USA India
Home Articles UserTV Press Releases Dictionary Books Education Careers B-Channels Resources Forums Blogs Classifieds
Monday 1 Dec, 2008 Register Login
 
 
 
 Magazine >>
2000-01-25 00:00:00
Prying Eyes
Is your always-on connection safe?
Posted by : Jim Aspinwall

Speed is good. That's the subliminal message that we're fed every day. Fast cars, fast careers, and of course, fast Internet connections. If you've worked at a company with an Ethernet local area network (LAN), or better yet, a T1 connection to the Internet, you've come to appreciate speed. Files transfer in a blink, Web pages (Internet traffic willing) snap onto the screen, and downloads beam onto your hard disk like magic.

So why not bring some of that magic home--or to that small business you recently started that's going to make you the next Bill Gates? You can, thanks to the wonders of Digital Subscriber Lines (DSL) or Internet access via that thick black coaxial cable that normally delivers TV to your home. Both technologies promise T1-like speeds for a fraction of the cost. (Well, OK--maybe you'll get 384K instead of 1.5Mbps download speeds, but that's still way faster than a dial-up or an ISDN line.)

But just like having a PC turns you into an IS manager (I mean, do you reinstall the engine in your car every three months?), having a T1-type line brings with it new responsibilities and risks. Like T1, DSL and cable connections are "always on." Even if your browser or e-mail program aren't loaded, your PC is connected to the Net. That means you have a permanent online presence, so to speak, one that makes it easier for hackers, crackers, and other bad guys to find your PC and wreak havoc. We're talking about computer attacks such as someone remotely crashing your PC; copying your data files; running applications (like Quicken, with all your personal financial information revealed); filching e-mail addresses, passwords, or credit card numbers; or just downloading a destructive virus.

In an office network setting, you typically have IS folk protecting that T1 connection with all manner of hardware and software--virus scanners, firewalls that thwart all kinds of attacks, and routers that can filter out certain requests. But home- and small-office users with DSL or cable don't typically think about such protections. Nor do ISPs or cable and DSL vendors, which are reaping the profits from the high-speed access boom, make much noise about security concerns.

They should. Although statistics on DSL and cable security breaches are hard to come by, experienced users we've surveyed (and that includes yours truly), report that their PCs have been repeatedly probed, scanned, and hacked. ISPs (and the DSL services they bundle) haven't helped matters much. The standard DSL modem (or the router, if you're running a small LAN) included with your account typically lacks any kind of security features. Surf over to the provider Web sites and chances are you won't hear a peep about security issues, much less learn about hardware or software you can buy to deter hackers.

Connection Basics

When you connect to the Internet with a standard modem, you're one of millions of relatively anonymous dial-up customers accessing the Net via thousands of ISPs around the world. Your PC's hostname and IP address are temporarily issued more or less at random, and they remain yours only as long as you're online. No one can anticipate when you'll be online or easily track down your system, and when you log off, you're truly off the Net. By its very random-cum-anonymous nature, traditional dial-up offers a degree of security.

With always-on DSL and cable, you have a fixed IP address and host name--your electronic door is always open. Because your PC is always connected to the Internet, you are in the same realm as every Web and e-mail server on the planet--as well as with every hacker, cracker, "script-kiddie," virus author, and network prankster. The difference is that commercial sites are (usually) built from the ground up with security in mind. The site is protected behind a few routers and probably a dedicated firewall, and it is monitored 24/7 by a staff of network professionals. Chances are your always-on connection is funneled through a DSL or cable modem that offers little or no protection to the computers connected to it.

Whether you like it or not, your PC has just become another vulnerable host on the Internet. According to Steve Gibson of Gibson Research, "When you are connected to the Internet, the Internet is also connected to you."

So let's explore the size of the problem, the risks you really face, and how you can decrease them.

How Big Is the Problem?

No one knows. Or rather, no one is telling. Corporations are reluctant to reveal if their networks or e-commerce sites have been compromised, for fear of driving away customers and watching their stock prices plummet. ISPs are just as obdurate--security failures could affect the businesses they serve. If an ISP makes a lot of noise about security, that's probably because it serves government agencies or large corporate clients. Individual users and small companies typically don't get much attention.

But you can get a taste of how big an issue online security is by taking a peek at a study conducted by ICSA and Global Integrity Corporation (www.infosecuritymag.com/july99/cover.htm) with 745 corporate executives. Nearly 92 percent indicated an increase in the number of unauthorized network "incidents" from 1998 to 1999, at a cost (according to 12 percent of the execs) of nearly $23.3 million. Their biggest reported concerns were hackers, malicious code, and vulnerable remote network access systems.

You may not be as big a target--after all, commercial sites may store thousands of credit card numbers, while your DSL- or cable-connected PC only holds a handful. But even a single attack can be devastating. For example, my personal Web site was recently hacked and "defaced;" in another case, my always-on wireless T1 connection allowed a hacker to sneak into my network and crash my mail server. And I work in this business!

