A NAS device, in simple English, is a disk drive that is attached to your network instead of to a specific computer. Because it is attached to the network, you can access the data on it from any computer on the network.

You can get two kinds of NAS gadgets:

1. A controller with one or more empty drive bays to which you can attached any internal IDE disk drive
2. An all encompassing device with one or more disk drives built-in.

The two are not much different. In the fist instance, you have to do the work of attaching a drive to the controller yourself while in the second instance the manufacturer does the work for you. Buy one which you are comfortable with.

NAS devices usually come with their own operating system, mostly some flavor of Linux. Therefore, they can work with PCs, Macs, and even Linux computers. Installing them is quite simple. You take them out of the box and attach drives, if necessary. Then you connect them to a hub, switch, or router on your network by means of an Ethernet cable. That’s it. The device appears under your network in My Network Places.

But you might not be able use it as yet. Some devices are preconfigured for use with Windows computers and their drives are formatted in FAT or FAT32 format. They even have a default share. If you purchase such a device, you are in business right away. You must configure others before you can use them.

Configuring these devices is quite easy. They have a browser-based management interface very similar to that of a router. You type the URL provided in the device’s manual in your browser’s address to bring up the management interface just as you do with a router. You can do the following in the management interface:

1. Format the drive
2. Create folders and share them
3. Create user accounts
4. Grant users access to the shared folders

The process of formatting the drive and creating folders is basically the same as it is on your computer. But you must check the device’s manual before doing so. With some NAS devices, you can’t format the drive in NTFS format if you want to write to it; you must use the FAT or FAT 32 formats. And some devices don’t support long folder names — you must restrict folder names to the 8.3 format (8 character filenames). Read the manual and format the drive accordingly. Then create folders on it depending on the supported naming convention and enable sharing on them. If you want the data on the network to be accessible to everyone on the network, you don’t need to do much else, but if you want to restrict the access to only certain users, you must configure folder access rules.

The first step is to create user IDs from the device’s management interface. The trick is to create the same user ID and password for a use as the one he has on his computer. Windows has a built-in feature called pass-through authentication which automatically manages the access. It passes the user ID and password to the device, which uses it to authenticate the user. But be careful. Some devices only support eight character passwords. If yours is one of them, and your users have longer passwords, you will have to reduce the length of the user’s passwords on their computers to eight characters or less for pass-through authentication to work.

The next step is to grant access to the shared folders to the user accounts you just created. This process is exactly the same as sharing a folder on your computer with another user. So you won’t have much trouble with it.

Finally you map the shared folders as drives on the user’s computers. Everyone can now use these shared folders as if they were on their own computers.

"Why go through all this trouble", you ask? First, you don’t have to leave all your computers on simply for other people to access shared folders on them. But the biggest reason is that you can streamline your backup process. If you leave your applications on your computers but move the data to the NAS device, you only have to back up a few folders in a single location instead of backing up several folders on several computers.

In fact, most of these devices come with a USB port at the back, to which you can attach a regular external hard drive. (Make sure the capacity of the external drive is equal to or greater than the NAS drive.) The devices also come with automatic backup software. All you have to do to schedule automatic backups is select the folders to back up and set a time to start the back up. Both the settings can be set from the device’s management interface.

As a bonus, most NAS devices come with a built-in print server. Recall from the first part of this article that you can connect desktop printers to a network with the help of a print server. If you buy a NAS device, you don’t have to buy a separate print server; you can simply use the built-in one. But keep in mind that some features of AIOs won’t work with print servers.

Believe it or not, this is an incredibly simple and elegant storage, backup, and printer sharing solution for workgroups– you don’t have to mess with tapes and writable CDs or DVDs. And it is an inexpensive one too. NAS devices are not expensive. I recently bought 500GB device at Buy.com for under $150. For under $250, including the cost of an external USB drive, you can share all your data, back it up automatically, and even share your old desktop printer. Now that’s what I call an irresistible deal!

Then came the broadband revolution. All of a sudden broadband service providers started throwing in a little box called a router with their package. These routers usually had four Ethernet ports on the back. You didn’t have to worry about setting up ICS any more. You simply had to put a network card in each of your computers and connect them to the router using a cable with a phone-jack-on-steroids at each end. That’s it. The router took care of everything.

Most people associate a router with a shared Internet connection. But what many fail to realize is that a router can do much more than simply connecting them to the Internet. It can act as the cornerstone of a network that has not only computers attached to it but other devices as well. In fact, you can now get all sorts of gadgets that allow you to use your network to its full potential.

The first thing you must know about an Ethernet network is that each device connected to it needs something called an IP address. Think of an IP address as a unique number that identifies that device on the network. In the good old days, you had to assign IP addresses to devices manually. But modern routers have a software program called a DHCP server built into them. The DHCP server automatically assigns an IP address to anything that is connected to the network it is on. That’s why you can simply plug in a cable into the router’s port and everything works just fine.

But a router usually has only four ports. What if you want to connect five computers or devices to it? No problem. That can easily be done. You just have to run to the local CompUSA and get another little box called a hub. A hub looks suspiciously like a router. But it’s not a router. It usually has five or nine (and sometimes more) Ethernet ports on the back. One of those ports is called an uplink port. Some smart hubs don’t have a designated uplink port – you can use any port as an uplink port. You connect the uplink port of a hub to a port on the router by means of an Ethernet cable. Then you can use the remaining ports on the hub as if they were on a router. In effect, a hub adds ports to your network which you can use to add more computers or devices. You can add a hub anywhere on your network. You can even chain hubs to create more ports. Hubs, in effect, allow you to expand your network.

