 1
Data through unchanged
An Unsecured LAN-Internet An Unsecured LAN-Internet Connection via RouterConnection via Router
Routers only process data up to OSI level 3Routers only process data up to OSI level 3 even with full user authentication on network services…even with full user authentication on network services…
» outgoing IP packets are untouched outgoing IP packets are untouched unless IP filtering is unless IP filtering is usedused
BUT, IP filtering will slow down packet flow…BUT, IP filtering will slow down packet flow… Also…Also…
request by a LAN client for Internet data across a router request by a LAN client for Internet data across a router reveals the client IP addressreveals the client IP address» this is a desired effect….this is a desired effect….» ““local” IP address must be recorded on the remote server local” IP address must be recorded on the remote server » picks up required data & returns it via the router and picks up required data & returns it via the router and
server to the local IP addressserver to the local IP address problem – could be intercepted, and future data to that IP problem – could be intercepted, and future data to that IP
address may not be so harmless…address may not be so harmless…
An Unsecured LAN-Internet An Unsecured LAN-Internet Connection via RouterConnection via Router
Another problem: wrath of IANAAnother problem: wrath of IANA IP address awarding & controlling bodyIP address awarding & controlling body big penalties if ANY internal LAN IP address big penalties if ANY internal LAN IP address
conflicts with an existing Internet IP address they conflicts with an existing Internet IP address they allocated…allocated…
If local clients have direct access to the If local clients have direct access to the Internet and they can be allocated locally, Internet and they can be allocated locally, this COULD happenthis COULD happen Safeguard:Safeguard:
» use DHCP (dynamic host configuration protocol)use DHCP (dynamic host configuration protocol)» allocate client IP from within a fixed range allocate client IP from within a fixed range
allocated to that domain by IANAallocated to that domain by IANA
...
GATEWAY – packet conversion
INTERNET/EXTERNAL NETWORK
InternalNetwork
A LAN-Internet connection A LAN-Internet connection via Gatewayvia Gateway
e.g. TCP/IP
e.g. Novell IPX/SPX
A LAN-Internet connection A LAN-Internet connection via Gatewayvia Gateway
At a gateway, processing goes up the At a gateway, processing goes up the protocol stack:protocol stack: to at least level 4to at least level 4 Possibly right up to level 7Possibly right up to level 7
Because local packets can be converted into Because local packets can be converted into other formats:other formats: remote network therefore does not have direct remote network therefore does not have direct
access to the local machineaccess to the local machine IP packets only recreated at the desktopIP packets only recreated at the desktop local client IP addresses therefore do not need to local client IP addresses therefore do not need to
comply with IANA allocationscomply with IANA allocations
Creating a “Secure Site”?Creating a “Secure Site”? To put it bluntly – a secure site is a LAN that To put it bluntly – a secure site is a LAN that
provides formidable obstacles to potential provides formidable obstacles to potential hackershackers keep a physical barrier between local server and keep a physical barrier between local server and
the internetthe internet Physical barrier linked through an Physical barrier linked through an
intermediate computer called a Firewall or intermediate computer called a Firewall or Proxy ServerProxy Server may place unnecessary restrictions on accessmay place unnecessary restrictions on access security could be provided at one of the seven security could be provided at one of the seven
layers of the TCP/IP stacklayers of the TCP/IP stack
Security Architecture & Security Architecture & Secure sitesSecure sites
This includes all aspects of security controlsThis includes all aspects of security controls can be imposed on internal users through group can be imposed on internal users through group
policy objectspolicy objects external attempts to hack cannot be controlled in external attempts to hack cannot be controlled in
this way, because they are not authorised usersthis way, because they are not authorised users What about external threats?What about external threats?
need to focus on external data and security need to focus on external data and security controls to deal with it…controls to deal with it…
...
