Security.html 7/13/02

As more and more networks get connected to the internet, owners of those networks need to understand that while they are connect they are vunerable to being "groped" by malicious users from somewhere else on the planet. This is not a distant or idle threat to your network's security. Even if you are connected by a dial up networking or modem connection, for the period of that connection you are assigned an IP address that is necessary for your communication to take place. Chances are this IP address is assigned to you out of a pool reserved for use by the Internet Service Provider (ISP) to whom you connect by modem. A malicious individual can locate public records of these IP address range assignments and use software to scan that range and detect when one of its addresses become assigned for use. At that time, you are "acquired" as a target. It's nothing personal, because there is no guarentee that you will be assigned the same IP address on subsequent connections, however, you will always be assigned one of the valid IP addresses reserved for the ISP you use for your dialup account. That is to say, over time it would be possible to detect remotely whether you are the same machine that was seen to connect last time in this address range. So much for an overview of dialup connections.

Direct cable connections are even more dangerous. Because every network card has a unique identifier called its MAC address, it is possible to absolutely identify the connecting machine remotely. This means that over time it is possible to try a series of remote attacks and know that you are making them against the same machine. In this circumstance you are a target that is both "aquired" and "locked on". It simply a matter of time to find a tool to do your system some damage.

There are some basic things you can do to protect yourself. They are not complete and permanent solutions, they are much like the lock and key system. You use a better lock to slow down the attacker or narrow the number of persons who have the skill to make a key. As time goes on you continue to use better and better defenses to first keep the honest men honest and next to remove any temptations, and finally to make it more difficult so that only the skilled, determined, and criminally minded will bother to pursue a scheme to break your security. A great book on the subject I have read recently is "Secrets & Lies:Digital Security in a Networked World" by Bruse Schneider ISBN 0-471-25311-1 Published by John Wiley & Sons in 2000 and selling for $30.

Here are a couple of quick and dirty things you can do to protect yourself. Go to http://www.zonelabs.com and download the free version of Zone Alarm. This is a software firewall that will help you seal up your system from intrusion. This is particularly helpful for single machines accessing the internet using modems. It also has the benefit of keeping modern "intrusive" software from accessing the internet from your machine without your knowledge or consent. Zone Alarm can be set to alert you when other machines are trying to "grope" you. It's quite an education. I also recommend that you visit http://www.grc.com and use the Shields Up test to make sure its working. Here too you will get a free education into sneaky stuff that is happening that you can't see.

For those who access the Internet via a cable modem, xDSL, T-1, or other "always on" connection, as a first step install a firewall device. There are many available and they are not very expensive (4 port LinkSys DSL/Cable Router is about $100). These devices can be used to protect an entire network from access via the internet connection. Although they aren't a cure all they certainly can slow down the kids, and inexperienced hackers from waltzing in the front door and pawing over your files on the network. This is a MINIMUM suggestion as to a security measure. It is a first step. This advice is like saying "Lock your car, take your keys."

Another good step is to install a proxy server instead of the cable router. I use WinProxy 4.0H which will run on Pentium 75 of higher in 64mb of ram and two network cards. This setup allows for antivirus in both directions with automatic updates as well as providing all the features of the cable router(NAT, DHCP, etc.) and many more controls for closing up ports. Site filtering is also included for the first six months. I have corporate networks using the antivirus and site filtering to keep their networks protected and keep their employees from accessing Sex, hate speech, Gambling, Criminal Skills, ... sites. It keeps them from having to make a harsh policy for employees. Visit http://www.ositis.com for more info.

These steps are not difficult to take and can lead to fewer sleepless nights. If you need help setting these up, call me or email me here. Thanks for listening.