But what's worse are attacks you're not even aware of. That's because most desktop operating systems aren't equipped to detect and prevent these attacks. Instead, you chock up a bad Internet experience as a fluke, a bad modem, an unreliable ISP, maybe a virus, or just a bug in Windows.

While I'm not an alarmist, consider the object lesson of CDUniverse.com. A Russian hacker apparently broke into the commercial music site, and grab bed thousands of customer names, addresses, and credit card numbers, and then posted a few to the site's owner to show he had them. If a typical NT-based e-commerce site can be hacked, your once anonymous and seemingly safe home PC doesn't stand a chance--unless you prepare.

The problem is serious enough that President Clinton has released a National Plan for Information Systems Protection that assesses the vulnerability of mid-to-high end business and governmental systems to cyber terrorism and makes recommendations for security measures to be put in place by the end of the year. The plan would also cover ISPs, and hence, home- and small-business users. (You can see a draft of the plan at www.cdt.org/policy/terrorism/fidnet/toc.shtml.)

Who's After You?

Is Joe or Josephine Hacker a 15-year-old kid with too much free time? It's hard to say, but the security experts I've talked to place the culprits in three camps.

First are thrill-seeking kids who use readily available port scanners and packet- flooding toys. These recreational hackers may just want to knock your kid off the Net to get first in line for a network game--the Internet equivalent of the neighborhood bully. I've tried a few of these scanners on unprotected Windows 95 systems and they work--it's easy to find a port, get in, and crash the system. (PCs running Windows 95 or 98, with the appropriate security patches, aren't vulnerable to this basic attack.) Commercial sites and corporate networks have little to worry about from these prank attacks, but you might.

Next are the system crackers or script-kiddies, who want to see what they can get away with, such as defacing a Web site. These folks exploit weaknesses in Web software, CGI scripts, or server operating systems that haven't been secured. (Even I was a victim: one of my Web pages was replaced by a prankster claiming to be from some cyber group in Russia.) What kind of damage can they do? Depending upon their skills, they could steal your network password, disable your Web site's SSL protection (and muck with visitors to your site), crash your system, use a malicious ActiveX control to send virus-laden e-mail to everyone in your Outlook address book, look at your network files, and more.

Finally, there are serious--and sophisticated--cyber criminals who are after corporate or government information. According to Jim Southworth, director of Advanced Network Services and Technologies at Concentric Net work Corporation, you rarely hear about these hackers, but their attempts to infiltrate banking, credit card, and government sites, while fairly common, are seldom successful.

Which is why they may turn to your humble PC or small network. Although a large commerce site offers greater treasures, your PC still has credit card data, Social Security numbers, and other goodies for the taking. And unlike a corporate site, you may not even know you've been raided.

The Risks

Remember that always on is just that--turn on your PC and you're on the Net. (Turn it off, of course, and no one can hack you.) Remember, too, that many of the security problems noted below apply to non-DSL and non-cable users. The most common threat is still getting a virus sent via e-mail, which you can nip in the bud by running an up-to-date virus scanner (including its memory resident module, which can catch viruses as they're downloaded). Worried about a hacker getting into your PC and stealing files? At the very least, get a program that encrypts key files.

Fortunately, many solutions only require common sense, simple reconfiguration of your system or network, or readily available software or hardware.

• You're on the Internet--Get Off!

An always-on connection doesn't always have to be on. Leaving your DSL or cable modem on and connected is fine if your PC is turned off--a hacker can't extract much from a DSL modem. (Well--DSL modems do have mini-operating systems in their Flash memory, which could be altered.) If you use your computer a lot, but you don't want to be always online, simply turn off your DSL modem. (The modems typically lack an on/off switch; just plug it into a power strip and turn that off.) Since the DSL modem more or less functions like a network card on a LAN--not like a T1 line--turning it off shouldn't cause any problems. For example, ISP FirstWorld (which offers DSL service from PacBell and Covad) confirms that turning off the DSL modem is fine. Note: check with your ISP/DSL provider, just to be sure. In some situations, turning off your DSL modem (as opposed to disconnecting it from your PC) will trigger a line down problem with your provider. Turning the DSL modem back on might change the IP address the provider uses; older modems that store configuration data in volatile memory might require a service visit to be properly reconfigured.

• Weaknesses in Windows

The biggest products are the biggest targets for hackers, and that means Windows, Internet Explorer, and Outlook. Microsoft, of course, made things worse by integrating browser functionality and Internet communications into the operating system--a setup that hackers are more than happy to exploit.

Internet Explorer is target number one because of its ActiveX enhancements and Java support. Since IE can execute ActiveX programs contained in Web pages, hackers have figured out different ways to download and execute programs on your PC that can do all kinds of damage. Microsoft keeps issuing one security patch after another, but the hackers always seem to be a step ahead.