Firewall
INTERNET/EXTERNAL NETWORK
InternalNetwork
The Firewall…The Firewall…
TCP/IP out
TCP/IP
No data in…
Using a Firewall to secure Using a Firewall to secure Routed ConnectionsRouted Connections
Completely separate local network data from Completely separate local network data from Internet data using a physical barrier:Internet data using a physical barrier: Firewall (robust but inflexible)Firewall (robust but inflexible) Proxy Server (flexible)Proxy Server (flexible)
Either solution will have a similar Either solution will have a similar safeguarding effect to using a gateway:safeguarding effect to using a gateway: client IP addresses will not interact with the client IP addresses will not interact with the
InternetInternet therefore do not need to be IANA approvedtherefore do not need to be IANA approved but makes good sense to use DHCP anyway…but makes good sense to use DHCP anyway…
What is a What is a FirewallFirewall?? ““A set of components that restricts A set of components that restricts
access between a protected network access between a protected network and the Internet”and the Internet”therefore dividestherefore divides a potential a potential interinternetwork network
into internal and externalinto internal and external components: components:» Internal NetworkInternal Network
under consideration from a security point of viewunder consideration from a security point of view keptkept logicallylogically separate from the Internetseparate from the Internet
» External NetworkExternal Network Generally assumed to be the Internet or network that Generally assumed to be the Internet or network that
cannot be securedcannot be secured
A Firewall should…A Firewall should… Protect the network from:Protect the network from:
TCP/IP attacks, probes and scans TCP/IP attacks, probes and scans denial of service attacksdenial of service attacks malicious code such as viruses, worms and malicious code such as viruses, worms and
trojanstrojans Provide, depending upon the security policy Provide, depending upon the security policy
and the type of firewall used: and the type of firewall used: Network Address Translation (NAT)Network Address Translation (NAT) authentication or encryption services authentication or encryption services web filteringweb filtering
To do this, it must be appropriately To do this, it must be appropriately configured…configured…
The Screening The Screening RoutRouterer
Screening Router
BlockedServices
X
Every IP packet containsEvery IP packet contains::IP address of sourceIP address of sourceIP address of destinationIP address of destinationsource and destination source and destination TCP TCP port(s)port(s)protocol being used (e.g. FTP, SMTP,protocol being used (e.g. FTP, SMTP, etc)etc)
A rA router simply routes outer simply routes the the packet packet totowardswards itsits destination address destination address
A A screeningscreening router: router:scrutinises whole packet scrutinises whole packet headersheadersdecidedecidess what to do with the packetwhat to do with the packet
Screening Screening RoutRoutersers
The Screening RouterThe Screening Router Packets checked individuallyPackets checked individually
therefore requires more processing power than a therefore requires more processing power than a standard routerstandard router
Once a packet has been scrutinised, the Once a packet has been scrutinised, the screening router can take one of three screening router can take one of three actions:actions: block the packetblock the packet forward forward it it to the intended destinationto the intended destination forward it to another destinationforward it to another destination
IP addresses on the internal network can IP addresses on the internal network can therefore be “protected” from external packets therefore be “protected” from external packets with a particular source address with a particular source address
The Proxy ServerThe Proxy Server
...
Firewall withProxy service
InternalNetwork
Request to proxy server
Real server
TheThe Proxy ServerProxy Server
A firewall that offers a client-server “proxy” serviceA firewall that offers a client-server “proxy” service allows the firewall to act as an intermediate party allows the firewall to act as an intermediate party
between the Internet and local network services:between the Internet and local network services:» interceptsintercepts user (client) requests for services such as user (client) requests for services such as
FTPFTP» decides whether or not to decides whether or not to forward them to the true forward them to the true
serverserver TheThe effect is that effect is that the internal and external the internal and external
computers talk tocomputers talk to the the proxy service proxy service rather than rather than directly to each otherdirectly to each other