One problem with hubs is that they are slow. That’s so because data flows through them only in one direction at a time. They are like roads under construction where a guy, wearing an orange vest and a Stop/Go sign in his hand, allows traffic in either direction to pass alternately. Better substitutes for hubs are devices called switches. Switches are just like hubs, but they allow data to flow in both directions simultaneously. Naturally they are a little more expensive than hubs.

Okay, now you know how to expand your network. But what will you do with all those ports? As it happens, you can connect all sorts of gadgets to them.

To begin with, you can share printers. "Big deal!" you might say, "I already share my printer from Windows." The problem with that scheme, however, is that the computer to which the printer is attached must be powered on for the Windows share to work. A network attached printer doesn’t have that restriction. As long as the printer itself is powered on, you can print to it from any computer on the network.

So how do you connect a printer to the network? Just as you connect a computer to the network. With an Ethernet cable. But to do so, your printer must have an Ethernet port. Such printers are called network printers. They are not expensive. They cost roughly the same as regular printers. Recently I bought a Brother network printer on sale at Staples for $79.

Once a printer is on the network, you will be able to see it in the Add Printer dialog from all your computers. Just add it as you would a regular printer and you can print to it.

But what if you already have a desktop printer? Again, no problem. You must get another gadget called an Ethernet print server. These gadgets have an Ethernet port and one or more USB or parallel ports. You connect the print server to a router, a hub, or a switch with, you guessed it, an Ethernet cable. Then you connect your desktop printer to the USB port on the print server. As you can see, it’s pretty easy to transform your desktop printer into a network printer.

Once you attach all printers at home or in your home office to the network, printing becomes incredibly simple. No more frantic trips to Staples to get ink or copying files to the floppy to take them to another computer for printing.

Before you trot along to buy a print server, keep in mind that print servers may not work with really old printers. If you have a parallel printer, you are better of throwing it and buying a network printer. Print servers also don’t work with All-In-One (AIO) printers. Some AIOs can print if they are connected to print servers, but you won’t be able to fax or scan with them over the network.

However, you can buy network AIO printers that will allow you to use the fax and scan features from any computer on the network. Of course, you will need to install the software that came with your printer on every computer you want to scan and fax from. Check out Brother’s AIOs if you are interested in these features.

Like printers, you can share disk drives over the network as well. Again, these drives are not a computer’s internal disk drives external USB drives attached to it. They are free-standing disk drives attached to the network with an Ethernet cable which are accessible to all computers on the network.

I’ll go over network-attached drives and a few more gadgets in next week’s column (Part 2).  Until then, happy printing!

Here are a few things you can do secure your wireless router and network:

1. Change your router’s default password

This should be the first step you take after you power up your router for the first time. Straight out of the box, most routers have a lame password such as "password" or no password at all. Not changing it is like leaving the front door of your house wide open before going on vacation. It’s an invitation to bad guys. Change it.

And write it down somewhere. If you forget it, (and you probably will because you don’t need it all that often) you will have to push is a little button at the back to reset it. Remember that resetting clears all settings. You will have to set all the configuration options again.

2. Disable your router’s remote administration option

The next step is to disable remote administration for your router. If remote administration is enabled, anyone can access your router across the Internet. This option is only suitable for people who don’t administer their own routers and commission some one else to do so for them over the Internet. Most people can do without it.

3. Disable wireless option if you don’t use it

If all your computers, printers, and pieces of other equipment are connected to the router by means of a cable, turn off the wireless connection, or "radio" as the documentation of some router calls it, on your router. If you can’t find the option in your router’s administration interface, your router is too old; you may want to get a new one.

4. Change your network’s name

Routers come with default names, of SSIDs as their names are called. Few people change them. That’s why you see so many networks named WLAN or Netgear. Change the name. But don’t change it to something like Joe’s Network. That’s a dead giveaway that it’s your network. Choose a name that you will recognize but others won’t.

5. Stop broadcasting the SSID

Out of the box, broadcasting of SSIDs is enabled on most routers because other computer equipment can "see" the router and connect to it. But if you can see the network, so can everyone else within the router’s wireless range. Stop broadcasting it.

If you do, you will have to memorize the SSID and enter it every time you want to set up a new wireless connection on a computer. This certainly is an inconvenience but it’s a small price to pay for maintaining a secure environment.  Keep in mind that this simple maneuver will not stop determined hackers.

6. Enable encryption on your router

Wireless routers employ three kinds of encryption schemes — WPA2 (Wi-Fi Protected Access 2), WPA (Wi-Fi Protected Access), and WEP (Wired Equivalent Privacy). WPA2 is the most secure scheme and WEP is the least secure one. WPA2 is available only on the latest routers. Use it if it is available on yours. If it isn’t, see if WPA is. It is preferable to WEP which is relatively easy to crack and therefore the least desirable. But if WEP is all your router supports, use it anyway. It is still better than no encryption scheme.

Remember that all your wireless equipment must support the encryption scheme you choose. If you select WPA for your router, but your wireless network card only works with WEP, you won’t be able to connect to your router. The solution, then, is to either use the scheme which is the least common denominator on all your equipment or upgrade the older equipment which doesn’t support the encryption scheme of your choice to newer models which do.

