Unfortunately, a high-speed internet connection comes with a price - your
system is exposed to the world. It is critical that you protect yourself
from an attack by a hacker; this section will describe how.
Understanding internet connections
Before discussing the types of
attacks and how to stop them, it is necessary to understand a little about how
internet connections are made...
For 2 computers on the internet talk to one another, a TCP/IP connection must
first be established. To establish a connection, one computer sends a message
to the other computer, requesting a connection. It's like one computer is
making a phone call to the other. Also like a phone call, the initial request
for a connection is one-way; but once the connection is established, each
computer can send and receive information. For a connection to be
established, the computer that receives the connection request must have a
program running that is "listening" for requests (waiting for a phone call) and
is willing to make TCP/IP connections (pick up the phone and talk) - such a
program is called a "server" (nb different from the "server PC" in a
home network), and examples would be webservers and FTP servers.
An example of a TCP/IP connection request is when you request a webpage - your
computer sends a request to the webserver to establish a TCP/IP connection and
share information. Think of this as an "outgoing" connection request, since the
request goes out from your computer (inside your home network) to
the internet (outside your home network). Conversely, if you were running
your own FTP server at home, then when other computers on the internet tried to
connect to it, they'd be sending "incoming" requests for TCP/IP connections.
(For more detailed information about TCP/IP connections, see section 10)
Attacks against your network
Attacks against your network can be via a malicious TCP/IP connection or via a
virus. There are therefore 3 major, discrete types of attacks that you need to
protect against:
1. An "incoming" attack is when a computer somwehere on the internet tries to
get into your computer by compromising any "servers" that you may be running
(webserver, FTP server, mail server etc). "Servers" listen for connection
requests, and are thus potentially vulnerable to malicious connections
initiated by an incoming connection request. You might think "but I don't run a
webserver, or a mail server, or anything like that!", but you'd be surprised how
many "servers" you can accumulate without realising it - ICQ for example acts as
a server when somebody sends you a file. Also, some versions of Windows come
with "Personal Web Server" pre-installed, a gross security risk that most users
are unaware of. The only way to be sure that you haven't accidentally got any
servers open to the world, waiting to be compromised, is to block all
incoming connection requests with a firewall. A firewall is (essentially)
something that selectively blocks TCP/IP communication. You can then
specifically tell the firewall to allow certain applications (eg ICQ) to act as
"servers". (Side note: generally only the "server computer" in your home
network is vulnerable to this kind of attack, because NAT routing works in such
a way that the client computers are unable to run "servers")
2. An "outgoing" attack may occur if you've accidentally downloaded a
trojan (a special type of virus) that wasn't picked up by your anti-virus
software. The trojan can "dial home", ie send an outgoing connection request to
a hacker's computer. Once established, the connection could be used for pretty
much anything - forcing your computer to attack a web site, deleting all of your
files, stealing your credit card details etc. Every computer in your home
network is vulnerable to this type of attack. Since the trojan runs on your
computer and sends out connection requests to hacker's computers, a
firewall is necessary to block all outgoing connection requests. However,
outgoing connection requests are necessary for the normal use of the internet -
if you did block them all, none of your normal internet programs, such as web
browsers and email clients, would be able to use the internet! Therefore you
need a firewall capable of "allowing" certain, approved applications to send
"outgoing" connection requests, while preventing all other applications
from doing the same.
3. You need to have an up-to-date, properly configured anti-virus
program.
How to protect yourself
There are various options for firewalling, ranging from free software firewalls
(often worth every cent!) to dedicated, physically separate hardware firewalls
for the paranoid. The problem with most firewalls, however, is that while
they're all quite good at blocking incoming attacks (number 1 above), most of
them are completely unable to deal with outgoing attacks (number 2 above). For
example, the firewall in WinRoute Lite, whilst excellent at preventing incoming
attacks, can not prevent outgoing attacks without completely disrupting internet
usage - this is because it's unable to distinguish whether the outgoing
connection requests come from an "approved" application or from something
else.
Therefore I recommend to all Windows users that they use
ZoneAlarm, which is free for
personal use and has an excellent reputation for protecting against both
incoming (1) and outgoing (2) attacks. It should be installed on every
computer in the network, because every computer is vulnerable to (2).
The old adage is that "it's impossible to make Windows secure", and that's
probably true. However in my opinion, ZoneAlarm is as close as you can get to
securing your network without being silly. A reasonable alternative is Tiny Personal Firewall. Sygate Personal Firewall is also quite good,
but (at least until recently) it's been plagued by inadequate identification of
programs - for example, if you downloaded a trojan which renamed itself to
"iexplore.exe" then Sygate would let it send an outgoing connection request,
thinking that it was Internet Explorer. I believe that's been fixed now, but
ZoneAlarm was never vulnerable in that way and is still the firewall of
choice.
In terms of anti-virus software, you should already have an anti-virus program
installed (!), but if not, I recommend
Norton Anti-Virus - it seems to
catch more viruses than any other software, and its interface is quite good (eg
automatic updating of virus definition files, which is a total breeze on
broadband).
Installing ZoneAlarm
ZoneAlarm is FREE for personal use, but don't let that put you off - it's
excellent software. For the reasons outline above, I strongly recommend that you
install it on every computer in the home network, not just the server computer.
Here's how:
Download the free personal edition of ZoneAlarm from
Run the zonalarm.exe installer. Installation is fairly
straightforward - you shouldn't have any problems here
You'll need to play around with the settings to get everything working
smoothly. I found that changing the security settings to Low for "Local" and
Medium for "Internet" did the trick.
Repeat steps 2-3 for every computer in your home
network.
Testing your firewall
There's no good having a firewall if it's not working properly! No matter what
firewall program you're using, you should test it to make sure it's protecting
you the way it ought to. Probably the easiest way to do this is go to the
Gibson Research Corporation, follow the links to
"ShieldsUp!" (you have to follow 2 links), and click "Probe my Ports". You
should aim to have all of your ports as "stealth".
If you're on Optus, don't worry about the results for ports 25, 39 and 80 -
these ports are blocked by Optus, so whatever the results of the scan are,
they're nothing to do with your firewall. Similarly, Telstra blocks port 39.
Other precations
Use good anti-virus software, and keep it up to date!
Similarly, be sensible when using the internet - never open email
attachments unless you know who sent them to you and what they are; never
run programs from the internet unless you trust the source, and even then
make sure you've scanned the program for viruses.
Windows users should think very seriously about abandoning Internet
Explorer and Outlook/Outlook Express, which have been the greatest spreaders of
viruses (including trojans) for years. There are better alternatives! For much
safer web browsing, with more features than Internet Explorer, try Mozilla or Opera. For a safe and powerful alternative to
Outlook/Outlook Express try Mozilla Mail (part of Mozilla) or Eudora.