The user The user on either side of the firewall on either side of the firewall is is presented with an illusion that they are talking presented with an illusion that they are talking to to aa real server real server in fact they are both dealing with a proxyin fact they are both dealing with a proxy
So if an outside user tries to “hack” into the So if an outside user tries to “hack” into the network network server…server… the actual internal network architecture is hiddenthe actual internal network architecture is hidden
A proxy server canA proxy server can be programmed to block be programmed to block certain requests, sites, actionscertain requests, sites, actions e.g: e.g: blocking certain WWW sitesblocking certain WWW sites preventing FTP downloadspreventing FTP downloads
Proxy ServiceProxy Service - continued - continued
DMZ (Demilitarized Zone)DMZ (Demilitarized Zone) Beyond the firewall but not yet through the Beyond the firewall but not yet through the
Internet Router/Gateway…Internet Router/Gateway… A router normally stops incoming Internet traffic A router normally stops incoming Internet traffic
from getting on your networkfrom getting on your network unless the traffic is in response to one of your unless the traffic is in response to one of your
computerscomputers or when using port forwardingor when using port forwarding
Alternately…Alternately… incoming traffic can go to one computer on your incoming traffic can go to one computer on your
network by establishing a "Default DMZ Server“ network by establishing a "Default DMZ Server“ (humorous reference to "Demilitarized Zone") (humorous reference to "Demilitarized Zone")
avoids having to figure out what ports an Internet avoids having to figure out what ports an Internet application wants application wants
» all ports are open for that computer…all ports are open for that computer…
Bastion HostBastion Host Acts as a firewall, and also runs the proxy and
other services Main or only point of contact between users of
an internal network and the external network Must be highly secured because it is
vulnerable to attack External logins to the Bastion Host must not
be allowed as user accounts represent an easy way to attack networks…
Dual Homed HostDual Homed Host Based on dual hoBased on dual hommed computer (2+ ed computer (2+
interfaces)interfaces) Does NOT allow through routing of packetsDoes NOT allow through routing of packets Communication through the DHH occurs as Communication through the DHH occurs as
follows:follows: via proxiesvia proxies UsersUsers login to DHHlogin to DHH
HoweverHowever:: logging in of users to DHH will create further logging in of users to DHH will create further
security problemssecurity problems…… NNot all Internet servicesot all Internet services can be proxied can be proxied forfor
technical reasonstechnical reasons
** Firewall **Dual-homedHost with proxyservices
INTERNETDual Homed Host
Uses a screening routerUses a screening routercan block certain types of servicecan block certain types of service
Routes packets to internal bastion Routes packets to internal bastion onlyonlymay act as a proxy for servicesmay act as a proxy for services
Disadvantage: Disadvantage: ifif the internal bastion is hacked into the internal bastion is hacked into then other computers on the internal then other computers on the internal
network can then easily be accessednetwork can then easily be accessed
Screened HostScreened Host
INTERNETScreened Host
BlockedServices
X
Screening Router
Bastion Host
(Proxy Services)
Firewall
Typical Types of Typical Types of External Attacks - 1External Attacks - 1
ExhaustiveExhaustive ““brute force” attacks using all possible brute force” attacks using all possible
combinations of passwords to gain accesscombinations of passwords to gain access InferenceInference
taking educated guesses on passwords, based on taking educated guesses on passwords, based on information gleanedinformation gleaned
TOC/TOU (Time of check/use)TOC/TOU (Time of check/use) 1. use of a “sniffer” to capture log on data1. use of a “sniffer” to capture log on data 2. (later) using captured data & IP address in an 2. (later) using captured data & IP address in an
attempt to impersonate the original user/clientattempt to impersonate the original user/client
Typical Types of Typical Types of External Attacks - 2External Attacks - 2
Three other types of attacks that Three other types of attacks that firewalls should be configured to protect firewalls should be configured to protect against: against: denial of service (DOS) attacksdenial of service (DOS) attacks distributed denial of service (DDOS) attacksdistributed denial of service (DDOS) attacks IP Spoofing (pretence that the data is IP Spoofing (pretence that the data is
coming from a “safe” source IP addresscoming from a “safe” source IP address
Firewalls and TCP, UDP portsFirewalls and TCP, UDP ports Remember this model?Remember this model?