7. Limit the number of IP addresses

Most routers have built-in DHCP servers. The DHCP server assigns IP addresses to computers and pieces of other equipment when they connect to the router. A typical home router can support a couple of hundred pieces of equipment. But you can limit the number of IP addresses that the DHCP server will dole out. If you have two computers and a network printer, you can limit the number of IP addresses your DHCP server issues to three.

Mind you, this is not a fool-proof scheme. If one of your computers is off, one IP address is still up for grabs if a hacker can grab it.

8. Enable MAC address filtering

Each network card or interface has a globally unique address called a MAC address. You can configure your router to allow connections which originate from the MAC addresses of your computer equipment.

It’s not easy to find MAC addresses of all your equipment. The best way to get them is to connect all your equipment to the router while MAC address filtering is disabled. When you do so, you will see all your equipment listed in your router’s administration interface along with their MAC addresses. Print the page for your reference. Then enable MAC address filtering and enter the MAC addresses from the printed page.

All these settings are accessible from your router’s administration interface which you can go to by typing your router’s IP address in your browser. Check your router’s manual for its IP address.

Conclusion

As you can see, securing a wireless network is not very difficult. Yet, most people don’t bother with it and end up exposing their networks to online threats. Don’t let it happen to your network.

These days, most broadband service providers throw in a router with a new connection. Typically it has four slots on the back, which means that you can connect up to four computers to the Internet simultaneously without adding any other hardware. Once you connect a second computer to the router, you have a little network of your own. The next logical step for most people is to plug in a network-enabled printer into the router so that they can print to it from any of the computers on the network.

This kind of network is called a peer-to-peer network because all computers on it are peers — none of them is more important than the others. Unfortunately, that’s where many small networks stop growing in functionality. Few progress beyond sharing an Internet connection and a printer. But there is a lot more that you can do with a network.

It is possible to access data on a computer on a peer-to-peer network from any other computer on the network. This opens up many possibilities. You can back up important data on to the hard disk of another computer, for example, to protect it from disk crashes.

To share data between computers, you must take two steps:

1. Make a folder sharable
2. Grant access to the shared folder to others

The first step is easy enough. Bring up the properties of the folder of the drive in Windows Explorer, Click on the Sharing tab, and choose Share this folder option.

Granting access to others is a bit tricky. If you want Joe to share a folder on your computer, Joe must have an account on your computer as well. Once you create one for him, he can see the shared folder in My Network Places on his computer. When he clicks on it, your computer will ask him for a password, because it doesn’t know that Joe is the same Joe who has an account on your computer. Joe can then enter his user ID and password to authenticate himself with your computer. After he is authenticated, he can use the folder on your computer as if it were on his own computer.

The authentication can be seamless if you use a feature of Windows called pass-through authentication. The trick is to have an account for Joe on your computer as well as on his own computer with identical user ID/password combination. If this condition is met, Windows on his computer passes on his authentication information to Windows on your computer when Joe clicks on the shared folder. Your computer verifies it and allows Joe to access the folder without popping up an authentication dialog.

Sharing data this way is better than not being able to share it at all but this scheme of things has a couple of problems:

1. Your computer must be powered on when Joe wants to access the shared folder
2. Every time Joe changes his password on his computer, he must remember to change it on yours as well.

"Big deal" you might say, "We can easily manage that." And you would be right. But only as long as you and Joe are the only people sharing data on your network and you share a single folder. If you have ten people, ten computers, and forty shared folders, you will rack up dollars on your electricity bill and Joe will have to spend all his day changing passwords.

Wouldn’t it be great if all the authentication information could be stored in a single place away from all your computers so that Joe can do some useful work instead of changing his password three hundred times? And why not have the shared folders in the same location as the authentication information so that you won’t have to leave all your computers running all the time?

Such a solution does exist. It’s called a server. A server is a special computer which fulfils requests from other computers. Once you add a server to your network and entrust the responsibility of authentication to it, your network is transformed from a peer-to-peer network in to a client/server network.

A server merely provides a service when asked. Severs can provide different kinds of services. Large networks typically have many servers. Each server is usually dedicated to providing a single service. Those that provide file-sharing facilities are called file servers. Those that server Web pages are called Web servers, and those that provide authentication services are called Domain Controllers. There are many more. In smaller networks, typically found in home or small-business environments, a single physical server performs several of these duties.

Servers need special operating systems which are optimized for providing services as opposed to serving a single user interactively. They are much more difficult to install and configure than installing Windows on a desktop.

If you are technically challenged, you will probably need professional services for installing a server and setting up a network around it. If, on the other hand, you consider yourself a power user, you may be able to install a server yourself using an easy-to-install server operating system such as Windows Small Business Server 2003.

Windows Small Business Server 2003 performs several duties, which includes:

• Authentication
• Internet security
• Serving database queries
• Hosting of a Web server
• Hosting of an e-mail server
• File sharing services

Not every small business needs a server, but if you find that you and your co-workers are spending a good bit of time locating and exchanging documents, a server may just be what the doctor ordered.

While they are easy to install, wireless networks often have performance problems:

•  Your computer may show a very weak signal strength
• Telephones, microwaves, or other appliances may interfere with the wireless signal
• The signal quality may fluctuate, or even disappear altogether, in different parts of your office or home
• The connection may be very slow

Here is how you can improve the performance of you underperforming wireless network:

1.  Move wireless router to a better location

The biggest culprit for weak signals is the location of routers. Many routers are installed at less than ideal locations – under tables, in closets, in corners on the floor, and basements to name just a few. Many are installed near the outer wall of a building. This results in weak signals on the other end of the building.

