A lot of people get confused over the difference between the internet and the World Wide Web. Aren’t they interchangable? Aren’t they the same thing?

image courtesy of http://icanhascheezburger.com/

They aren’t, but the difference is largely ignored, and which ever term you use, most people know what you mean. Still, there is a difference, and for those who are interested, here’s the easiest way to remember the distinction that I’ve come across.

The internet is the network connecting online computers. Just like your home network, built around a modem and router, the internet is a series of routers and servers (computers that serve files and web pages) that form an international network of connected computers. In the 1970s and 80s the Defense Advanced Research Projects Agency (DARPA) created the Transmission Control Protocol/Internet Protocol (TCP/IP), the means by which the vast majority of computers connect to and navigate the internet.

The World Wide Web is the content being offered on the internet. It consists of web pages, files, web services and applications. For example, Amazon is a part of the World Wide Web that you can access via the internet. Tim Berners-Lee invented the HyperText Transfer Protocol (HTTP) in 1990 as a means to link to documents and files stored in servers around the world connected to the internet.

Internet: a network of connected computers.

World Wide Web: the content you can access on the internet.

So many arguments online about Linux not being ready for the desktop, not being robust enough for the enterprise solution.

Bah.

Linux is good enough for everything I do online on a daily basis. Email checking, website maintenance, blogging, forum posting… So many services are web-based these days I don’t even have to depend on my OS to install applications.

With Microsoft preparing to offer 7-9 different flavors of Windows 7, repeating the mistake they made with Vista, and many reviewers of the beta calling 7 “Vista SP2″, what are those great arguments about the superiority of Windows again?

Related articles by Zemanta

• Microsoft’s Plan to Upsell Windows 7 (blogs.wsj.com)
• ROFL? Regular people can’t tell the difference between Windows 7 and KDE 4 (crunchgear.com)
• Windows 7 comes in six different flavours (timesonline.typepad.com)

By now your home/small business router is pretty secure. No one can find your network by searching for available wireless networks because the SSID isn’t being broadcast. If they do happen to find it, they’ll find they have to provide a key phrase at least 8 characters long to access it.

Let’s say you had a party at your house and someone was able to watch you log into your network, or an ex-employee is still using his credentials to log in and download movies on your office network. How can we keep people out who know their way around the castle walls?

There are two settings in your router that will help.

Look for an option that provides MAC (Media Access Control) filtering. It’s usually on the Security or Filter tab. Every electronic device that connects to your network, wired and wireless, has a quasi-unique MAC address. This is nothing more than an identifying number, expressed as six groups of two hexadecimal digits, separated by hyphens or colons, in transmission order, e.g. 01-30-45-65-87-ab, 01:30:45:65:87:ab.

Your router can tell you the MAC address of each device on your network. MAC filtering limits access to the network to only those machines with pre-approved address. If you create a filter that allows only 01-30-45-65-87-ab to access your network, all other machines with different MAC addresses will be locked out. This again isn’t foolproof, MAC addresses can be spoofed. But few people would bother to go to the trouble of doing that just to gain access to the typical home/small business network.

Another way to prevent abuse of your wireless network is to schedule availability. This is usually listed as Access Control. If you shut off all internet traffic between, for example, midnight and 7 AM, no one will be able to use your network to access the internet while you’re asleep or your business closed. This also limits the opportunities for hackers to attack your network from the internet side.

Let’s recap: Your router’s SSID is unique and not being broadcast, you’ve changed the router’s password and IP address. Only machines with registered MAC addresses are allowed on your network, and the network itself is only available from 7 AM to 11 PM. You are using WPA2 for security with a pre-shared key at least eight characters in length.

While there are other more obscure steps you can take to further tie down your network, the above will provide you with enough security to keep out all but the most determined intruders.

Tomorrow we’ll begin discussing securing your laptop. Portable computers these days have just as many important files and documents as home computers. Once again I have to say that it is virtually impossible to absolutely secure the information stored on your laptop’s hard drive should you lose your computer. But we can take steps that will make the task sufficiently difficult that most people stealing or misappropriating your laptop will simply toss your hard drive away and install their own. You will still be without your computer but at least you’ll be reasonable assured that the information it contains hasn’t been accessed.

Let’s log back into your router’s configuration utility at its new address, 172.16.1.1. Type in your username and new password and click “Enter”.

