Security - Why Should I Worry? As the millions of personal computers of the world move from dialup lines to permanent connections such as DSL or cable, a vast new array of potentially soft targets turn up on the Internet, at stable IP addresses, for crackers to use, sometimes for fun, and sometimes to stage further break-ins. Automated scan tools can quickly pass over an entire domain, and report on machines that appear to be insecure. This is the 90s Internet version of wardialing, made famous in the film WarGames, but 100 times as deadly.. with more powerful programs, faster connections and more underground web sites, even unsophisticated computer users can scan 1000s of machines in an evening for simple configuration mistakes. Even if a particular security mistake only occurs with .1% of users, when a cracker can scan 1000 PCs in less than an hour, by the time they have listened to a single CD, 2 or 3 open PCs can be unearthed. Most normal Internet machines are designed and configured with security as a high priority. Most of the hordes of home PCs coming online over DSL and cable were designed to be friendly and accessible. It is a great time to be a cracker. But I have Virus Software I have turned off File & Print sharing Why a Scan is good security The pages that follow explain the risks and tell you what you can do to protect yourself, your family, your bank account, and even your reputation from the more frequent and potent security threats encountered in high speed connections to the Net. Why Me? Good Questions - What would an intruder hope to gain by breaking into your home or small office computer system? Chances are, they're after one or more of the following things: Your bandwidth. With 384 kilobits to more than a megabit per second of bandwidth, your DSL or cable modem is capable of sending and receiving a lot of data very quickly. While it's unlikely that you give your broadband connection a 24x7 workout, hackers can find lots of things to do with it. For example, your system, together with others that have also been co-opted, can be used to unleash huge barrages of data on other computers on the Internet, rendering them useless. (This is called a distributed denial of service, or DDoS, attack.). Hackers can also use a compromised machine as a jumping-off point for difficult-to-trace attacks on other machines. This is especially likely to occur if you're using vulnerable software that hasn't been updated with the latest service patch. Your computing resources. If hackers take over your system, they can turn it into an Internet server that does their bidding. They can use it as an illicit "meeting place" by setting it up as an IRC (Internet relay chat) server, or use your hard disk as a repository for illegally copied software. Your personal data, your identity, your reputation, and/or the contents of your bank account. Do you prepare your taxes on your computer? Pay your bills using an "Online" service? Have any files at all containing your credit card numbers, Social Security number, or other identifying information? If so, you're a potential target for identity theft, an increasingly common crime in which a thief gathers sufficient information to impersonate you. The havoc that an identity thief can wreak in your life is almost unlimited. He or she can she can change the addresses on bank, credit, and brokerage accounts, diverting statements so you won't notice that something's amiss. They can then sign up for credit in your name, sell your investments and pocket the proceeds, and drain your bank accounts. If you have a debit card, the thief can wipe out the account to which it is attached in a single transaction. While snooping techniques affect all Internet users regardless of the way they connect, a high speed connection masks their presence by preventing them from taxing your bandwidth. In the sections that follow, you'll learn about some of the most serious Internet threats--and the ways in which a broadband connection can amplify their dangers. Opening Windows On File-Sharing Abuse IE, OE, et al... Another common point of entry for hackers targeting Windows systems is a utility called Wingate, which many broadband subscribers use to share a high speed Internet connection among several machines in their homes or offices. While newer versions of the utility are secure, older ones--which are still out there and are often pirated--allow a hacker to "tunnel" through your machine on the way to the rest of the Internet, hiding his or her identity. Beware The Hybrid Magistr/32, ILOVEYOU, Navidad, and others are often called "Trojan worms" because they are activated when a user clicks on an e-mail attachment but distribute themselves via e-mail as worms do. Most such programs rifle your e-mail address book or your saved e-mail messages to find the addresses of potential victims and send themselves to those people's computers in a way that makes them appear to have come from you. Malware that does this, or otherwise attempts to exploit existing relationships between correspondents, is sometimes called a Friends and Family virus), after MCI's famous promotional program for its long distance services. The more the sender respects or trusts you, the more likely he or she is to become the next recipient. The Hybris worm, on the other hand, does not leverage the reputation of the owner of the infected machine but does watch where he or she browses. It scans all Internet traffic entering or exiting the machine, including Web pages, e-mail, Internet relay chat (IRC), etc., and sends itself to any e-mail address it sees. Broadband connections potentiate these malevolent programs by allowing them to spread so quickly, once they are activated, that a human being often cannot pull the plug before it's too late. DDoS Attacks While the attacking machines may be spread throughout the world, the Internet's routers focus the attack--like a lens--on the victim machine and its Internet connection. Most DDoS attacks, to date, have simply been pranks but there is real concern that they could be used as a "cyberwarfare" tactic by terrorists or hostile governments.
|
Design by Ekona | Hosted by GH Solutions | Copyright © 2007 |