What can a Net villain do via Explorer, Windows, or Outlook? Strolling through Microsoft's security pages is instructive. A dedicated hacker (or unscrupulous Web site operator) could disable your SSL feature, which makes it easier for him to filch your credit card data from a transaction; steal your passwords; run nasty ActiveX programs on your system; read files on your PC or intranet; redirect your browser to a bogus Web site where you might divulge your credit card number; crash your system; copy your files; or bypass your security settings in IE.

Note: If you are running Windows 95 you're extremely vulnerable to a denial-of-service attack called "packet flooding," where someone floods your PC with useless data and shuts down your connection (and even your system).

What to do: For Windows 98, run the Windows Update feature and download and install all the security patches. These are also available at www.microsoft.com/windows98/downloads/corporate.asp. Windows 98 SE includes some of these patches but not all of them, so do likewise. Windows 95 users should also get every security patch they can at www.microsoft.com/windows95/downloads. While you're at it, fetch and install any year 2000 updates.

• Don't Share the Wealth

When Microsoft was designing Windows 95, 98, and NT, it made a dumb mistake--it let users link Windows' file and print sharing (via Windows Net working and NetBIOS features) to an Internet connection. NetBIOS is only for accessing local resources, such as files on your hard disk and printers on your LAN. Combining file and print sharing services with the TCP/IP protocol is like almost begging someone on the Internet to hack into your PC and take your stuff.

For example, if you're connected to the Net via cable, it's easy to see what's on other connected PCs in your neighborhood if file and print sharing is left on. Wonder how secure your cable connection is? Ask a similarly connected neighbor to use the same Windows Work group name as you. To create the same workgroup name, right-click the Network Neighborhood, select Properties, click the Identification tab and enter the same name in the Workgroup box. Close the dialog and restart both systems. When you're back up, double-click the Network Neighborhood and if you can "see" your neighbor's computer, get protection for your PC.

Windows should force anyone using Windows Networking to install and use NetBEUI instead of NetBIOS, because Net BEUI can't be "seen" over the Internet. It's perhaps the safest way to use Windows Networking locally while enjoying the Internet via TCP/IP globally. Alas, Windows doesn't do this, so you'll have to reconfigure your network and any PCs on it.

The lengthy steps to correct this problem--and a very lucid explanation of the vulnerability of any TCP/IP connection--are extremely well documented on the Gibson Research site at grc.com/su-fixit.htm. Follow the steps and Windows Networking will also run faster!

The man behind the company, ace PC guru Steve Gibson, has done an excellent job of not only explaining, but also actively demonstrating, how exposed any computer using TCP/IP connectivity and Windows Networking can be. Go to www.grc.com, select Shields UP, and then Probe My Ports. Gibson's site can scan your PC's TCP/IP "ports," tell you which are available for connections, and how vulnerable they are to attack. (These ports are tunnels that TCP/IP lets data pass through; different ports are assigned for e-mail transmissions, FTP, and so on.) More than 869,000 users have checked their security at the site in the past three months. Security, it seems, is on a lot of people's minds.

If you don't heed Gibson's recommendations--you should have a router with filtering capabilities, a proxy server, or an NAT device that can hide your network from the Internet--you should still seek protection from appropriate software or hardware tools (more on these below).

• Software Off!

When you're surfing online or sending e-mail, you may have more than just these apps up and running. Any number of programs that also connect to the Internet--such as video streaming tools, chat programs, and the like--may be running in the background, unbeknownst to you. And these can be potential entryways for hackers.

Now granted, there have been few public reports of hackers exploiting the likes of Symantec's pcAnywhere, Mirabilis' ICQ, AOL's Instant Messenger, or active update services such as Norton's LiveUpdate or Windows' Critical Update Manager. But the potential is still there. Microsoft, after all, tapped into AOL's Instant Messenger service so that MSN users could swap messages with AIM users. My advice: Dump these utilities out of memory and only load them when you need them.

If you want to know which applications connect to the Internet, check out ZoneAlarm from www.zonelabs.com. This little gem flags you anytime a Net-savvy application on your PC tries to make a connection. You can choose to stop the program or let it continue.

You also leave yourself open if you run Microsoft's Personal Web Server or similar FTP or Telnet host products that allow others to connect to your system. If you must have a personal Web page, host it on one of the many free or cheap services rather than on your home system.

• Shop Smart

This isn't strictly a DSL/cable kind of issue--and it's one that we'll deal with in a future issue--but shopping online carries related risks. The two biggest: Someone can violate your privacy by gathering information about where you shop and what you buy (the dream of e-commerce marketers); and credit card and other information you've disclosed to a legitimate merchant could be stolen--as it was from the CDUniverse.com site.

At the very least, make sure the vendor has obtained a privacy and security endorsement from a recognized third party such as BBB Online or TRUSTe. That should mean the vendor is not gathering information, or if they are, they're not abusing it. They should also let you opt out of any data-gathering process.

