Internet commentary

Internet commentary

• •

  Our watchword is security [1]

Keywords: Internet, Security, Computers, HDIS circuits, Microvias

Internet security is a constant worry. Many times I have written on this subject, yet I have little doubt that I will be writing many times more, God willing. Of course, this has to be studied within the context of the installation; a large corporate network will be protected differently from a stand-alone home computer, but both do require protection to prevent problems.

Let us take a brief look at the different components of a system and the problems they may prevent, starting from where the signal enters the computer.

The first and most important component is the firewall. The function of this is to prevent outsiders from gaining access to the network or the computer. Up to a couple of years ago, this was hardly necessary for the small enterprise or individual but, today, everyone is liable to the attentions of a hacker. Even the smallest user would be upset if he found all his files had been "stolen", although he may not notice it until his data, such as a credit-card number, was being used for nefarious purposes. He would also be agitated if he found some files had disappeared. I would never dream of saying that an enterprise's confidential data had arrived at a competitor's company, but is it so far-fetched? Just to give you an idea, my own small network is iniquitously attacked at least a dozen times per day, according to my firewall's log. Not all of them are the result of hackers' activities; some may be due to automatic systems.

So how does a firewall work? With the TCP/IP protocol used for Internet working, each computer in an internal or external network has an address in the form of an IP number, to which can be added thousands of open ports. The object is to close off all the ports that are not actually required, so that they cannot be used, in either direction. The internal IP address for one's own computer is generally 127.0.0.1, by convention, and the port is mostly used for sending an e-mail, for example, is usually 110. The address to access a network for an outgoing message is therefore normally 127.0.0.1:110. This address is kept open by the firewall for the outgoing data only but is closed for the incoming data. For large and medium corporate networks, a dedicated hardware firewall is usually required. This is often an expensive piece of equipment and may be combined with a gateway, commonly a dedicated computer for routing messages to different internal and external networks or intranets. To use such an expensive item for the small business or home, the user is obviously out of the question and there are various software solutions that do the same thing directly on the computer used for Internet access. These may cost anything up to a few hundred dollars, depending on the functionality. There are some excellent free ones, such as the simplest form of ZoneAlarm, which can easily be downloaded from the Internet.

The next item is the anti-virus system. This is also essential and must be updated regularly. I use what is reputedly one of the best, Norton Anti-Virus which has the added advantage that it can be programmed to update itself automatically, whenever Norton sends out new protection, generally about once or twice a week. I have told the firewall, of course, to allow this to pass, coming from the special server. I have already spoken several times about virus protection and why it is essential for everybody. For corporate Intranets, I would recommend that every workstation be so doted with maximum protection and regular scanning. This would be much more reliable for capturing a problem at an early stage than a server-only system, the infected diskette or CD-ROM being still a possibility.

Thirdly, I recommend a dedicated spam filter. The best type I have found is the Bayesian statistical analyser. At a server level, it should be used only for spam and non-spam filtering. Initially, it would require the Network Administrator to "train" it, requiring an hour or two per day for the first few days after installation. At a workstation, individual or peer-to-peer networking level, the same type of software can be used, to advantage, for sorting e-mail into "buckets". I recently published a whole article devoted to this subject in our sister-journal, Soldering and Surface Mount Technology Vol. 15 No. 2 and, if you wish to know more, I suggest you may read all about it there. For UNIX and Linux systems (and especially for servers) there is a choice of several applications available, but there is also an open source version available for Windows, called POPFile, which I am using. This is the most reliable spam filter I know of, far better than e-mail client filtering of any type. I am running it with six wanted "buckets" and one spam "bucket" and it is currently sorting, automatically, all incoming e-mail with 99.53 per cent accuracy and I have not had a single non-spam message to go into the spam "bucket" since the last update, a couple of weeks ago. Of course, as I never fully trust computers, I check the contents of the spam bucket daily, before deleting the contents, en masse. This is a terrific time-saver, as well, because I no longer have to delete individual spam messages. In terms of security, it does offer a slight advantage because any messages with doubtful attachments or html images can be given a special treatment, so that it would be less likely for a brand new virus type to beat the latest update for your anti-virus system.

