The basics



Well to start out, this might should be crosslinked in the computer security section, but I’m putting it in commentary primarily to catch those who might not typically look at computer security.

First, why should you care about keeping your computer secure? I’ve heard people ask something like this. Usually they say, “I don’t care who sees my documents, I don’t have anything that important on there….etc. etc. etc.” You’ve probably heard or said similar. After all who would be interested in your speech to the Kiwana’s club? The sign up sheet for the Church cookout? etc. Well, unfortunately this argument is very shortsighted. Here’s why.

These days I have a very highspeed connection to the internet and so do many of the people I know, in addition most of the day the machine is actually connected to the internet. No need to dial. In fact our connection here is 24 hours a day. This is very convenient of course, but it’s convenient not only for us, but those who make a hobby or pasttime of breaking into computers, pushing the internet to it’s limit and otherwise just getting into mischeif.

A good example of this is an account I read at Gibson Research about a Denial of Service attack against his website. The account started that his webserver suddenly began being flooded by requests for information. This occured to the extent that legitimate requests returned error messages (site unreachable, etc.etc.) Upon investigation he found the packets of data were coming from regular desktop machines across the internet. Further research turned up “zombie” programs. These are programs that are installed on a machine and then can be remotely controlled. Not necessarily wipe the hard drive/ open the cd tray remotely controlled, but they could be told to suddenly start asking for data from a web site. (Any user at the machine would be completely unaware of this, except perhaps for a slowdown in internet activity.)

The person/people that had been using these zombies to attack the website, had primarily targeted connections that were always on, i.e. they could find them again after the initial zombification. The second preference was for a high connection speed, meaning that it had a fair amount of network “muscle” in trying to strongarm a website. Multiply 1 highspeed cable/dsl connection by the 100’s of zombie machines and you have a significant amount of bandwidth, enough to take out a webserver. And of course all of the log info would probably point back to the infected desktop machines, not the original perpetrator.

Now this isn’t the only way a machine can be used to attack another. Malicous hackers, after gaining access to one machine many times will use that box to try and attack another machine, further covering their tracks. Another point to note here is that it doesn’t necessarily take a skilled computer wizards to break into a machine or install these backdoor/zombie programs. Usually the crackers (those skilled at breaking into machines) write scripts or programs to automate the progress. Many times these are then modified and simplified to the point that anyone can use them. They are many times easy to find and download, then run with a point and click interface. Those who use these techniques to hack systems are usually referred to as script kiddies.

Another point to make is that a hacker is rarely interested in your personal files. You’re absolutely right. He/she does not care about the letters to Grandma, the vacation pictures or the school paper. However, using the internet, we do conduct a fair amount of business over our computers. Anybody ever type a credit card number in? If you’ve ever done ANYTHING such as logging in to another computer, or typing username password information, or credit card information, you could be vulnerable to another type of attack. Keystroke loggers keep track of EVERYTHING that is typed on a machine and either log it to a file, or send it over the internet to the person who installed it. Many viruses of late have included keystroke logging “features”. This behavior usually occurs without the users knowledge, that is until someone in Timbuktu starts charging big purchases on that Visa card you used online last week.

The internet is a shared medium in MANY ways. This is true even when it comes to security. So think of the security of your machine as something you should be interested in, not because you have valuable data, but to help protect others. The internet’s version of a community watch?

Well, if this has you wanting to pull the plug on the computer and never use a networked machine again, you’re not alone. Welcome to reality. It is scary what is possible, but there are ways to keep your machine secure and relatively safe from such threats.

So, here is the second section. How to keep your machine secure. First, install an antivirus program and most importantly keep it updated. 4 times a day for mailservers is a good update schedule, and perhaps every 5 days for a work desktop, or any desktop with a persistent internet connection. Maybe once or twice a month for dialup users.

Install or purchase a firewall. There are software firewalls, like zonalarm. Some operating systems come with firewalling software. These are adequate for home use. However if you have multiple machines I’d suggest a hardware firewall/router. It’s also important to have a working knowledge of how it works. Make note of the configuration changes you make and maybe even check from time to time the logs or the list of ports which are open to the outside (if any).

Keep your operating system updated. This doesn’t mean go out and buy the latest version of windows when it comes out. There are security updates released for every operating system. So for instance, Windows 98 may still have occasional security updates. Find out how to download and install routine security updates.

Learn what is normal for your system. I don’t know how many times I’ve been called to look at a system that is crashing, note that there is no antivirus icon in the system tray, askthe user and they haven’t noticed anything out of the ordinary. Then I discover a virus running in memory which has disabled their antivirus. Look at each of the system tray icons and see what it is. Press control-alt-delete and see what is running. Yes it’s detective work. But it is important to get a feel for what your machine is like when all is well. (You might also use msconfig to change the items starting at boot.) If you find things running that you don’t need running, find out how to disable them. One aggravation I had with my copy of Frontpage a couple years back was that it required a webserver running locally to work, I occasionally edited web pages, but I always had the webserver running! I disabled that and made a link to the program to start/stop it on the desktop for those occasions when I needed it.

Sometimes software vendors aren’t quickly forthcoming with security information. It’s a good idea to find a few security resources online so you hear more than the company line.

I hope I haven’t scared you too much, but a certain amount of paranoia makes for a good defense. I hope this has been useful to someone out there.

   Send article as PDF   

Similar Posts