Naturally, you should avoid shopping at suspect sites, and don't volunteer information by filling out surveys and such, unless usage policies are clearly stated--and you agree with them. Under absolutely no circumstances should you buy anything from a site that doesn't use Secure Sockets Layer (SSL) authentication and encryption between your browser and their Web site. You can tell if SSL is active by the little closed padlock in your browser's window. No lock, no bucks!

Just remember that an SSL connection only ensures your data is safe en route to a known server. As data is passed around to the retailer's other servers and networks, it may indeed be vulnerable.

• Hot Java, Cold News

As noted earlier, Internet Explorer's unique ability to use ActiveX opens a door to all sorts of hacking. If you use IE, keep abreast of relevant Microsoft news and use Windows Update so you don't miss a critical security patch. If you're really paranoid, turn off ActiveX by selecting Tools•Internet Options, click the Security tab, click the Custom Level button, and disable all the ActiveX entries.

But ActiveX isn't the only door into your system--Java and JavaScript are, too. Navigator users can turn off Java and JavaScript by selecting Edit•Preferences, clicking the Advanced branch, and unchecking a few boxes. While you're here, you should also check the Accept only cookies sent back to the originating server box, so that a cookie created for one site can't be read by another.

IE users can't turn off Java or Java Script, but they do have general security and content control. Select Tools•Internet Options, and click the Security tab. The medium setting is adequate for most browsing activity, but use high if you want to be protected from the unknown. Under the Content tab you can build a list of acceptable and unacceptable sites.

• Check Those Attachments!

The number one security threat, no matter how you get online, is viruses hiding in e-mail attachments. And with every passing day, new applications and file types are being targeted.

If you use Outlook Express or Outlook, turn off the mail preview feature. This feature, which automatically opens e-mail for you, can also launch a hidden virus. With it off you can scan message headers and delete any suspicious e-mail (especially those from unknown correspondents sending you attachments). Disabling mail preview also prevents you from unintentionally activating "spam pixel" attacks, where someone tucks a tiny script into an attached Web page that can grab and send your e-mail address to another site.

The best first-level defense, of course, is a virus scanner, such as Norton AntiVirus or McAfee VirusScan. Make sure you've got the latest version of the program, and update the virus definitions weekly--sooner, if you hear any news alerts about new threats.

For more comprehensive protection, get a free copy of eSafe Protect Desktop at www.esafe.com. This program provides virus protection; scrutinizes ActiveX, Java, and Javascript activity; and provides a bit of network traffic filtering and network access controls.

• Check Those Attachments, Part II

One of the most significant threats to your system can be hidden remote control programs, known as Trojan horses, such as the infamous BackOrifice. The BackOrifice client program can be installed quietly on your PC just like a virus. Once in place, anyone with a BackOrifice control program can take control of your PC and watch everything you do, run applications, restart your system, view and copy files, and display screen passwords. The solution: Let an antivirus program scrutinize everything that comes and goes from your system, and don't view unknown e-mail.

• Get NAT

Are you sharing the same Internet connection on your home- or small-office network? Get NAT--network address translation. This function converts visible IP addresses and routing provided by your ISP into invisible non-routed IP addresses that can't be seen on the Internet. Yet you can still surf the Web, send and receive e-mail, and perform other tasks without change.

You can implement NAT using such programs as WinGate (www.wingate.com) and WinProxy (www.ositis.com) on the PC that connects your network to the Internet. This gateway PC must have two network cards and be reconfigured to act as a combined router, firewall, and proxy server. Setup is tricky and you can't use the PC for anything else, but it's workable. If you'd rather not dedicate a PC to NAT or wrestle with configurations, $369 will buy you Umax's UGate-3000--a small-office firewall that also provides NAT service. (See the "Do Personal Security Products Work?" table for more.)

Just remember that with NAT enabled, you can't run a Web, FTP, or mail server on your side of the DSL connection. But then again, you really shouldn't and with NAT in place, it's very hard for anyone to attack your PCs.

• Can Your ISP Help?

Not really. ISPs (and DSL providers) are carriers, like the phone company, dealing with thousands (or millions) of customers. And like the phone company, it can't help you much with crank calls. Since ISPs don't know what each of its thousands of users want to do on the Internet, ISPs aren't in the business of restricting traffic or telling which IP ports are available. If you want to restrict specific traffic coming into your network, it's up to you to provide the equipment or software and select the type of protection you want. The Internet, like a highway, is wide open--it's pure freedom, but bad things can happen.

Protect That Network

What you use your PC for--either sharing a single fast Internet connection or just enjoying one connection all by yourself--makes a difference in your PC and network setup.

Configuring a home- or small-office network can be done easily. But one slip, one missed check box, and your systems are open to hackers. Every network setup varies, but the following tips should help ensure a safe and secure always-on networking experience.

