|
|||||||||||
PREVIOUS PAGE • SUBSCRIBE TO THE NEWSLETTER • CLIENT LOGIN Security in a connected world1ST IN A SERIES OF 5 Are cable modem users more at risk than dial-up computger users? What about those who use DSL connections or who are on LANs? You may be surprised to know that dial-up users face the same risks as those with faster connections. Crackers don't target cable modems or DSL modems. They don't target T1 connections or LANs. They target Windows 98 or Red Hat Linux or BeOS. They're looking for an operating system that has known vulnerabilities that they can exploit, and every operating system has security problems. It's about exposure timeA cable or DSL connection is always on, so when the computer is on, it's connected to the Internet. Some dial-up users, and particularly those who share voice and data service on one phone line, connect only for a few minutes at a time - they send and receive e-mail, then log off. These users face a relatively low risk because their systems are exposed for such short periods. But if you're a dial-up user who connects to the Internet when you boot the computer and don't disconnect until you shut the system down, there is no difference in exposure between your dial-up connection and an "always-on" cable connection. Determine what's at riskThink about what it is you're protecting. The security appropriate for a machine that's primarily used for playing games and surfing the Web will be inappropriate for a corporate Web server that's used for on-line credit card transactions. Do you have financial data on your computer - information that you would prefer to keep away from crooks? You may have correspondence files dating back several years, family photographs, documents from the office, and the names and addresses of friends, family and co-workers. While these files may not contain trade secrets, you want to keep them private. The first line of defense is a good backup. If a cracker manages to destroy all the files on your computer, you can always re-install the operating system and the software, but you need a good backup system to restore the data files. In addition, a backup will also protect you from more mundane dangers such as fire, flood, or plain old disk failure. How can the cracker break in?Find out by connecting to Steve Gibson's www.GRC.com site and running an external audit of your computer. Once you see what a cracker could see, you can understand the threat. Gibson's service will let you know if you have file and print sharing (FPS) turned on for the Internet (this is a Windows issue). If FPS is on, you should immediately turn it off. FPS offers no advantages for Internet users while making your computer vulnerable to crackers, even less intelligent ones. Eliminate threatsMicrosoft designed file and print sharing (FPS) for a pre-Internet world. When the only people who could connect to your computer were located in the same office or house as your computer, FPS makes it easy to share resources. In today's connected world, it can be a disaster. Turn off FPS by opening the network control panel and removing the bindings between FPS and TCP/IP. If you have a home-based LAN that runs on another protocol (NetBEUI, for example) you can leave FPS bindings in place for that protocol. And if your computer is located behind a hardware firewall, you need not worry at all about FPS. Be sure that you've installed all of the security patches for your operating system. No operating system is perfect and every operating system has some security holes. As problems are found, operating system programmers develop patches to shield users from crackers. Ignoring security update patches makes your computer vulnerable to well-known problems. (Any "known" problem can be assumed to be "well known".) For similar reasons, it's essential that you update your antivirus software regularly - once a week is not too often to check for updates. If your antivirus software's definitions file is more than a few weeks old, you might as well not have it. Do you need a firewall?A firewall is designed to block traffic, inbound or outbound, that you don't want. The person who attempts to connect to port 21 (the file transfer protocol port) may not be malicious, but you can't assume good intentions. A good firewall will block access, tell you what happened, and let you decide. The most secure firewalls are hardware based, but a good software firewall can be more secure than some inadequately deigned hardware firewalls. Even if you have a hardware firewall, it can be supplemented by a software firewall that watches for outbound traffic and can let you know if a "spyware" program has found its way onto your system. The most popular softwar firewalls include those by Zone Labs (free for personal use), McAfee, and Symantec. Security depends on youYou probably heard about Microsoft's problem in October, when crackers broke in and gained access to the company's development system. As I was writing this report, Microsoft was still trying to figure out how large the security hole was. Did crackers have access for 5 weeks or was it just 12 days? Either way, it was too long because every antivirus program in the world has protected against Qaz (the