The Internet versus You, part 2

What are the bad guys trying to do?

Some are just bored, some curious, some destructive, and some are really bad guys. These last may try to compromise your security so that they can use your computer (and your IP address or your mail ID) as the apparent source of spam or of attacks on other computers. How would you like the FBI to visit you because your IP address showed up in an attack on the SEC’s website, a corporation’s, or on a military computer?

One nice thing -- if you’ve set your system up to be able to identify attacks, you’ve probably prevented most of these attacks from happening. Unless you’ve really annoyed someone in a chat room or a newsgroup, or are otherwise a target for some reason, the bad guy will usually move on when he can’t get in easily. There really is no such thing as totally secure; you just want to make the other guy decide the effort isn’t worth it.

How does he get in?

Of course, the method depends on whether the target system normally provides services (like a web server) or normally uses them. The heart of the problem: you have to be running something that allows him to get in. Unfortunately, you don’t need to have decided to do this.

For example, Frontpage98 installs the Personal Web Server by default. You can only password-protect the PWS if you’re on WinNT/2000/XP. Plus, PWS has known security holes, many of which can allow the intruder to get full access.

Or, you may be running IE and allowing Active-X applications to install automatically, or scripts to run automatically. Some of the trojans have been rewritten to install from Active-X programs which you download just by visiting their webpage. Others install via scripts on webpages. Scripts imbedded in emails and attachments to emails are more problems. Or, you may have downloaded something that had a trojan program hidden in it. All in all, you have to block out attempts and make sure you’re not listening for attempts. The firewall programs can do this.

Running web servers and ftp servers is particularly dangerous from a security point of view (and forbidden by most cable ISP’s Acceptable Use Policies for their non-commercial services).

Most of these have been proven to be subject to flaw after flaw which allow a person to jump to a command prompt on your computer. Not only are these weaknesses known, there are script tools available on the internet which will do all the work for the attacker (nicknamed a "script kiddie").

There are also a number of known security weaknesses in Internet Explorer and Netscape Navigator which can be exploited by the html code on a web page. As mentioned above, Internet Explorer uses Active-X applications that may be automatically downloaded and executed without you knowing it.

Besides their legitimate uses, these can be written to cause your integrated emailer to send an email automatically, to install a trojan program on your system, to install a virus on your system, or to crash your system. Unlike Java, which operates in a "virtual sandbox," Active-X applications have many system capabilities including writing to your drives. Javascript is not the same thing as Java, and is more similar to Active-X than to Java in its security issues. Trojan programs can also get in via email attachments.

So, what should you do?

Run a firewall. Run a "Two-Way" firewall — and that exclcudes the Windows XP firewall because it is only a one-way firewall.

Always run a firewall. Whether you are using dialup or broadband, you need a firewall. Trend Micro offers a good firewall for purchase as part of Trend Micro PC-cillin Internet Security 2006. Read more in my Security Software Recommendations article.

Alternatively, you can run a good firewall on an old PC running Linux, and let it do account-sharing duty at the same time. Coyote Firewall is a free floppy-based firewall and router that can run on really old PC’s.

These days, most individuals with any kind of firewall hardware use an Internet-sharing device such as the Linksys and D-Link cable/dsl routers, which are designed to share the Internet service with your home network. These also protect the computers on your home network by hiding the IP addresses on the home network (the router gets the official IP address that the cable ISP assigns you). 

Recent versions of these routers have fairly sophisticated firewalls to control inbound data packets, but will allow any communications originating from your computer to access the Internet. In other words, if you do get infected by a virus, trojan, worm, and start spouting spam and/or virus emails from the infection, these external routers won’t stop them.

Large businesses tend to use high-speed, high-priced firewall hardware and software by Cisco, Microsoft, Checkpoint and others.  

Part 1 |  Part 2 |  Part 3

Link to this page — just add this code to your web page!

<a href="http://www.terryscomputertips.com/computers/internet-versus-you-2.php">The Internet Versus You</a>

Copyright © 1999-2006 Terry A. Stockdale