If you don't need to share files with other PCs, don't install or configure Windows Networking's file and print sharing features. If you do--and any of your neighbors on the same cable system forgot to change the default workgroup name (Workgroup), you could see and access each other's PCs. That's because everyone with cable access on your block is essentially part of the same network.

If you must share files and printers with other PCs on a local network, as well as access the Internet, follow the steps on Steve Gibson's Web site to reconfigure Windows Networking to use NetBEUI. Also, share only a few folders rather than your entire disk drive. Only place files in these folders that must be shared among systems. Keep sensitive files in non-shared folders. And don't store applications in these folders--your system will be more vulnerable to viruses transmitted by other systems.

Not sure if file and print sharing are on? If there's no Network Neighborhood icon on your Windows desktop, Windows Networking is definitely not there. If there's a little blue hand holding up your disk drive icon in My Computer, Windows Networking--and file and print sharing--are active and you have given shared access to the drive. To see who or how, right-click the drive icon and click Sharing. Another way? Open the Network control panel; if the dialog box lists Windows Networking, it's installed and file and print sharing are on.

Rename your Windows workgroup. Treat this name like a password. It should be something less obvious than "Bill's Computers." Use between six and eight characters, mixing letters and numbers, that have no resemblance to anything people already know about you (like your home address or favorite wines).

Use "net 10" (private IP) style addressing for all the PCs on your network; use a proxy server or NAT to connect the networked systems to the Internet. "Net 10" address groups, which begin at 10.0.0.0 and run all the way up to 10.255.255.255, are not routable across the Internet and thus can't be "seen" by outsiders. No two systems can have the same address, and all systems should have the same subnet mask, 255.255.255.0.

Use proxy server software. A proxy server hides computers on your local network from the Internet while representing them in communications with the Internet. The proxy intercepts requests for Internet connections from PCs on your LAN and makes it seem as if each request is coming from just one system. The proxy distributes the returning data to the requesting systems. A proxy hides your network's structure and details from outsiders, and it lets you dictate which ports can or can't be used, which offer some protection for the gateway system the proxy software is running on, and for the systems that use that gateway system to access the Internet. Popular proxy programs include WinGate and WinProxy, but don't forget that Windows 98 SE has a similar proxy tool built-in.

Another approach to interconnecting multiple PCs is using a hub that features NAT, traffic and port filtering, and even some firewall protection, such as Umax's UGate-3000. With the UGate, you can forego the hassles of Windows Networking and NetBEUI configuration and still control access to your network.

You might also consider Ascend's Pipeline 75 router, which provides basic port, packet, and protocol filtering. It lacks a firewall's smarts and logging features--it just stops traffic, controlling which ports can be used and which types of data packets can be let through.

Build a firewall. A firewall is the ultimate protection for your always-on PC-cum-network gateway. It basically blocks unwanted network traffic--such as a variety of attacks--before they ever reach your network. A firewall can provide various levels of protocol and packet filtering--meaning that only legitimate TCP/IP traffic gets through and unnecessary or undesirable traffic does not, on one or more selected ports. Because the firewall must analyze and handle inbound and outbound traffic, it introduces some overhead on the network's performance--usually less than 10 percent. Firewalls are typically placed between your gateway PC and the Internet connection. A firewall can be a dedicated box or software running on that gateway PC or server.

Configuring a firewall requires knowledge of your network, who you are connecting to, and what types of traffic you will allow. This includes the IP addresses to be used by your internal systems, the IP address of the DSL or cable connection to the Internet, your ISP's DNS server addresses, and the various protocols and ports of the traffic to block or pass. If the firewall provides proxy or NAT services, you must know the range or specific IP addresses of your networked PCs. You'll also need to dictate which ports are available--such as TCP Port 5190 for AOL's Instant Messenger service. As you can see, configuring a firewall can be fairly complex. Most firewalls for home- and small-office networks are configured via a Web browser.

Big companies use dedicated firewall hardware that can cost many thousands of dollars; you can get decent protection from much cheaper boxes or software that runs on your network's Internet gateway. (See the "Do Personal Security Products Work?" table for more.) Some new units, such as Ramp Networks' $479 WebRamp 700s, work with both cable and DSL connections, act as firewalls, filter IP traffic, and can stave off denial-of-service attacks. So can some routers, such as those from FlowPoint, with a bit of software.

Don't Worry, Surf Happy

Sound scary? It shouldn't. But a bit of prevention is a gigabyte's worth of hacker headaches. Follow the tips above and that DSL or cable line will let you cruise safely at any speed.

© Copyright 2000 Jim Aspinwall.

Jim Aspinwall writes the Windows Advisor column for Computer Currents. He's also the author of IRQ, DMA & I/O and co-author of The PC User's Survival Guide and Troubleshooting Your PC (all from Henry Holt/MIS: Press).

Is That Commerce Site Secure?