On the same page where we changed the IP address of the router, look for two settings that should help your computer stay connected to the internet without disruptions, but don’t address security. First find the MTU setting. The default setting is 1500. If you’re on a cable connection, leave it at that. If you have DSL, you want to lower that to 1492. Then check for a setting that offers the choices of 10mbps, 10/100mbps or 100mbps. This concerns the connection from the router to the modem. If you know for sure your modem operates at 100mbps (and most modern modems do) you can select 100mbps. This will ensure your router and modem are working at the same speed. If you aren’t sure, select 10/100mbps, which allows for either option. 

Now we want to make a minor adjustment, again not for security as much as to ensure we don’t get interference from other electronic devices using the wireless frequency we’re using. Look for the Wireless Settings tab. There should be a channel select option, usually set to the default channel 1. If you are getting interference from other electronics in your environment, say a wireless phone using the 2.4GHz frequency range, try changing the router’s channel to 6 or 11. Channels 1, 6 and 11 are the only three that don’t overlap, so try to only use one of those.

Be sure after making changes to any value on a page in the configuration utility you select “Save Settings” before proceeding. You may be required to reboot the router as well.

Back to security. On that same Wireless Settings page, find the SSID. By default this is often set to the name of the router or the manufacturer. This is the name that the router broadcasts so other computers can find your network. On your computer, this is the name that shows up when you search for available wireless networks. It should be unique, but you don’t want to make it too identifiable. Using your name or address as the SSID is not wise. Instead, use a pet’s name or something similar, easy to remember but not personally identifying. The exception: A small business may want to use their business name if they allow clients or employees to use their network. Once all the computers that are authorized for your network have found it on their list of available wireless networks and logged in (and saved that login information as a preferred network), come back to this page and turn SSID Broadcast off. This will keep unauthorized computers from seeing your network and attempting to join it.

Now look for the Wireless Security settings called WPA mode or something similar. The first option is WEP. Ignore this unless you have wireless devices that refuse to connect in any other way. WEP hacks are widely posted on the internet and WEP can be broken in under 15 minutes by even the most unskilled hacker. The lowest level of wireless security you should consider is WPA, and WPA2 is even better.

(Note: these can also be broken and should not be considered absolutely secure. Short of disconnecting from the internet, there is no absolutely secure way to connect wirelessly. What we want to do is make it as difficult as possible to an unauthorized person to gain access to your network and the computers on it. Most hackers won’t bother trying to get into a well-protected network. However, if you provide a service over your network or do anything might lead a person to suspect that there are credit card numbers or other valuable things to be found on a computer on your network, your security needs will be much higher and beyond the scope of what we’re covering here.)

WPA2 requires a pre-shared key. This is an 8- to 63-character alphanumeric pass-phrase. For good security it should be of ample length and should not be a commonly known phrase. You’ll need to enter it every time you want to join the wireless network. So we’re going to select WPA2 and create a key. At this point you should save your settings.

Next we’ll make a few last configuration changes to the router, suggest a few optional changes that provide minimal security (but even a little security is better than none) and move on to securing your laptop. Later we’ll be discussing free software that provides protection for your computer as you’re using it.

Recently, on another blog, I posted a couple of stories about the increased risks computers and networks face from external penetration. Whether this is being done by the government or the hacker down the street, it’s an unwelcome violation of your right of privacy.

I’d like to share what I’ve learned working for both Gateway computers and D-Link help desks. Because I’m blogging from work, I’m going to break these tips into small blocks. Each tip is independent from the others, so don’t hesitate to put one tip into practice while waiting for me to post the next. I hope to post one a day until done.

A wired network, one which has ethernet cables running from the modem to the router and from the router to each device connected to the network, is inherently secure. Only someone with physical access to a computer wired to the network can gain access.

Wireless networks, on the other hand, are inherently insecure. Anything sent over radio waves can be intercepted. For this reason security specialists advise us to never conduct banking or shopping transactions that involve sharing our credit card number or other sensitive personal information over a wireless or cell phone or over a wireless network.

Yet there are a few simple steps that we can take to provide a modicum of safety for both our home or small business network and the computers we connect to that network wirelessly.

Security settings on a wireless router are hardly ever set up by default. You have to go into your router’s settings and make a few changes to ensure that no unauthorized computers can access your network or the other computers on the network.