It is often difficult to move a router too far away once it is installed. But it may be possible to move it by a couple of feet. Try moving it off the floor and away from the walls. If it is inside a closet, you may be able to get it out simply by drilling a hole in the wall for the cable.

2. Move wireless router away from other wireless equipment

Most wireless networks operate at 2.4MHz, the same frequency as older cordless telephones and other wireless gadgets. Signals from these gadgets may interfere with your router’s signals. You can try moving you router away from such equipment (or the equipment away from the router if you can’t move the router).

Another possible solution may be to upgrade your phones to newer ones which operate at 5.8MHz.

3. Get a high-gain antenna for your wireless router

If you can’t more the router, you can try replacing your router’s antenna with a high-gain antenna. You can’t replace antennas on all routers, but you can do so on many newer models.

Antennas on most routers have 360 degree coverage. If your router is located in one cornet of the building, a good part of its coverage area will lie outside the building. In such cases, you can get unidirectional high-gain antennas which transmit signals in 180 or even 90 degrees. Again, you must have router which allows you to replace its antennas.

4. Install a repeater

A repeater is a device for boosting wireless signals across greater distances. If your router’s signal is weak in a certain location in the building, you can place a repeater half way between the router and the location to boost the signal strength.

5. Upgrade your router’s firmware

Log in to your router’s administration interface. You will usually find an option to upgrade its firmware. Most people install routers and forget about them. You may be surprised to find that your router has several firmware upgrades that you haven’t applied.

6. Try changing your router’s broadcast channel

Most cordless telephones have a little button on the handsets which you can press to change the channel if there is noise on the line. Like cordless telephones, routers broadcast on many channels too. You may be experiencing weak or noisy signals simply because your router broadcasts on a channel that doesn’t work well at your location. Try changing the channel. You will find an option to change the channel in your router’s administration interface.

If fixes at the router end of your network don’t work very well, you can try fixes at the other end — your computer.

7. Update the network adapter on your computer

If you have a desktop computer with an internal network card, try using a USB network adapter instead. These adapters usually have an antenna of their own to better capture signals. Laptops with on-board network adapters are usually fine; you don’t need to replace them. But if you use a card adapter with your laptop, try getting one with an external antenna.

8. Update your computer’s network adapter drivers

Just as a router has firmware upgrades, the network adapter in your computer have driver updates. You can find driver updates at the adapter manufacturer’s website or at Windows Update web site.

If the signal strength doesn’t improve, you could try replacing your wireless router and network cards. You may have an old router which is based on the older 802.11b networking standard. 802.11g is the newer standard. 802.11g devices are several times faster that 802.11b devices. (802.11b devices operate an 11Mbps while 802.11g devices operate at 54 Mbps.)

802.11g devices are also backward compatible with 802.11b devices. In other words, if you buy a new 802.11g router, it will still work with the 802.11b network adapters in your computers. Still, if you upgrade your router to 802.11g, for best results you should consider upgrading network adapters in your computer to 802.11g as well.

If you decide to do so, consider buying extended-performance 802.11g devices which operate at twice the speed–108Mbps. But keep in mind that if you buy extended performance devices, you must buy all of them from a single manufacturer. Most manufacturers such as Netgear, Linksys, and D-Link make extended-performance 802.11g devices but they are not necessarily interoperable with devices from other manufacturers.

And if none of these solutions work, forget about wireless and go back to good old wired networking!

Now I am a techie and I know what I am buying. But if you are not a techie, deciding which PC to buy for your business and when to buy it can be an excruciatingly difficult process. So I’ll give you a few pointers on what to look for in a new business desktop.

CPU

The CPU is also called the microprocessor or processor. Two companies, Intel and AMD, make microprocessors. Intel’s microprocessors are generally comparatively more expensive than AMD’s. So, naturally, computers with Intel processors tend to be more expensive than those with AMD processors. Each company has its own cheerleaders, but for most people, either company’s microprocessor works equally well. Therefore computers with AMD processors often make more financial sense. Please don’t send me hate mail if you are in the Intel camp — I am not saying AMD’s processors are better; all I am saying is that they tend to be cheaper.

Both companies make premium processors and economy processors. Premium processors are usually the manufacturer’s flagship product. Economy processors are lower-end versions. Intel’s premium processor is the Core 2 Duo and its economy processor is the Pentium D. AMD’s premium processor is the Athlon 64 X2 and its economy processor is the Sempron.

Premium processors are faster and have more processing power. They are also more expensive. If you use your PC for high-end graphics or video editing work, or for computer-aided design (CAD) you will absolutely need the fastest, meanest processor you can find. If, on the other hand, you mainly use your PC for surfing the Web, Word processing, and other run-of-the-mill applications an economy processor may be just what the doctor prescribed.

If you have a small family, a small car may suffice for you. You can certainly buy a bus, but the excess capacity is wasted. The same is true of a processor’s processing power. If you can’t use it, there is little sense in paying for it.

The most prominently advertised feature of a processor is its speed. It is measured in GHz or Gigahertz and indicates how many basic instructions it can process in one second. A 3.0 GHz processor can perform 3 billion instructions per second. The latest processors are usually the fastest and usually carry a disproportionate premium. It often makes sense to buy processors a few rungs down the ladder. If the latest processor in the market is a 3.0 GHz processor, buying a 2.8 GHz or 2.4 GHz processor usually offers a better financial value without sacrificing too much on the performance front.