The recent security breach and theft of customer records from CDUniverse.com illustrates that what may appear to be secure on one side is definitely not on another.

Making a purchase via an SSL connection is irrelevant. The SSL link only covers the communications session between your browser and the server--it says nothing about the other servers a site uses or its overall network security. In e-commerce, security is everything. A company must treat its commerce servers the way a bank treats its cash.

The first red flag with CDUniverse was that it ran its site on Windows NT, known throughout the Internet and IT communities as an unsecure operating system. Security alerts are posted frequently, yet Microsoft is slow to issue patches, much less admit NT's vulnerability.

I ran a quick port scan on the CDUniverse site and found ports 25, 135, and 139 open, as well as port 80 for the HTTP sessions. Having port 139 open is very bad form, because this is the most vulnerable point in any Windows server. (Port 139 is assigned to the NetBIOS local area networking protocol. Through it, outsiders could become part of your Windows Network and get at your files.) There's no reason that a Web site should expose more than port 80 for HTTP and perhaps an alternate port for HTTPS or SSL sessions.

The basic steps for securing a server are well known and readily available to anyone setting up NT, Linux, FreeBSD, Solaris, and other operating systems. Transaction data and customer records should never be available on a system connected to the Internet. Once an order is processed at the commerce site or a server associated with it, it should be transferred to an internal server and removed from any system connected to the Internet. This may involve air gap protection--literally taking a disk holding the transaction data out of an Internet-connected server and moving it to an internal server. It's simple and effective.

How can you make sure you're dealing with a truly secure site? You can't. There is no central security audit and reporting service for consumers. And if you start running port scans, you become suspect. You can only hope that some organization like TRUSTe or BBB Online will tackle the job of performing security audits and providing endorsements. Until then, enjoy but beware the Internet.

--J.A.

How Do You Report an Intruder?

Getting your ISP's attention about a possible attack on your PC or network requires prompt action and the right information.

First, you must know you're being attacked, and that means you must watch screens and keep logs with whatever security product you're using. It's easier to track down the culprit while the attack is occurring.

A one-time port scan may not pose a serious threat and may be over before you can get in touch with your ISP. Multiple incidents from the same IP address, or a sustained attack, are worthy of mention.

Save any information about an attack--a screen shot or a log file--report exactly what you saw, when, and with what program. Your ISP probably doesn't have a preference or experience with desktop security software, but knowing what you're using can be useful to them later.

Most ISPs also have a department that handles abuse you may have received. For example, Concentric automatically screens messages to its abuse@concentric.net mailbox when you add the right keywords in the subject line of the message.

If you're lucky enough to get through on a 24/7 support line, a network system's operator may be able to examine network activity on the spot and validate, trace, or possibly even monitor an attack.

What information will you likely need to provide your ISP? Your name, the phone number where the attack is occurring, your e-mail address, the IP address of the system being attacked, the type of attack if known (port scan, SYN Flood, etc.), the IP address of the attacker (if known), and if it is an isolated incident or an ongoing problem.

When you contact your ISP--or the source ISP of the attacker--be polite and matter-of-fact. State who you are, your connectivity and ISP information, and what you saw and how. Chances are the ISP isn't responsible for the attack.

Once a report is filed, let the ISP do its job; don't expect to hear back. If a chronic hacker or criminal activity is involved, the authorities will take over; and unless they contact you, consider the matter closed.

As with spam, under no circumstances should you e-mail your attackers. This only calls attention to yourself and supplies them with your e-mail address. They could use this against you in the future.

--JA
 
 
Copyright © 1994-2008 ComputerUser, Inc., All Rights Reserved All marks are trademarks of ComputerUser Media.
Reproduction in whole or in part in any form or medium without express written permission of ComputerUser, Inc. is prohibited.
About us | Terms of use | Privacy Policy | Legal | Trademark/Copyright | Awards | Advertise | Writer guidelines | Sitemap Html Xml | Contact | FAQ's | Feedback  | Link to us

