PREVIOUS PAGE • SUBSCRIBE TO THE NEWSLETTER • CLIENT LOGIN
Security in a connected world
1ST IN A SERIES OF 5
Are cable modem users more at risk than dial-up computger users? What about
those who use DSL connections or who are on LANs? You may be surprised to know
that dial-up users face the same risks as those with faster connections.
Crackers don't target cable modems or DSL modems. They don't target T1 connections
or LANs. They target Windows 98 or Red Hat Linux or BeOS. They're looking for
an operating system that has known vulnerabilities that they can exploit,
and every operating system has security problems.
It's about exposure time
A cable or DSL connection is always on, so when the computer is on, it's connected
to the Internet. Some dial-up users, and particularly those who share voice
and data service on one phone line, connect only for a few minutes at a time
- they send and receive e-mail, then log off. These users face a relatively
low risk because their systems are exposed for such short periods.
But if you're a dial-up user who connects to the Internet when you boot the
computer and don't disconnect until you shut the system down, there is no difference
in exposure between your dial-up connection and an "always-on" cable
connection.
Determine what's at risk
Think about what it is you're protecting. The security appropriate for a machine
that's primarily used for playing games and surfing the Web will be inappropriate
for a corporate Web server that's used for on-line credit card transactions.
Do you have financial data on your computer - information that you would prefer
to keep away from crooks? You may have correspondence files dating back several
years, family photographs, documents from the office, and the names and addresses
of friends, family and co-workers. While these files may not contain trade secrets,
you want to keep them private.
The first line of defense is a good backup. If a cracker manages to destroy
all the files on your computer, you can always re-install the operating system
and the software, but you need a good backup system to restore the data files.
In addition, a backup will also protect you from more mundane dangers such as
fire, flood, or plain old disk failure.
How can the cracker break in?
Find out by connecting to Steve Gibson's www.GRC.com site and running an external
audit of your computer. Once you see what a cracker could see, you can understand
the threat.
Gibson's service will let you know if you have file and print sharing (FPS)
turned on for the Internet (this is a Windows issue). If FPS is on, you should
immediately turn it off. FPS offers no advantages for Internet users while making
your computer vulnerable to crackers, even less intelligent ones.
Eliminate threats
Microsoft designed file and print sharing (FPS) for a pre-Internet world. When
the only people who could connect to your computer were located in the same
office or house as your computer, FPS makes it easy to share resources. In today's
connected world, it can be a disaster.
Turn off FPS by opening the network control panel and removing the bindings
between FPS and TCP/IP. If you have a home-based LAN that runs on another protocol
(NetBEUI, for example) you can leave FPS bindings in place for that protocol.
And if your computer is located behind a hardware firewall, you need not worry
at all about FPS.
Be sure that you've installed all of the security patches for your operating
system. No operating system is perfect and every operating system has some security
holes. As problems are found, operating system programmers develop patches to
shield users from crackers. Ignoring security update patches makes your computer
vulnerable to well-known problems. (Any "known" problem can be assumed
to be "well known".)
For similar reasons, it's essential that you update your antivirus software
regularly - once a week is not too often to check for updates. If your antivirus
software's definitions file is more than a few weeks old, you might as well
not have it.
Do you need a firewall?
A firewall is designed to block traffic, inbound or outbound, that
you don't want. The person who attempts to connect to port 21 (the file
transfer protocol port) may not be malicious, but you can't assume good intentions.
A good firewall will block access, tell you what happened, and let you
decide.
The most secure firewalls are hardware based, but a good software firewall
can be more secure than some inadequately deigned hardware firewalls. Even if
you have a hardware firewall, it can be supplemented by a software firewall
that watches for outbound traffic and can let you know if a "spyware"
program has found its way onto your system.
The most popular softwar firewalls include those by Zone Labs (free for personal
use), McAfee, and Symantec.
Security depends on you
You probably heard about Microsoft's problem in October, when crackers broke
in and gained access to the company's development system.
As I was writing this report, Microsoft was still trying to figure out how
large the security hole was. Did crackers have access for 5 weeks or was it
just 12 days? Either way, it was too long because every antivirus program in
the world has protected against Qaz (the trojan that breached Microsoft's security)
for months. W32/Qaz was first seen in August.