Finally there are 32-bit processors and 64-bit processors. 64-bit processors can process twice the amount of data in a given time as compared to 32-bit processors. But to take advantage of the extra capacity, you need software which is built for 64-bit processors. If you are buying the 64-bit version of Windows Vista, you will need 64-bit processors. But remember that there are very few 64-bit applications in the market, so functionality will be sacrificed under 64-bit.

Memory

Memory is often called RAM or Random Access Memory. Memory used to cost a fortune just a few years ago. Today memory is quire cheap. Assuming that you will run Windows Vista on your new computer (sooner or later), you will need at least 512 MB. But if you want to run other applications as well, 1 GB is highly desirable. If you run high-end applications to warrant a premium CPU, you may want to go as high as 4GB.

Memory is cheap at the moment and it is easy to install. So you don’t have to plan for your needs in the distant future. You can install additional memory later. But if you plan to do so, you need to consider the maximum amount of memory that the PC’s motherboard supports and the number of memory slots on it.

Let’s say you are looking at a PC with a maximum memory of 4 GB and 4 memory slots. If you want to install just 1 GB of memory, you are better off getting a single 1GB RAM chip rather than four 256 MB RAM chips. A 1 GB RAM chip will be slightly more expensive, but the expense is worth it because when you decide to upgrade, you can simply add additional 1 GB RAM chips. If, on the other hand, you buy four 256 MB RAM chips, you will have to throw them away when you decide to upgrade.

Hard Drives

Like memory, hard drives have become quite cheap in recent years. It is not uncommon to find 80GB or 120GB hard drives on even the cheapest PCs. But as with processors, bigger is not always better. If you store video or music on your PC, by all means buy as large a hard drive as you can. But if you use your PC strictly for business — estimates, proposals, invoices and other such mundane activities — an 80 GB drive may last you for ever.  However, note that smaller drives do not always cost less.  You can sometimes get a better deal going with a drive with a greater capacity.

Again like memory, it is easy to buy and install an additional hard drive later if you need it — an internal one if you can manage to install it, an external one otherwise.

Video System

A PC’s video system is responsible for sending video signals to the monitor. There are two common types of video systems — onboard video and video cards. The Video System needs memory. For most business applications 128 MB or 256 MB of memory is more than sufficient for the video system. For 2D multimedia applications (such as video editing), you may need more.

Onboard video is the cheaper option. It uses the PC’s RAM, but then leaves less RAM available for applications. You can compensate for it adding more RAM to your PC. For typical business applications, onboard video is good enough, and it saves you money.

But for graphics-intensive applications, a video card is the preferred option. Video cards have their own RAM chips. They don’t encroach on the PC’s RAM. Moreover, if your needs change, you can simply replace the video card with a more (or less) powerful one.

DVD Drive

CDs are on their way out. Look for DVD drives in a new computer. Preferably, they should be RW drives. That means they should be able to both read and write DVDs. DVD-RW drives are more expensive than CD-RW drives, but the additional expense is worth it, especially if you plan to own the computer for a few years.

The most important thing to keep in mind while buying a business PC is that business computing needs are often modest as compared to modern home-computing needs, which include resource-intensive applications for processing music and video. You don’t usually need the latest PC on the market business use.

For the last few years I have been buying new computers for my children and using their old computers for my business without any ill-effects. The biggest and the fastest is not necessarily the best fit for the job, after all.

The Need for Privacy Policy
Inspiring confidence in customers is not the only reason to have a privacy policy. Sometimes you are legally required to post a privacy policy on your Web site depending on the nature of your web site, the location of your server, or the location of visitors to your web site. If you are in the financial services or healthcare industry, there are specific regulations as to what your privacy policy should contain. Some states like California have specific requirements too. So the first step in developing your privacy policy is to find out legal requirements, if any, which may be applicable to your web site.

What Privacy Policies Contain
Your site’s privacy policy must contain information about:

• What information you collect on your web site
• How you store it online and offline
• How long you store it in your system
• What you do with the information
• Whether you share it associates and partners and why
• Whether you sell it to mailing list companies and under what circumstances
• How users can alter or remove their information from your database
• Whether users can opt out of their information being collected
• Whether you allow third parties, such as advertisers, to collect user information from your site
• What users can do if they find that your site is in violation of the stated privacy policy and the contact information of people responsible for resolving these issues

How to Generate and Post Privacy Policies
Unless you are lawyer, you may find it difficult to draft such a policy. It is a good idea to have a lawyer draft it, or at least look it over. But if you don’t want to hire one for whatever reason, you may want to look at the privacy policy generator on Direct Marketing Association’s web site. You can find it at http://www.the-dma.org/privacy/creating.shtml.

The generator asks you to provide some basic contact information and then answer a few multiple-choice questions about how user data is collected on your site and what you do with it. After you check the applicable options, the generator produces a privacy policy document in HTML which you can cut and paste on your site.

Once you create a privacy policy, make sure that your users can find it easily. People typically look for privacy policies in the About Us section, in the footer, on sign-up or login pages, and on shopping cart check out pages. Put a link to your privacy policy at these locations or pages.

Managing Changes to Privacy Policy
You can’t forget about the privacy policy once you create it. Web sites change over time and the changes may affect the privacy policy. Therefore, whenever you make a change to your web site, you must ensure that the change complies with your stated privacy policy. If it doesn’t, you must alter the policy and inform the users by prominently displaying a notice to that effect on the privacy policy page on your site. For example, let us say your privacy policy states that your site does not allow third parties to place cookies on the user’s computer. If you then want to hook up with an advertiser that sends down third party cookies, you must either reconsider the alliance or change your privacy policy.