Here are the topics we cover computer certification computer careers computer training computer games consulting data recovery data security digital entertainment emerging technology gadget reviews handheld computers hardware reviews home automation home networks home office how-to advice internet linux local companies local news local profiles macintosh mp3 players network security online music online security open-source small-business technology soho software reviews technology books technology dictionary vpn web site reviews wi-fi windows wireless technology tech articles tech news press releases tech dictionary education resources career solutions create your personal blog upload your videos become a writer usergroups special interest group SIG 3com cipts adobe adobe certified expert apc ncpi apple achds acpt acsa actc avaya bea 8.1 certified administrator 8.1 certified architect 8.1 certified developer 9 certified administrator bicsi rcdd checkpoint ccmse ccsa ccsa ngx ccse ccse ng plus with ai ccse ngx cisco access routing and lan switching ccda ccdp ccie ccip ccna ccnp ccnp old ccsp ccvp crmam ip communications optical proctored exams for validating knowledge sales specialist storage networking vpn and security wireless lan citrix cca 3.0 cca 4.0 cca 4.5 cca xp ccea 3.0 ccea 4.0 ccea xp ccia ciw ciw associate ciw certified instructor master ciw admin master ciw designer master ciw enterprise developer security analyst comptia a+ network+ security+ server+ computer associates ca cusa cuse cwna cwna cwsp dell eccouncil cea cep certified ethical hacker chfi e-commerce architect emc emc specialist implemenation technology foundations enterasys ese eta exam express exin exin itil extreme networks ena ens filemaker f7cd f8cd fortinet fortigate foundry cne fujitsu fujitsu guidance software ence hdi css hda hdm hdsa hitachi hitachi certified professional hp ais apc app aps ase certified systems developer csa cse master ase huawei hcne hyperion hcp ibm advanced deployment professional advanced technical expert application developer business process analyst certified administrator certified advanced system administrator certified advanced technical expert certified associate developer certified enterprise developer certified solution designer certified specialist certified systems expert database administrator db2 deployment professional enterprise developer eserver certified specialist ibm on demand business solution advisor solution designer solutions developer solutions expert storage administrator system administator iisfa cifi intel isaca cisa isc cissp sscp iseb itil ism cpm juniper jncia jncis legato lcaa lcea lotus clp lpi lpic level 1 lpic level 2 lpic level 3 macromedia mcafee mcdata csnd microsoft crm mbs mcad .net mcdba mcdst mcitp mcp mcpd mcsa longhorn mcsa 2003 mcsa 2008 mcsd .net mcse mcse 2000 security mcse 2000 to mcse 2003 upgrade mcse 2003 mcse 2003 messaging mcse 2003 security mcse 2008 mcts microsoft business solutions microsoft partner competency mile2 cnsa network appliance nac-na nac-nie naca nace nacp network general sniffer certified professional nokia nokia security administrator nortel ncde ncds ncse ncss ncts novell5 cna 5 cne 6 cna 6 cne 6.5 cne cne upgrade omg ocup oracle 10g dba 10g oca 11i 8i dba 9i dba 9i internet application developer oca ocp8 to ocp8i dba upgrade exam pmi project management professional polycom pcve redhat rhce rhct sair sas institute sas scp saas scp snia snia certified architect snia certified professional snia certified systems engineer snia storage networking certification program administrator professional associate symantec scse scsp scta scts teradata tca v2r5 tcad v2r5 tcda v2r5 tcis v2r5 tcm v2r5 tcp v2r5 tia ccnt ctp tibco tcp trusecure ticsa veritas infraguard chamber of commerce vcp vmware certified professional webex linkedin facebook myspace Professional page layout, image editing, vector illustration, and print production Website design, development, prototyping, and blogging Creation of rich interactive content Industry-standard visual effects and motion graphics Video capture, editing, and production; DVD titling; and digital audio, Adobe Photoshop CS3 extended, Adobe illustrator CS3,Adobe indesign CS3,Adobe Acrobat 8 Professional, Adobe Flash CS3 Professional, Adobe Dreamweaver CS3,Adobe Contribute CS3,Adobe Fireworks CS3,Adobe After Effects CS3 Professional, Adobe Premiere Pro CS3,Adobe Soundbooth CS3,Adobe Encore CS3,Adobe OnLocation,Adobe Bridge CS3,Adobe Version Cue CS3,Adobe Device Central CS3,Adobe Stock Photos, Intel Pentium 4 (1.4GHz processor for DV; 3.4GHz processor for HDV), Intel Centrino, Intel Xeon, (dual 2.8GHz processors for HD), or Intel Core, Duo (or compatible) processor; SSE2-enabled processor required for AMD systems Microsoft Windows XP with Service Pack 2 or Microsoft Windows Vista Home Premium, Business, Ultimate, or Enterprise (certified for 32-bit editions) 1GB of RAM for DV; 2GB of RAM for HDV and HD; more RAM recommended when running multiple components 10GB of available hard-disk space (additional free space required during installation) Dedicated 7,200 RPM hard drive for DV and HDV editing; striped disk array storage (RAID 0) for HD; SCSI disk subsystem preferred Microsoft DirectX compatible sound card (multichannel ASIO-compatible sound card recommended),1,280x1,024 monitor resolution with 32-bit color adapter Blu-ray burner required for Blu-ray Disc creation OHCI compatible IEEE 1394 port for DV and HDV capture, export to tape, and transmit to DV device QuickTime 7.1.2 software required to use QuickTime features Broadband Internet connection required for Adobe Stock Photos* and other services