How safe is one equipped against spyware? Just as much as with political spying, it is possible to be paranoid, but this may be something to worry about in the not-too-distant future. In fact, spyware is not just one type of security breach; there are several. The commonest is the cookie. The original idea of the cookie is to store information on a user's hard disk about one's access to a Web site. For example, one legitimate use would be to store registration information about a forum access, so that there is no need to enter the user ID and password each time. Theoretically, only the Web site accessed should be able to read the information on a cookie, but this is not an inviolable rule and this is where the weakness lies. If a cookie has recorded, for example, your credit card number, even in encrypted form, then there is a potentially dangerous weakness. Web browsers can be set to stop all cookies, which may be a wise decision, although an operational pain or to ask permission before recording one. My advice is to use the latter and allow cookies only from reliably known sites that you are likely to visit regularly. If you cannot gain access to a site that you absolutely must visit, without recording one, then do so but remove it again manually from your hard disk, immediately afterwards, if you are worried. Browsers have this possibility. However, it does not stop at cookies. Any graphics you download and especially if you click on banner advertisements (hence the synonym "adware"), may be used to hide a small executable that can be downloaded on your computer. This can be used to send information on the contents of your hard disks and how you browse to the perpetrator or even to install a spyware programme, totally transparently. Unless, you have a spyware detector and remover, anyone who browses the Internet indiscriminately may well have several such files hidden within his operating system. Of course, it is unlikely that spyware would be installed from a reliable, known site, but beware of advertisements anywhere. However, "unlikely" is not a synonym of "impossible", especially if the site was conceived by an unscrupulous third party. Free software is also often "spywared", so be careful what you download for free. Some companies openly offer "spywared" and "unspywared" versions, with a difference of price. With a good firewall, you should theoretically fear nothing as the port for outgoing information should be closed, but it is possible to use shared open ports, so it is not absolutely safe. Even if you delete the application, the spyware system remains active on your system. Spyware should not be confused with its cousin, the Trojan Horse, which should be detectable as a virus.

I would like to quote a short extract from a Web site (http://www.CEXX.org/problem.htm) on this subject:

• •

  Spyware exists as an independent, executable program on your system, and has the capability to do anything any program can do... and monitor every aspect of your behaviour, "phoning home" from time to time to report... back to the spyware's author.... In short, spyware can spy on any aspect of your computer use, and is not limited in the ways Web sites are when it comes to gathering personal data....

If you feel concerned, I strongly recommend you to read the whole site where this is extracted from.

Now, how can you cure this problem? There are some free or paying softwares which claim to be able to detect and remove spyware applications on your computer. However, they do not come without a price. If you remove spyware that came with a freebie software, the software may no longer work or it may even block your Internet access altogether. There have been reports that they may stop the operating system itself from working. Dire as all this sounds, the problem has not yet reached endemic proportions. I have recently tested my Internet computer and found 44 instances of potential spyware. Of these, 42 were installed from a CD-ROM of an OEM version of a well-known software, supplied legally with my computer. The testing software reported zero use of it, and I assume that it was to monitor potential abuse of OEM software. One was a "real" cookie spyware that "arrived" a couple of years ago and had reported back four times, before I installed a firewall. The last one was initiated with an update of a browser video plug-in and monitored when it was used (which was rare), again before the firewall blocked it (I had allowed the firewall to communicate during the installation of the plug-in, but subsequently blocked it again).

OK, then what software is available to render your system secure? Table 1 may be of help for a Windows installation. I do not claim that this list is exhaustive. I have tried many of them and those that I have marked as "highly recommended" are the ones that I have found to perform as the makers claim and use myself on a daily basis. Note that in some Web sites mentioned, you can obtain more than one item, often at a reduced price for a bundle. The prices shown are approximate, but $140 is a small price to pay for the state-of-the-art security, allowing you to sleep at night, on both ears, knowing that your computer and data are safe from most forms of malicious activity. Of course, if you do not use Outlook or Outlook Express, all your correspondents’ computers will be safe, as well, should you happen to be unfortunate enough to be infected by a worm, unlikely though this would be if you follow my advice.

Table IInternet security software for Windows, suitable for individual and small or medium systems

One final word: if you are on a corporate network, install nothing without your system administrator's green light. You will already be protected by a firewall and possibly some other security devices. Adding more may cause more harm than good or even block the whole system and no one likes the sysadmin breathing holy fire down his neck, does he?.

For my review theme, let me return to high density interconnect structures (HDIS) and microvias. It must be at least a couple of years since I last looked at any aspect of these. A word of warning for those using a search engine on the Internet: do not try putting in HDI or HDIS as keywords. You will receive all sorts of answers from cars to health issues, but nothing related to printed circuitry!

http://www.ipc.org/

For our first visit, let us go to the ubiquitous IPC site. A little browsing takes us into the list server archives and, sure enough, there is an HDI forum. This was apparently started in June 2001. In 2 years, we can expect a lively discussion on this topical and technically challenging issue, don't you think? To my total surprise, one question has been asked, with half an answer, twice-offered (does this make a full answer?). Does this apparent lack of interest mean that HDIS technology is a solution waiting for a problem or is the technology so simple that questions need not to be asked? From my experience, neither, especially as some of the other forums receive some stupid questions on mature techniques, so why wouldn't this one? Let us dig deeper, now. I did a site search using "microvia" as a key word; ah, that is better, 72 responses but no 5 star ones. The single 4 star reply is entitled HDI and Microvia Technology, right up our alley. This page gives a four-paragraph summary of what it means, with no great technical detail. More important, it gives links to 26 technical papers presented at IPC conferences over the last years, published in PDF format. At last, some good information. I must say, though, that I think it is a pity that the file size is not shown beside each link, as some of them are quite big, involving several minutes download on a DUN connection. Anyway, this is a good source to find some useful information.