Machine Readable Privacy Policies
If you think writing privacy policy is difficult, imagine how difficult it must be for users to read and understand privacy policies of scores of sites. To get around this problem the World Wide Web Consortium (W3C), the web’s standards body, decided to incorporate machine readable privacy policies into its standards. It came up with a specification called Platform for Privacy Preferences (P3P).

New browsers such as Internet Explorer 7 have built in support for P3P. You can click Web Page Privacy Policy … on IE 7′s View menu and a dialog box such as one in Figure 1 pops up.

Figure 1: Web Page Privacy Policy in IE 7

If you click the Summary button after selecting the site or one of the pages in the dialog box, a summary of the applicable privacy policy pops up in a new window, as shown in Figure 2.

Figure 2: Privacy Policy Summary

As you can see, this summary is a lot easier to read than a legal document with lots of hereinunders and thereinafters.

Generating P3P Documents
P3P documents are written in eXtensible Markup Language (XML). XML is even more tedious to write by hand than legalese. Fortunately, there are many editors which can generate P3P documents. Most of them require you to pay a fee, but a complimentary 90-day evaluation version one is available from IBM at http://www.alphaworks.ibm.com/tech/p3peditor.

A Web page at http://www.oreillynet.com/pub/a/network/excerpt/p3p/p3p.html?page=2 describes how P3P works and how to use IBM’s P3P editor to generate and deploy P3P policy documents.

If you don’t want to install software or try to understand the various P3P options, several paid P3P generators are available on the Web. You can look for them by typing "P3P generators" in Google.

A good, easy to understand privacy is key to reassuring visitors and customers that their information is in safe hands. Make sure your web site has one.

A quick visit over to his place revealed the problem: he had enabled Windows firewall, installed the entire McAfee security suite, had another anti-spyware program running just in case, had parental controls turned on, and had an assortment of pop-up blockers and anti-phishing toolbars. And he still wondered whether his computer was secure enough.

My friend is not alone. Almost everyone is paranoid about security these days. I know it’s a bad, bad world, but all these products and services with a prefix of anti are driving me crazy. Every year security suites add a couple of new "anti"s. I have three problems with this trend:

1. Security companies are cramming security suites with so many products that few people understand what they are installing. They are fuelling fears among users rather than making them feel secure. I saw an identity-theft protection feature in one security suite. On closer scrutiny, it turned out to be an offer for a credit-report monitoring service. Now what does a credit report have to do with security of your computer? People want to install security software to prevent bad things happening to their computers; not to their credit histories. At this rate, you will find security monitoring for your home and a donation to the Police Benefit Association bundled with 2009 version of security suites. 
2. There is so much overlap among applications that it is almost impossible to have only one of each "anti" on your computer. So people end up having many of each variety on a single computer. Take pop-up blockers for example. Everyone has more than one.
3. People think, erroneously, that two security suites are better than one and install them anyway. And after a while, they invariably end up being in my friend’s predicament.

Running multiple security suites on your computer may actually do more harm than good because one application may interfere with what another is doing. The right approach is to layer your security in order to eliminate threats at different levels.

Here is the approach I like to take. I like to think of my data to be surrounded by four concentric walls. To get to my data, an intruder would have to get past these walls one after another. If I can beef up security at each of the walls, I won’t need six security suites to protect my computer. Not only will I have a more secure environment, my computer will hum along quite nicely.

First Wall: The Network
At this level are:

1. A wired or wireless firewall router with Stateful Packet Inspection (SPI) capabilities. The router does three things:
   1. It checks every data-packet passing through it. Packets that originate on my network or are requested from my network are allowed to pass through. Others are discarded
   2. It hides IP addresses of my computers and makes them invisible to bad guys on the Internet. This is called Network Address Translation or NAT
   3. If utilizing a wireless connection, it secures Wireless access to my network with WiFi Protected Access (WPA) security protocol

When you buy a router, make sure it has these features.

2. Spam and virus filtering service for the e-mail server. This is to ensure that unwanted messages and harmful attachments are quarantined before reaching your network.

   Make sure you have turned on spam and virus filtering on your mail service. If your mail service doesn’t offer these features, move over to one that does.

Second Wall: The Computer
If something undesirable gets past the first wall, it has to deal with a software firewall, an anti-virus application, an anti-spyware application, and an application which protects from instant messenger and e-mail threats on the client side. It is easier to manage these applications in a single suite rather than buying them individually.

I like CheckPoint’s ZoneAlarm security suite because

1. Unlike McAfee’s and Symantec’s suites, it can be uninstalled cleanly and easily
2. It doesn’t grind your computer to a halt by hogging memory
3. You can turn off applications you don’t want

If you think McAfee’s or Symantec’s suite is better, don’t send me hate-mail. Go ahead and install your favorite suite. Just make sure that you:

1. Install only one suite
2. Disable Windows firewall (In my friend’s case, Windows put a bright red icon in the system tray insisting that he turn it on. So he did!)

Also make sure that Windows as well as your security suite receive patches and updates regularly.

Third Wall: The Communication Pipe
It is equally important to secure data traffic to and from your computer to protect it from bad guys who can peek into what goes over the wire with applications called sniffers. The best way to do so is to encrypt your communication.