3PAR, Accellion, Acronis, Actional, Active Endpoints, ActiveGrid, activePDF, ActiveServers, ActiveState, Actuate, Adaptec, Agile Software, AGiLiENCE, Agilysys, Akorri, AlachiSoft, Alter Logic, Altor Networks, Altova, AMD, AMDAHL, Amentra, Amyuni, anacubis, Apani, APC, Appcelerator, AppSense, AppStream, Array Networks, Ascential, Astaro, Attune Systems, Autodesk, AutoVirt, Availl, Avanade, Azul Systems, Barracuda Networks, BEA Systems, B-hive, Black Duck Software, Blackbaud, Blade Network Technologies, Blue Coat, Blue Lane, BlueArc, BlueNote Networks, BluePheonix Solutions, BMC Software, Borland, Bristol Technology, Brix Networks, BroadVision, Brocade, Burton Group, Business Objects, CA, CalAmp, Cassatt, Cast Iron Systems, Catbird, Cayenne Technologies, Ceedo Technologies, Cenzic, Certeon, CiRBA, Cisco Systems, Cision, Citrix Systems, ClearApp, ClearCube Technology, CollabNet, Compass America, Composite Software, Compugen, Compuware, Configuresoft, Continuity Software, Coraid, Courion, Coyote Point Systems, Crescendo Networks, CSC, DataCore, DataSynapse, Dell, Desktone, Digipede Technologies, Double-Take Software, Ecora Software, EDS, eG Innovations, Egenera, Elastra Corporation, Electric Cloud, Embotics, EMC Corporation, Emulex, Endeavors Technology, Enigmatic Corporation, Enterprise Management Associates, Entuity, EqualLogic, Ericom Software, ESRI, EVault, eXludus Technologies, F5 Networks, FalconStor, FastScale Technology, Foedus, Force10 Networks, Fortisphere, Forum Systems, Fujitsu, GemStone Systems, Getronics, GlassHouse, Green Hills Software, Grid Dynamics, GridGain Systems, GT Software, Hitachi, HP, Hyper9, Hyperic, IBM, ICEsoft, IGEL Technology, Illumita, ILOG, IMEX Research, Information Builders, Ingres, InstallFree, Integrien, Intel, Intellium, International Computerware, iTKO LISA, JBoss, Juniper, KACE, Kidaro, LeftHand Networks, Leostream, Lifeboat Distribution, Liquid Computing Corporation, Liquid Technology, Lynux Works, Mainline, ManageIQ, Managed Methods, ManageSoft, Marathon Technologies, McAfee, Mellanox Technologies, Microsoft, Mid-Atlantic Computers, Mindbridge Software, Mindreef, MKS, MonoSphere, Motorola, MQSoftware, mySoftIT, NASTEL, Ncomputing, NEC, Neocleus, NeoPath Networks, Neoware, NetApp, Netegrity, Neterion, Netuitive, Neverfail, Nexaweb, NextAxiom, Nimbus, Nimsoft, Niyuta, NoMachine, Novell, ONStor, Opalis Software, Open Kernel Labs, OpenSpan, OPNET Technologies, Optaros, OpTier, Oracle, Pano Logic, Parallels, Parasoft, Perforce Software, PHD Technologies, Phoenix Technologies, Phurnace Software, Pillar Data Systems, PlateSpin/Novell, Progress Software, Prolifics, ProSync Technology, Provision Networks, QLogic, Quest Software, Racemi, Raritan, Raxco Software, Red Hat, Reflex Security, Resolution Enterprises, RingCube Technologies, Riverbed Technology, Rogue Wave Software, RSA Security, Sagnet Solutions, SanDisk Corporation, SAP, SAVVIS, ScaleMP, Scalent Systems, Seanodes, Secure Command, Secure Computing, Sentillion, Shavlik Technologies, ServInt Internet Services, Silpion IT Solutions, SIMtone, Skytap, Skyway Software, Software AG, Sonasoft, SourceGear, Splunk, StackSafe, SteelEye Technology, StillSecure, StoneFly, Stonesoft, Stoneware, StoreVault, StrikeIron, STT WebOS, Sun Microsystems, SunGard, Supermicro Computer, Surgient, SWsoft, Sybase, Symantec, Systar, TBD Networks, Tenfold, TheInfoPro, Thinstall, Third Brigade, TIBCO Software, Tidal Software, Tideway Systems, TOA Solutions, TRANGO Virtual Processors, Trend Micro, Tresys Technology, Trigence, Tripwire, Ulteo, Unisys, United Devices, VaST Systems, VDIworks, VeeAm Software, Verari Systems, Verio, VeriSign, Vicom Computer Services, VirtenSys, Virtera, Virtual Iron, VirtualLogix, Virtugo Software, Virtutech, VisionCore, Vizioncore, VKernel, VMLogix, vmSight, VMware, Vordel, vThere-Sentillion, Vyatta, WaveMaker, Web Age Solutions, WSO2, Wyse Technology, XDS, XenoCode, Xiotech, xkoto, Xsigo Systems, Zenith Optemedia, Zeus Technology.