trojan that breached Microsoft's security) for months. W32/Qaz was first seen in August. Qaz is a worm that also functions as a back door to infected systems, giving remote users control over the infected PC. It is network aware and spreads through shared resources over local area network. Qaz hides itself inside NOTEPAD.EXE and then allows the remote user to upload and execute programs. How did this happen at Microsoft? Human error. Somebody had to open an attachment that contained the trojan and that "somebody" was doubtless someone who should have understood the dangers. No matter how secure you make your computer, real security still depends on you. You can't depend on antivirus software to catch every new bug that somebody launches. Several days can elapse between the time the antivirus software companies first hear about a problem and when they identify the threat, find a solution for it, and make new definitions available for download. During those critical days (remember the "Love Letter" worm?) hundreds of thousands of computers can be infected. Rule number 1: Beware attachmentsNever open any e-mail attachments (except for those that you have verified to be plain ASCII text) from anyone until you've confirmed that the apparent sender intended to send you the file. This applies particularly to word processor files, database files, and spreadsheet files because most of these programs use Microsoft's Visual Basic for Applications (VBA) to provide "macro" capabilities. Unless you've downloaded an application file (exe, com, or dll) from the publisher's Web site or FTP site, delete it unopened. Period. With a little effort, I could send you an e-mail with an attached executable file and I could make it look like that file came from Microsoft. If I really wanted to test the receiver's gullibility, I could make it appear that the sender was Steve Ballmer. (Yes, if you inspected the headers, the ruse would be obvious, but how many people do that?) You wouldn't know what's inside that executable program that claimed to have come from Microsoft. This is why Microsoft never e-mails patches to anyone. Microsoft will tell you where to find a patch, but you must go to their Web site or FTP site and you must download the file yourself. So if you ever receive an attached executable file that claims to be from Microsoft, rest assured that it isn't. Program files can contain the "Back Orifice" installer and once that program is installed on your system, your computer is fair game for any cracker on the planet. Rule 2: Look it upThe Internet has no shortage of sites that deal with security. Here are some of the ones you can use to give yourself an advantage over the crackers and script kiddies that infest the planet. Http://www.GRC.com/ - Use the Shields Up section to check your computer's ports. Also see http://GRC.com/su-bondage.htm for information on your computer's "bindings" and how to make sure file and print sharing aren't bound to TCP/IP. Http://www.WebTrends.net/tools/security/scan.asp offers to run a security scan of your system that's similar to what Gibson Research runs. Instead of providing a real-time report, the WebTrends product runs the scan and then sends an e-mail with information about how you can view it. The site also allows you to download a free 30-day trial version of its Security Analyzer program. (Note that the program is only for Windows NT and Windows 2000. At $1500, it's also expensive!) Http://www.CableModem.com/ for information that's particularly useful to those who have high-speed broadband connections. Http://www.MooSoft.com/ - Just in case. Moosoft provides a trojan horse "cleaner" program that's designed to help you get rid of a trojan horse program if one infects your computer. Sites for spam fightersShould you be concerned about spam? Yes! There are two very good reasons: First, spammers steal Internet services and by increasing the load on servers, routers, and the Internet backbone, they force those of us who pay for service to pay more than we should. Second, the vast majority of spammers are promoting business "opportunities" that are questionable at best, and most are illegal. And third (if you need a third reason) many spamvertized Web sites are what are called "rogue" sites that entice you to take an action that will install a program such as Back Orifice on your computer. To help banish this scourge from the Internet, you need to know how to fight spammers. Http://www.SamSpade.com/ - Download the Sam Spade utility, a useful tool for more than just tracking down spammers. Http://www.Abuse.net/ - See information on how to report spam in a way that won't give your e-mail address to other spammers. Http://www.SpamCop.org/ makes reporting spam easy by analyzing headers of the spams you receive and automatically filing reports. This does require a subscription (about $10 per year), but you can use SpamCop for free if you don't mind filing your own reports. There's no need to be paranoid, but common sense and realistic caution are necessary to protect your computer and the data on the computer from those who have no purpose in life other than to cause trouble. |
|
William Blinn Communications - All Rights Reserved |
|||
 |
|
|
|