The username and password you need to access your routers settings will vary from model to model. If you’ve forgotten yours, this list may help. Because those are so well known to everyone, the first step we want to take is to change the default router settings.

Open your browser and type in the address bar the IP address of your router. It’s usually 192.168.1.0 or 192.168.0.1. Check your router’s documentation if you aren’t sure, or try a couple of variations (192.168.1.1, 192.168.0.0) until you get a log in window. Here’s where you enter your username (admin, root, etc.) and the default password. The first page you see will most likely be the general settings page. Look for the router’s IP address (the same one you typed in the address bar).

We’re going to change that to a less popular private IP. It has to be an IP address not used on the internet. So it has to be either 10.x.x.x, 172.x.x.x or 192.x.x.x. For this example we’ll use 172.16.1.1. Enter the new IP address in the box where the old one was and select “apply”. Now look for the router password. Change this to a password you think up. Now reboot the router (there should be a button that will do this for you or you may have to power off the router for 15 seconds then power it back on.)

Once the router reboots, to access the configuration utility again you’ll have to enter the default username (most routers won’t let you change this) and your new password.

In the next few posts we’ll continue to secure your router, then move on to securing your laptop.

Why should you join Friendfeed and/or Twitter and subscribe to the tech-bloggers in the know? Because you might stumble across tantalizing little tidbits like this:

Robert Scoble - Twitter

“Microsoft has something cool coming out tomorrow night. Will it make me cry? No, but it might get me to sing its praises.”

Amit Agarwal at DigitalInspiration passes along this valuable information:

It seems as if email spammers have found a workaround to trick both the virus scanner and spam filters of Gmail.

I have got at least three different mails in my Gmail account today that carry virus attachments but they still managed to reach the inbox just like other regular mails.

Looking at the file name (mywifepics.zip), it was fairly obvious that the attachment is a virus and Windows Defender too helped confirm the same as some Win32/Wmfap exploit.

Why you get Virus Infected mails in Gmail

Now the reason why these infected zip attachments could trick Gmail so easily is because they were password protected and Gmail scanners cannot read contents of such files. What’s surprising though is that even the spam filters of Gmail failed to catch these messages.

If you get an email with a suspicious attachment, forward that to scan@virustotal.com to confirm if the file is a virus or not.

Amit has screenshots on his site that show you what to watch for. As always, beware of attachments from people you don’t know. Your virus scanner should inspect all attachments, even those from friends.

Is it possible for someone to create a malicious filter without having access to your Gmail username and password? No, however, they can force you to create the filter without your knowledge.

The blogosphere is buzzing about a Gmail Security Flaw that has caused some people to lose their domain names registered through GoDaddy.

To understand how this exploit works let me first explain how I would carry it out (if I were a blackhat). Then we can move on and explain the exploit in detail.

Brandon has written an informative article on this exploit over at geekcondition.com.

If you use Gmail, have filters set up and have a domain registered with GoDaddy you should read the full article. Then I’d recommend you immediately change hosts. My dislike of GoDaddy is documented elsewhere.

From the Washington Post:

A U.S. based Web hosting firm that security experts say was responsible for facilitating more than 75 percent of the junk e-mail blasted out each day globally has been knocked offline following reports from Security Fix on evidence gathered about criminal activity emanating from the network.

For the past four months, Security Fix has been gathering data from the security industry about McColo Corp., a San Jose, Calif., based Web hosting service whose client list experts say includes some of the most disreputable cyber-criminal gangs in business today.

On Monday, Security Fix contacted the Internet providers that manage more than 90 percent of the company’s connection to the larger Internet, sending them information about badness at McColo as documented by the security industry.

On Tuesday afternoon, I heard back from Global Crossing, one of McColo’s major Internet providers. Their spokesman declined to discuss the matter, except to say that Global Crossing communicates and cooperates fully with law enforcement, their peers, and security researchers to address malicious activity.

Two hours later, I heard from Benny Ng, director of marketing for Hurricane Electric, the Fremont, Calif., company that was the other major Internet provider for McColo.

Hurricane Electric took a much stronger public stance: “We shut them down,” Ng said.

The badness attributed to McColo was not limited to spam. It included child pornography sites; sites that accepted payment for spam and child porn; rogue anti-virus Web sites; and a huge malicious software operation that apparently stole banking and credit card data from more than a half million people worldwide.

Have you noticed your spam folder filling slower today?