Qaz is a worm that also functions as a back door to infected systems, giving
remote users control over the infected PC. It is network aware and spreads through
shared resources over local area network. Qaz hides itself inside NOTEPAD.EXE
and then allows the remote user to upload and execute programs.
How did this happen at Microsoft? Human error. Somebody had to open an attachment
that contained the trojan and that "somebody" was doubtless someone
who should have understood the dangers.
No matter how secure you make your computer, real security still depends
on you. You can't depend on antivirus software to catch every new bug that
somebody launches. Several days can elapse between the time the antivirus software
companies first hear about a problem and when they identify the threat, find
a solution for it, and make new definitions available for download.
During those critical days (remember the "Love Letter" worm?) hundreds
of thousands of computers can be infected.
Rule number 1: Beware attachments
Never open any e-mail attachments (except for those that you have verified
to be plain ASCII text) from anyone until you've confirmed that the apparent
sender intended to send you the file. This applies particularly to word
processor files, database files, and spreadsheet files because most of these
programs use Microsoft's Visual Basic for Applications (VBA) to provide "macro"
capabilities.
Unless you've downloaded an application file (exe, com, or dll) from the publisher's
Web site or FTP site, delete it unopened. Period. With a little effort, I could
send you an e-mail with an attached executable file and I could make it look
like that file came from Microsoft. If I really wanted to test the receiver's
gullibility, I could make it appear that the sender was Steve Ballmer.
(Yes, if you inspected the headers, the ruse would be obvious, but how many
people do that?)
You wouldn't know what's inside that executable program that claimed to have
come from Microsoft. This is why Microsoft never e-mails patches to anyone.
Microsoft will tell you where to find a patch, but you must go to their Web
site or FTP site and you must download the file yourself. So if you ever receive
an attached executable file that claims to be from Microsoft, rest assured that
it isn't.
Program files can contain the "Back Orifice" installer and once that
program is installed on your system, your computer is fair game for any cracker
on the planet.
Rule 2: Look it up
The Internet has no shortage of sites that deal with security. Here are some
of the ones you can use to give yourself an advantage over the crackers and
script kiddies that infest the planet.
Http://www.GRC.com/ - Use the Shields Up
section to check your computer's ports. Also see http://GRC.com/su-bondage.htm
for information on your computer's "bindings" and how to make sure
file and print sharing aren't bound to TCP/IP.
Http://www.WebTrends.net/tools/security/scan.asp
offers to run a security scan of your system that's similar to what Gibson Research
runs. Instead of providing a real-time report, the WebTrends product runs the
scan and then sends an e-mail with information about how you can view it. The
site also allows you to download a free 30-day trial version of its Security
Analyzer program. (Note that the program is only for Windows NT and Windows
2000. At $1500, it's also expensive!)
Http://www.CableModem.com/ for information
that's particularly useful to those who have high-speed broadband connections.
Http://www.MooSoft.com/ - Just in case.
Moosoft provides a trojan horse "cleaner" program that's designed
to help you get rid of a trojan horse program if one infects your computer.
Sites for spam fighters
Should you be concerned about spam? Yes! There are two very good reasons: First,
spammers steal Internet services and by increasing the load on servers,
routers, and the Internet backbone, they force those of us who pay for service
to pay more than we should. Second, the vast majority of spammers are promoting
business "opportunities" that are questionable at best, and most are
illegal.
And third (if you need a third reason) many spamvertized Web sites are what
are called "rogue" sites that entice you to take an action that will
install a program such as Back Orifice on your computer.
To help banish this scourge from the Internet, you need to know how to fight
spammers.
Http://www.SamSpade.com/ - Download
the Sam Spade utility, a useful tool for more than just tracking down spammers.
Http://www.Abuse.net/ - See information
on how to report spam in a way that won't give your e-mail address to other
spammers.
Http://www.SpamCop.org/ makes reporting
spam easy by analyzing headers of the spams you receive and automatically filing
reports. This does require a subscription (about $10 per year), but you can
use SpamCop for free if you don't mind filing your own reports.
There's no need to be paranoid, but common sense and realistic caution are
necessary to protect your computer and the data on the computer from those who
have no purpose in life other than to cause trouble.
|