TELNET FTP NFS DNS SNMP
TCP UDP
IP
SMTP
TCP ports that may be open TCP ports that may be open to attackto attack
TCP and UDP portsTCP and UDP ports both important features of TCP/IPboth important features of TCP/IP provide logical links for passing data between the provide logical links for passing data between the
transport layer and an application layer servicetransport layer and an application layer service Usually defined by an RFC (remember those?)Usually defined by an RFC (remember those?) Examples:Examples:
FTP: port 21 FTP: port 21 Telnet: port 23Telnet: port 23 SMTP: port 25SMTP: port 25 DNS: port 53DNS: port 53 HTTP: port 80HTTP: port 80 POP3: port 110POP3: port 110
Problem…Problem… what if the service isn’t being used?…what if the service isn’t being used?…
Blocking TCP ports with a Blocking TCP ports with a FirewallFirewall
Very many TCP and UDP ports:Very many TCP and UDP ports: 0 - 1023 are tightly bound to application services0 - 1023 are tightly bound to application services 1024 – 49151 more loosely bound to services1024 – 49151 more loosely bound to services 49152 – 65535 are private, or “dynamic”49152 – 65535 are private, or “dynamic”
In practice, any port over 1023 could be In practice, any port over 1023 could be assigned dynamically to a service…assigned dynamically to a service…
One of the more useful features of a firewall is One of the more useful features of a firewall is that ports can be configured, and therefore that ports can be configured, and therefore data flow can be monitored and controlleddata flow can be monitored and controlled
Blocking TCP ports Blocking TCP ports with a Firewallwith a Firewall
Generally, TCP ports should be:Generally, TCP ports should be:EITHER open for a service (e.g. HTTP on EITHER open for a service (e.g. HTTP on
port 80)port 80)OR… blocked if no service, to stop OR… blocked if no service, to stop
opportunistsopportunists But if the firewall only allows “official But if the firewall only allows “official
services” this can cause problems for services” this can cause problems for legitimate userslegitimate userse.g. if port 25 is blocked, email data e.g. if port 25 is blocked, email data
cannot be sentcannot be sent
Protecting Against TCP/IP Protecting Against TCP/IP Attacks, Probes and ScansAttacks, Probes and Scans
TCP/IP protocol stack has been TCP/IP protocol stack has been largely unchanged since the early largely unchanged since the early 1980's:1980's:more than enough time for hackers to more than enough time for hackers to
discover their weaknessesdiscover their weaknessesOften attack through a particular TCP Often attack through a particular TCP
portport
TCP Port 21: FTP (File TCP Port 21: FTP (File Transfer Protocol) Transfer Protocol)
FTP servers excellentFTP servers excellent BUT by their very nature they open up very big BUT by their very nature they open up very big
security holessecurity holes those that allow anonymous logins are used:those that allow anonymous logins are used:
» to launch attacks on the server itself, by to launch attacks on the server itself, by connecting to the C: drive and downloading viruses connecting to the C: drive and downloading viruses or overwriting/deleting filesor overwriting/deleting files
» to store pirated files and programsto store pirated files and programs Precaution: Precaution:
configure FTP servers NOT to accept anonymous configure FTP servers NOT to accept anonymous loginslogins
only allow access to port 21 through the firewall to only allow access to port 21 through the firewall to that particular serverthat particular server
Making Effective use Making Effective use of the DMZof the DMZ
Ever better alternative for port 21 security:Ever better alternative for port 21 security:» place FTP server on a place FTP server on a perimeter network, orperimeter network, or
"DMZ" of the firewall"DMZ" of the firewall A DMZ is used to segregate inherently insecure A DMZ is used to segregate inherently insecure
servers that require a higher degree of network servers that require a higher degree of network access from the rest of your networkaccess from the rest of your network» an FTP server on a DMZ that has been an FTP server on a DMZ that has been
compromised will then not be able to be used to compromised will then not be able to be used to attack the rest of the networkattack the rest of the network
» of course, if there is no FTP server, a DMZ might of course, if there is no FTP server, a DMZ might not be necessary…not be necessary…
TCP Port 23: TelnetTCP Port 23: Telnet Telnet is really good for providing access to Telnet is really good for providing access to
servers and other devicesservers and other devices accessing a server via Telnet is very much like being accessing a server via Telnet is very much like being
physically located at the server consolephysically located at the server console Protecting against Telnet is simple: Protecting against Telnet is simple:
