Spam Free Email

Last week I was adding some rules to my firewall and thought I’d clean some stuff up at the same time. I saw a port or two that I didn’t think I was using anymore and so I cleaned them up, only to get a complaint 3 days later that the FTP download access from one of my sites was no longer working.

Moral: Always check before you tighten security too much

Okay, now that I’ve told everyone that they should secure their network so that people can’t hack in there is some fessing up to do

About two weeks ago I was going to a friends house, I called as I was getting close and told them I’d be there soon. They promptly told me that they wouldn’t be back home for an hour. So I decided to have lunch and turned on my laptop. Sitting in the parking lot across from my friends home I was able to access 5 different WiFi networks.

So after going and getting some mexican food, I went back to my car and surfed the ‘net till my friend got home.

Bottom line is that if everyone did their own part and secured their own networks half of the issues the bog down the Internet would go away. Using some simple principles and tools you can lock down your network so that only the most experienced hackers can get into your network.

Some simple things that will help are to make sure you have closed your email server so that it is not an open relay. If you need to have access from the outside work to your email server setup up some type of authentication or change the incoming port for your SMTP server.

If you are concerned about security then make sure to use WEP on your wireless router. WEP can be broken and hacked, but the effort is usually not worth it. If you don’t do this then many resources on your network are just ripe for people to use, including any email servers. If you have a closed relay and someone can attack to your network via a wireless connection, they are inside your network and can email anything they want.

If you are providing free wireless Internet service (on purpose) then you might want to see if there is a way to disable port 25 on your equipment. This is the primary port for SMTP email and this will make it so that no one can send spam from your wireless network.

Make sure to put passwords on everything. I’m not a huge advocate of making people change their passwords or anything, but leaving things wide open is an invitation for disaster.

Check for service packs and patches, you should do this every once in a while. I try to do this at least once a quarter.

Only allow access to port that you are currently using. Every open port is an invitation to try to hack it. If you only have access on the port that you are using then you only have to worry about the things that are necessary to make you network work.