Security - Why Should I Worry?
As the millions of personal computers of the world move from dialup lines to permanent connections such as DSL or cable, a vast new array of potentially soft targets turn up on the Internet, at stable IP addresses, for crackers to use, sometimes for fun, and sometimes to stage further break-ins.
Automated scan tools can quickly pass over an entire domain, and report on machines that appear to be insecure. This is the 90s Internet version of wardialing, made famous in the film WarGames, but 100 times as deadly.. with more powerful programs, faster connections and more underground web sites, even unsophisticated computer users can scan 1000s of machines in an evening for simple configuration mistakes. Even if a particular security mistake only occurs with .1% of users, when a cracker can scan 1000 PCs in less than an hour, by the time they have listened to a single CD, 2 or 3 open PCs can be unearthed.
Most normal Internet machines are designed and configured with security as a high priority. Most of the hordes of home PCs coming online over DSL and cable were designed to be friendly and accessible. It is a great time to be a cracker.
But I have Virus Software
Todays virus tools will not tell you that your machine has been compromised, they will not warn that your hard-drive is visible on the Internet, or that your FTP server has no password. An up-to-date virus scanner on the windows platform is vital but it is only half the story
I have turned off File & Print sharing
Programs you purchase or download and install are more and more network aware, windows file and printer sharing is only one possible gateway into a machine. There are 65535 different ports that a program, or part of your operating system, can listen on. Do you know what is actually active and waiting for connections on your PC right now?
Why a Scan is good security
Any intruder will use a scanning tool to get an overview of your security, either as part of a domain pass, randomly, or because they are targetting you specifically. Anyone active on the internet knows that as soon as you use software that leaves your IP address in a public place, like a usenet posting, ICQ, ftps or certain shareware utilities, you will become instantly the target of curious probes, some from machines on the other side of the world. If you have weak security, these probes can turn into a break-in. If you offend someone in a public forum, your machine can be crashed by them, or disabled. If this is your business, they have closed you down.
The pages that follow explain the risks and tell you what you can do to protect yourself, your family, your bank account, and even your reputation from the more frequent and potent security threats encountered in high speed connections to the Net.
Why Me?
If you're a typical broadband user, your reaction to the statements above might well be, "Why me? There's nothing much of value on my machine, just the browser I use for the Web, plus my recipes, some letters, and a few household documents. Why would a hacker care about breaking into my system?
Good Questions - What would an intruder hope to gain by breaking into your home or small office computer system?
Chances are, they're after one or more of the following things:
Your bandwidth. With 384 kilobits to more than a megabit per second of bandwidth, your DSL or cable modem is capable of sending and receiving a lot of data very quickly. While it's unlikely that you give your broadband connection a 24x7 workout, hackers can find lots of things to do with it. For example, your system, together with others that have also been co-opted, can be used to unleash huge barrages of data on other computers on the Internet, rendering them useless. (This is called a distributed denial of service, or DDoS, attack.). Hackers can also use a compromised machine as a jumping-off point for difficult-to-trace attacks on other machines. This is especially likely to occur if you're using vulnerable software that hasn't been updated with the latest service patch.
Your computing resources. If hackers take over your system, they can turn it into an Internet server that does their bidding. They can use it as an illicit "meeting place" by setting it up as an IRC (Internet relay chat) server, or use your hard disk as a repository for illegally copied software.
Your personal data, your identity, your reputation, and/or the contents of your bank account. Do you prepare your taxes on your computer? Pay your bills using an "Online" service? Have any files at all containing your credit card numbers, Social Security number, or other identifying information? If so, you're a potential target for identity theft, an increasingly common crime in which a thief gathers sufficient information to impersonate you. The havoc that an identity thief can wreak in your life is almost unlimited. He or she can she can change the addresses on bank, credit, and brokerage accounts, diverting statements so you won't notice that something's amiss. They can then sign up for credit in your name, sell your investments and pocket the proceeds, and drain your bank accounts. If you have a debit card, the thief can wipe out the account to which it is attached in a single transaction.