block ALL access to port 23 from the outsideblock ALL access to port 23 from the outside block perimeter networks to the insideblock perimeter networks to the inside
Protecting internal servers from attack from the Protecting internal servers from attack from the inside:inside: configure them to accept telnet connections from configure them to accept telnet connections from
very few sourcesvery few sources block port 23 completely…block port 23 completely…
TCP Port 25: SMTPTCP Port 25: SMTP Email programs large, complex, accessible…Email programs large, complex, accessible…
Therefore an easy target…Therefore an easy target… Buffer overrun:Buffer overrun:
» attacker enters more characters – perhaps including attacker enters more characters – perhaps including executable code - into an email field (e.g. To: ) than is executable code - into an email field (e.g. To: ) than is expected by an email serverexpected by an email server
– error could be generatederror could be generated– hackers could gain access to the server and the networkhackers could gain access to the server and the network
SPAM attackSPAM attack::» protocol design allows a message to go directly from protocol design allows a message to go directly from
the originator's email server to the recipient's email the originator's email server to the recipient's email serverserver
can ALSO be relayed by one or more mail servers in the middlecan ALSO be relayed by one or more mail servers in the middle BUT… this is routinely abused by spammersBUT… this is routinely abused by spammers
– forward message to thousands of unwilling recipientsforward message to thousands of unwilling recipients
Port 25 SMTP: solution…Port 25 SMTP: solution…
Buffer Overrun:Buffer Overrun:Solution: put server on a perimeter Solution: put server on a perimeter
networknetwork Spam AttackSpam Attack
Solution: DISABLE the relaying Solution: DISABLE the relaying facility…facility…
TCP and UDP Port 53: DNS TCP and UDP Port 53: DNS (Domain Name Service)(Domain Name Service)
One of the core protocols of the InternetOne of the core protocols of the Internetwithout it, domain name to IP address without it, domain name to IP address
translation would not existtranslation would not exist PROBLEMS: If a site hosts DNS, PROBLEMS: If a site hosts DNS,
attackers will try to:attackers will try to:modify DNS entriesmodify DNS entriesdownload a copy of your DNS records (a download a copy of your DNS records (a
process called process called zone transfer)zone transfer)
Port 53 DNS: Solution…Port 53 DNS: Solution… Solution:Solution:
configure firewall to accept connections from the configure firewall to accept connections from the outside to TCP port 53 only from your secondary outside to TCP port 53 only from your secondary DNS serverDNS server» the one downstream from you e.g. your ISPthe one downstream from you e.g. your ISP
consider creating two DNS servers: one on your consider creating two DNS servers: one on your perimeter network, the other on the internal network:perimeter network, the other on the internal network:» perimeter DNS will answer queries from the outsideperimeter DNS will answer queries from the outside» internal DNS will respond to all internal lookupsinternal DNS will respond to all internal lookups» configure a Stateful inspection firewall to allow configure a Stateful inspection firewall to allow
replies to internal DNS server, but deny connections replies to internal DNS server, but deny connections being initiated from itbeing initiated from it
TCP Port 79: FingerTCP Port 79: Finger
A service that enumerates all the A service that enumerates all the services you have available on your services you have available on your network servers:network servers:invaluable tool in probing or scanning a invaluable tool in probing or scanning a
network prior to an attack!network prior to an attack! To deny all this information about To deny all this information about
network services to would-be attackers, network services to would-be attackers, just block port 79…just block port 79…
TCP Ports 109-110: POP TCP Ports 109-110: POP (Post Office Protocol)(Post Office Protocol)
POP easy-to-use…POP easy-to-use…but sadly it has a number of insecuritiesbut sadly it has a number of insecurities
The most insecure version is POP3 The most insecure version is POP3 which runs on port 110which runs on port 110if the email server requires POP3, block all if the email server requires POP3, block all
access to port 110 except to that serveraccess to port 110 except to that serverif POP3 not used, block port 110 entirely…if POP3 not used, block port 110 entirely…
TCP Ports 135 and 137 TCP Ports 135 and 137 NetBIOSNetBIOS
The Microsoft Windows protocol used The Microsoft Windows protocol used for file and print sharingfor file and print sharinglast thing you probably want is for users on last thing you probably want is for users on
the Internet to connect to your servers' files the Internet to connect to your servers' files and printers!and printers!