You only need to encrypt important information such as bank account numbers, credit cards, social security numbers, and highly personal information. Typically you would use a browser for this purpose. Always use secured pages to transmit such data. You will know that pages are secure when your browser displays a little lock in the title or the status bar depending on its version. The address of the web pages will start with https:// instead of the usual http://. Check the certificate on the site to make sure the site is authentic.

If you use your browser to read e-mail, check whether your mail service lets you access it securely. If it does, access your mail securely whenever you can.

And watch out for phishing sites. The latest versions of browsers have anti-phishing features built in. If you are using an older browser, you will need to get a security suite which has phishing filters.

Turn on the pop-up blocker in your browser. You don’t need more than one. If you have one in your security suite, you may want to use that one. But I prefer the one in the browser because it is easier to turn on and off.

Fourth Wall: The Data Shield
If someone with a malicious intent manages to get past all the other barriers, you must prevent him from getting access to your data. The best way to do so is to encrypt critical it. You can either use built-in Windows features or use an application such as TrueCrypt. Make sure that you use a strong password to encrypt the data.

That’s all there really is to security. When you analyze the problem logically, you will have more confidence in the measures you have taken. You won’t be tempted to load up your computer with many different security suites.

 Not only will it save you money, it will also save you time and give you peace of mind.

What is a cookie?

A cookie is a small text file that a web site can put on your computer for storing information for specified amount of time, and sometimes even indefinitely (or at least until you get rid of it manually).

Web sites use cookies because, unlike desktop applications, they can’t "remember" information across pages. One web page can write information to a cookie, and another can read it before loading to give you an impression that the site indeed remembers your information.

Cookies can store innocuous information such as your color and font preferences, or highly personal information such as your credit card number. Therefore, browsers only allow web sites to access that they issued. A web site can’t access cookies issued by another web site.

Types of Cookies

Cookies come in several kinds:

Session Cookies
These cookies are sent back and forth between your browser and the web server on which the site you are currently viewing sits. These cookies are useful in storing information across web pages. For example, when you log in to a web site, your user ID may be stored in a session cookie so that you don’t have to identify yourself to the web server on every page. Or they may be used to store the items you have already added to your shopping cart until you decide to check out. Session cookies are generally harmless, and as you can see, even desirable.

Session cookies are alive only while you are connected to the web server that issued them. When the connection to the web server is broken, session cookies are lost. But remember that when you surf away from a web site, your session may not necessarily be over. You will have to close your browser to end the session.

Persistent Cookies
These cookies can be stored on your computer for extended periods of time. Persistent cookies have a timeout setting, which web site developers can set. A cookie can be made to stay on your computer for a period of time specified by that setting.

Persistent cookies are useful in many ways. Let’s say you visit an online store and add a few items to your shopping cart, but hesitate before checking out. By storing your items in persistent cookies, the site can allow you to quickly check out later, without having to add the items to the cart all over again. Another common example is the "Remember me" option for logging in to web sites. When you check the little box, your login credentials are stored in a cookie. The next time you go back to the log in page, your credentials are fetched from the cookie so that you don’t have to log in again. Web sites that use persistent cookies will generally specify how long they will store your information — the time out period – in their privacy policy.

First-party Cookies
First-party cookies are cookies that are sent to your computer by the web site you visit directly. If you point your browser at Amazon.com, and the site sends you a cookie, it is a first-party cookie.

Third-party Cookies
Third-party cookies are sent to your computer by a site you did not visit directly. Say you visit Amazon.com. Amazon may have sold advertising space on its site to a third party. The advertisements are pulled in dynamically when the page is loaded. In other words, the advertisement doesn’t come to your browser from Amazon.com; it comes from the advertiser’s site. The advertiser also may send a cookie to your computer, which becomes a third-party cookie.

Typically, only the web site that issues a cookie has access to it. This scheme of things makes sure that information you provide to one web site can’t be accessed by another. But if an advertiser advertises on several sites, its cookie can track your movements on all those sites. Well-meaning third-party cookie issuers will not use the information they store for insidious purposes behind your back, but the fact that it can be done at all, is the reason that makes third-party cookies dangerous.

Unsatisfactory Cookies
When something can be done from a technical point of view, it is only a matter of time before someone will do it even if it is ethically wrong. Naturally, you can expect at least some of the third-party cookies to breach your trust. Such cookies allow access to your private information behind your back.

Girl Scout Cookies
Girl Scout cookies are issued by little girls in brown vests….

Just kidding! Girl Scout cookies have nothing to do with your browser. They may clog your arteries, but they don’t compromise your personal information. Unsatisfactory and third-party cookies are the ones you have to be weary of, if you want to guard your personal information. You can do so by choosing the cookie settings in Internet Explorer wisely.

Setting Cookie Preferences in Internet Explorer 7 (IE)
Cookie preferences in IE are set on the privacy tab of Internet Options. To access them, pull down the Tools menu, choose Internet Options, and in the window that pops up, click on the Privacy Tab. A vertical slider control lets you set cookie preferences. As you slide the control down, the settings change from Block All Cookies at the top to Allow All Cookies at the bottom, and everything in-between. Now that you are compliant with all cookie buzzwords, you can read the description alongside the slider to make your selection.

You can further customize your settings by clicking on the Sites button just below the slider. In the windows that pops up, you can specify sites that you trust unconditionally by always allowing cookies from them and sites that you want to avoid like a plague by always blocking cookies from them.