While snooping techniques affect all Internet users regardless of the way they connect, a high speed connection masks their presence by preventing them from taxing your bandwidth.
In the sections that follow, you'll learn about some of the most serious Internet threats--and the ways in which a broadband connection can amplify their dangers.
Opening Windows On File-Sharing Abuse
One of the most common ways hackers attack broadband users is to exploit the built-in file sharing features of Microsoft's Windows operating system. Windows machines come equipped, out of the box, to share files with other machines on the same network--a feature called "peer to peer file sharing." While users who turn this feature on may think that they're sharing files only with other computers in the same house, it's unfortunately all too common to find that they're really being shared with the entire neighborhood--or the entire Internet. "Worms"--described in more detail below--can also enter via Windows' file sharing features, infecting and possibly disabling your computer.
IE, OE, et al...
Internet Explorer and Outlook Express, as well as the Outlook e-mail client and personal information manager, are rife with security holes, and new ones seem to surface daily. Browsing with many versions of Internet Explorer (especially in their default configurations), or checking your mail with a Microsoft e-mail client, could allow your system to be infected so quickly--thanks to your high-speed connection--that you have no chance to react before your machine is harvested for data or damaged beyond repair. At this writing, several widely circulated worms, such as Magistr/32, are capable of destroying your machine's BIOS (Basic Input/Output System), rendering your machine unable to boot.
Another common point of entry for hackers targeting Windows systems is a utility called Wingate, which many broadband subscribers use to share a high speed Internet connection among several machines in their homes or offices. While newer versions of the utility are secure, older ones--which are still out there and are often pirated--allow a hacker to "tunnel" through your machine on the way to the rest of the Internet, hiding his or her identity.
Beware The Hybrid
Perhaps the most disturbing trend, and the one of which broadband users should be most wary, is the emergence of hybrid malware. This is malware that combines the traits of viruses, worms, and/or Trojan horses. The well-known Melissa virus (which had characteristics of a Trojan horse, a virus, and a worm) was particularly virulent because it could spread via attachments to e-mail, via Microsoft Word documents, or via file sharing.
Magistr/32, ILOVEYOU, Navidad, and others are often called "Trojan worms" because they are activated when a user clicks on an e-mail attachment but distribute themselves via e-mail as worms do. Most such programs rifle your e-mail address book or your saved e-mail messages to find the addresses of potential victims and send themselves to those people's computers in a way that makes them appear to have come from you. Malware that does this, or otherwise attempts to exploit existing relationships between correspondents, is sometimes called a Friends and Family virus), after MCI's famous promotional program for its long distance services. The more the sender respects or trusts you, the more likely he or she is to become the next recipient.
The Hybris worm, on the other hand, does not leverage the reputation of the owner of the infected machine but does watch where he or she browses. It scans all Internet traffic entering or exiting the machine, including Web pages, e-mail, Internet relay chat (IRC), etc., and sends itself to any e-mail address it sees.
Broadband connections potentiate these malevolent programs by allowing them to spread so quickly, once they are activated, that a human being often cannot pull the plug before it's too late.
DDoS Attacks
In an alarming development, malware that doesn't hurt your machine but instead prepares it to join in an attack on others is beginning to surface. Your infected machine appears normal until given a special "attack signal." It then becomes a zombie--a mindless soldier in a distributed denial of service (DDoS) attack. In response to a hacker's marching orders, your machine and others launch as many requests as they can, as fast as they can over high speed connections, at a victim. The goal: to overwhelm and, possibly, bring down a Web server or router belonging to someone the hacker dislikes.
While the attacking machines may be spread throughout the world, the Internet's routers focus the attack--like a lens--on the victim machine and its Internet connection. Most DDoS attacks, to date, have simply been pranks but there is real concern that they could be used as a "cyberwarfare" tactic by terrorists or hostile governments.
Design by Ekona | Hosted by GH Solutions | Copyright © 2007