Block NetBIOS. Period!Block NetBIOS. Period!
UDP Port 161 SNMPUDP Port 161 SNMP SNMP is important for remote management SNMP is important for remote management
of network devices:of network devices: but also it poses inherent security risksbut also it poses inherent security risks stores configuration and performance parameters stores configuration and performance parameters
in a database that is then accessible via the in a database that is then accessible via the network…network…
If network is open to the Internet, hackers can If network is open to the Internet, hackers can gain a large amount of very valuable gain a large amount of very valuable information about the network…information about the network…
So… So… if if SNMP is used:SNMP is used: allow access to port 161 from internal network only allow access to port 161 from internal network only otherwiseotherwise, block it entirely, block it entirely
Denial of Service (DoS) AttacksDenial of Service (DoS) Attacks An An attempt to harm a network by attempt to harm a network by
flooding it with traffic so that network flooding it with traffic so that network devices are overwhelmed and unable to devices are overwhelmed and unable to provide services. provide services.
One of the primary DOS attacks uses One of the primary DOS attacks uses Ping, an ICMP (Internet Control Ping, an ICMP (Internet Control Message Protocol) service:Message Protocol) service:sends a brief request to a remote computer sends a brief request to a remote computer
asking it to echo back its IP addressasking it to echo back its IP address
““Ping” AttacksPing” Attacks Dubbed the "Ping of Death“Dubbed the "Ping of Death“ Two forms:Two forms:
the attacker deliberately creates a very large ping the attacker deliberately creates a very large ping packet and then transmits it to a victimpacket and then transmits it to a victim» ICMP can't deal with large packetsICMP can't deal with large packets» the receiving computer is unable to accept the receiving computer is unable to accept
delivery and crashes or hangsdelivery and crashes or hangs an attacker will send thousands of ping requests to an attacker will send thousands of ping requests to
a victim so that its processor time is taken up a victim so that its processor time is taken up answering ping requests, preventing the processor answering ping requests, preventing the processor from responding to other, legitimate requestsfrom responding to other, legitimate requests
Protection: Protection: block ICMP echo requests and repliesblock ICMP echo requests and replies ensure there is a rule blocking "outgoing time ensure there is a rule blocking "outgoing time
exceeded" & "unreachable" messagesexceeded" & "unreachable" messages
Distributed Denial of Service Distributed Denial of Service Attacks/IP SpoofingAttacks/IP Spoofing
Related :Related : A DDOS attack has occurred when attackers gain A DDOS attack has occurred when attackers gain
access to a wide number of PCs and then use access to a wide number of PCs and then use them to launch a coordinated attack against a them to launch a coordinated attack against a victimvictim» often rely on home computers, since they are less often rely on home computers, since they are less
frequently protected (they can also use worms frequently protected (they can also use worms and viruses)and viruses)
If IP spoofing is used, attackers can gain access to If IP spoofing is used, attackers can gain access to a PC within a protected network by obtaining its IP a PC within a protected network by obtaining its IP address and then using it in packet headersaddress and then using it in packet headers
Protection against DDOS Protection against DDOS & IP Spoofing& IP Spoofing
Block traffic coming into the network that contains Block traffic coming into the network that contains IP addresses from the internal network…IP addresses from the internal network…
In addition, block the following private IP, illegal In addition, block the following private IP, illegal and unroutable addresses:and unroutable addresses: Illegal/unroutable:Illegal/unroutable:
» 255.255.255.255, 27.0.0.0, 240.0.0.0, & 0.0.0.0255.255.255.255, 27.0.0.0, 240.0.0.0, & 0.0.0.0 ““Private” addresses useful for NAT, or Proxy Servers (RFC 1918):Private” addresses useful for NAT, or Proxy Servers (RFC 1918):
» 10.0.0.0-10.255.255.25510.0.0.0-10.255.255.255» 172.16.0.0-172.31.255.255172.16.0.0-172.31.255.255» 192.168.0.0-192.168.255.255192.168.0.0-192.168.255.255
Finally, keep anti-virus software up-to-date, & Finally, keep anti-virus software up-to-date, & firewall software patched and up-to-datefirewall software patched and up-to-date