When you choose settings by sliding the slider control, you accept the combination of cookie settings that each level specifies. If you are too picky, you may not like this automatic handling of cookies by IE. In that case, you can click on the adjacent Advanced button to choose the precise combination of various kinds of cookies to allow or disallow.

If after fiddling around with the settings, you find that you have landed yourself in a big mess, you can click the Default button to restore the settings to whatever they were when IE was installed on your computer.

Which Cookie Setting is Optimum?
There is no such thing as optimum cookie settings. If you block all cookies, you will probably have to limit your surfing to the original physics reports at CERN that the web was invented to share; almost all modern sites use cookies of some sort. If you accept all cookies, you may soon have imposters claiming to be you all around the world. Like many other aspects of the Internet, you have to strike a balance between safety and usability.

The Medium-high setting on the slider usually strikes a good balance. But you may need to adjust the settings depending on your specific needs.

It is a good idea to clear cookies periodically from the General tab of Internet Options by clicking on the Delete… button and then clicking on Delete Cookies… button in the window that pops up.

No cookie setting can protect you from all threats all by itself, but it is an important component of a defense-in-depth protection strategy that includes a firewall and all the "anti"s that I referred to at the beginning.

Choose e-mail service provider that filters spam on the server
If your ISP does not filter spam at the server level, it is time to give it a boot. If you don’t want to do so, for whatever reason, you should at least move your mail service to a service such as Windows Live Custom Domains or Google Apps which offer free custom domain mailboxes. If you don’t mind spending a few dollars every month, consider premium versions of these services. With premium versions, you can avoid viewing advertisements while viewing your mail.

Consider a third party spam and virus filtering service
Third party services such as Defender, many of which are based on MX Logic’s filtering technology, allow you to keep your existing mail service and still have your mail filtered for spam and viruses for a small monthly charge. These services are ideal if you your ISP provides you less than optimal service, but you still can’t or won’t move your mail.

Turn on junk-mail filter on your mail client
If your e-mail client has a junk-mail filter, turn it on. Then,

1. Whenever you receive spam in your mailbox add the sender to the blocked sender’s list.
2. Some mail clients like Outlook will allow you to block messages based on the top level domain extension. If you don’t expect to receive messages from Mongolia, Afghanistan, or Romania, for example, you can block those extensions out.
3. Mail clients like outlook also allow you to block messages based on encoding. Again, if you don’t expect messages in Arabic or Vietnamese, you can safely block them out

Turn off message acknowledgements if your e-mail client allows it
Many senders, often for no reason, request delivery receipts and read receipts for every message they send. E-mail is a pretty reliable medium of message delivery. Other than legal proof, the only purpose message acknowledgements serve is to acknowledge the active status of your mailbox. Turn the acknowledgements off.

Use Out of Office messages judiciously
While "I am out of office till such-and-such date. I will reply to your mail when I am back." messages are good for informing senders of your absence, they also notify spammers that your account is active.

Protect your e-mail address online

1. Don’t publish your e-mail address on your web site or post it in news groups. Bots that harvest e-mail by scraping web pages can find it and add it to mailing lists that spammers use. Provide a contact form on your web site it possible, which obviates the need to publish your e-mail address. If you can’t avoid publishing it, publish it as me**AT**mydomain.com or something similar instead of me@mydomain.com. People looking at your coded address can understand it and make the necessary changes to send you mail, but bots can’t harvest it.
2. Don’t sign up for newsletters or open accounts at sites you are not familiar with or don’t trust. If you must sign up, don’t forget to check (or uncheck, as the case may be) the box that prevents the site-owner from sharing your e-mail address or sending you mail that you haven’t specifically asked for.

Protect your e-mail address offline
Service providers such as your bank, insurance company, and utility companies send you a privacy policy statement every year. These statements are worded in such a way that the onus to opt out of receiving promotional e-mail from "partners" is on you. Be sure to check the opt-out boxes and mail the form back to them, or opt out over an automated phone line if you have the option of doing so.

Beware of "Unsubscribe" e-mails
"If you don’t wish to receive communication from us, please reply to this message with ‘Unsubscribe’ in the subject line" is common text you see on unwanted messages. Reply to such messages only if you know the sender. Such messages from unknown senders do little more than confirming to spammers that your mailbox is active.

And when some spam invariably slips through to your mail box…

1. Don’t open it. Especially if it has attachments.
2. Even if a message appears to be from someone you know but has attachments you are not expecting, don’t open it.
3. If you must open it, open it when you are offline. Doing so will prevent pixel tracking verification of your mailbox being active. Spammers, who employ pixel tracking verification, embed an image from their server into their message. When you open the message, your mail client will fetch the image from the server and the spammer will know that your account is active.
4. Don’t open messages that proclaim that "Your payment has been received" or "Your loan application has been approved" if you haven’t paid anyone or applied for a loan.
5. Whenever you receive a message with a link in it, especially if it appears to be from a legitimate sender such as PayPal or your bank, DON’T click on the link. Open a new browser window, and type in the URL of the entity in question. The link may just be a ploy to separate you from your private information.
6. Spam that manages to slip through the cracks despite all your precautions may contain viruses that could turn your computer into a sender of spam. You should have a second line of defense in the form of properly configured firewall and antivirus software.

Get Even
Lastly, don’t hesitate to report spam to the sender’s ISP, or free e-mail service providers such as Google, MSN, and AOL. It may not bring immediate results, but it will give you the satisfaction of doing your bit in combating spam.