http://www.imaps.org/

As IMAPS' activity overlaps onto printed circuits, especially in HDIS technology, it would seem logical to see what this site offers, as well. From the home page, this idea appears optimistic. Some perseverance and a minute later, I found how to do a search. Yes, I know it is not obvious; try hovering on On-Line Resources and you will find the heading Search Engine. Enter "microvia OR HDI" and about 70 responses come up. As for the IPC, these are mostly PDF files of useful technical papers. Unlike the IPC, IMAPS do not have a forum on the subject, but if they had, I am fairly sure that it would not be better frequented, because none of those that do exist (10 subjects) have received a single post over the last year, coincidentally to the day of this writing. Pity!

At this point, I tried to find a forum or net list server devoted exclusively to discussing this kind of technology. I failed, except for the IPC one, mentioned earlier. Yes, there are many covering general printed circuit technology with the odd thread on HDIS, but nothing I could find devoted to this particular subject, not even in Yahoo groups, even though they have (at the time of writing) 9,187 groups under the heading of Industry alone. So let us have a look at a few other sites that can give us some technical information.

http://www.photomachining.com/via.html

This company offers a third-party microvia drilling services to PCB manufacturers. This page is interesting because it displays the wide range of equipment used to perform this service in different materials, including flexible substrates. The site is not very heavy on technical information. A word of warning, do not use the pull-down menu at the bottom of the page; it does not work! However, the ordinary menu in the left margin does work correctly.

http://www.dyconex.com/download/PAPER02.html

Dyconex in Zurich, Switzerland, have long been considered as one of the European pioneers of HDIS technology. However, they opted, over 10 years ago, for an unusual approach for making microvias, using plasma techniques instead of the more usual laser drilling. There are, no doubt, many advantages, certainly not without disadvantages as well, for this choice. This page offers a detailed explanation of the technique and the reasons for choosing it; it is well-worth reading, even if you prefer laser drilling.

http://www.circuitree.com/CDA/ArticleInformation/features/BNP__Features__Item/0,2 133,71146,00.html

This is an article comparing, in detail, the cost of microvias with conventional "semi- microvias" produced by high-end mechanical drilling machines. This concludes that laser-drilled microvias are considerably cheaper, despite a much higher capital cost for the equipment.

http://www.chipscalereview.com/issues/0399/miller1.htm

Are you seeking a comparative survey of microvia drilling techniques? This page is just that. Perhaps a little light on the technical details, but it does give information on where to find equipment, as well. It is not exhaustive, but who really wants to know more than the mainstream methods? The others have largely disappeared from the market, anyway, because either they were not competitive or they were too variable or unreliable for the general use.

www.uic.com/wcms/Images.nsf/(GraphicLib)/ hdi2001.pdf/$file/hdi2001.pdf

If you wish to know whether microvias are reliable and their failure mechanisms, this PDF file is worth reading, even though it is quite big. It must be noted that the test pieces were stressed only by liquid thermal shock, but four competitive types were tested. Interestingly, the failures were induced by different mechanisms for each, so that this may mean that it would be difficult to extrapolate it, except in the most general sense, to manufacturers beyond the anonymous "Vendors 1 to 4". Notwithstanding, it does give one something to look for when qualifying a potential supplier.

There is one point I would like to make, to end this review. There are a very few ECAD sites where specific mention is made of microvia technology. It seems obvious that designing an HDIS board is an essential part of the engineering process towards using them, yet why do so few ECAD system authors not say anything about the subject? Obviously, it requires a system with a resolution of, say, 10 or more times the smallest feature size and many systems do have a resolution of 0.0001 in. or 2.5 m or better. It also requires a system that allows different pad sizes in the stack and blind holes, but again, these features may be available in many software packages. It may also require special spur sizes and the ability to use microvia-in-pad sizes, especially for chip-scale packages and, possibly the ability to mix these. But how many systems allow all of these with economic routing? I venture to say not all of them, by a long chalk. It is a far cry from being able to design even the most sophisticated multilayer boards, especially if blind vias drop farther than a single layer, until a stop pad is encountered. This requires more sophisticated laser drill control than the average package allows. It would seem from my brief Internet study of the subject that the German-speaking world may be more aware of these problems than the Anglophones, judging from the number of Web sites tackling these problems.

Brian EllisCyprusb_ellis@protonique.com

Note1 Attributed to William Pitt, the Elder, Earl of Chatham.