Sarasota PC Monitor
Tech Talk(1/00)
Internet Safety
by Brian K. Lewis, Ph.D.*
Member of the Sarasota Personal Computer Users Group, Inc.In the monthly Tech Forum, we have had questions several times about the security of computers that are connected to the Internet by a cable modem. Systems connected to a cable modem are always on-line, except when powered down. The question is, does this make them more vulnerable? My usual response has been that if you haven't set the system to use file/printer sharing you should be safe from other people on your Internet "node." The problem with cable modem systems is that your modem is one connection to the equivalent of a large local area network. Every user connected to the same cable you are on is part of your network.
If you have your own in-home network, you usually have setup file and/or printer sharing. Doing this on the computer connected to the cable modem allows others on your cable modem line to access your computer. All they need to do is activate their Network Neighborhood and, with a little bit of detective work, they will be able to find your system and its files. They do need to determine your computer's name, but that is often too easy. If you use the default name that Windows uses, it is usually your name or a portion of it. I have seen systems where the computer name is "Valued User" or very similar. Names such as these don't require a software cracking program for someone to figure them out and access your system.
At the very lowest level of security you should turn off file/printer sharing on the system connected to the cable modem. This is easily done by right-clicking the Network Neighborhood icon on your desktop or in the Control Panel. Then select properties from the menu. The next window has a button labeled "file and printer sharing." Clicking this brings up a window with two check boxes. If there are any checks in these boxes and you remove them, you have disabled the file/printer sharing. If you don't want to do that, then on the first window, you can select the "Access Control" tab. This allows you to set passwords or to identify specific users or computers that you want to have access to your system. You should also change the computer name to something more difficult for an outsider to determine. However, making these changes does not prevent intrusion into your computer by an outside computer. It just increases the level of difficulty. Unfortunately, there are Internet sites that have free software that permit unscrupulous individuals to attempt entry into any remote computer system.
Most office systems connected to the Internet via a local area network and a DSL line or T1 line use a software or hardware "firewall" for protection from outside intrusion. This "firewall" is not automatically present in any of the cable modem home systems. On an office network, you can require passwords that must be entered by users to access files on other computers on the network. There are password cracking programs which can allow any user on the network to determine passwords throughout the entire network. Some network administrators use these programs to test the passwords on the network. In many cases, the password is so simple that the program can determine it in seconds. It takes much more time if the password is long and contains both upper and lower case letters, as well as special characters such as [, ~, %, ^, etc. In no case should a password resemble any known word, name or date. Of course, this is what most users think a password should be. Consequently, most passwords are cracked very quickly.
There is another means of providing entrance to your computer system. There are back-door programs, such as Back Orifice, which can enter your system via an e-mail attachment. Once they are activated, they load themselves into RAM every time your computer starts and wait for a signal. These programs respond to specific coded requests that come over your Internet connection. An outside user can "ping" your computer, specifically looking for one of these back-doors. If they find it, they can use it to access everything on your computer or your network.
So what does all this mean to the home user who is connected to the Internet. It means that when you are connected by a cable or DSL modem, you are vulnerable to intrusion by an outside computer anytime your computer is turned on. If you use a telephone line and a dial-up connection, you are vulnerable any time you are connected. I used to think that a home system with a dial-up connection probably wouldn't be attacked by an outside user. However, I find that this is not true. I have found information where it was pointed out that attempts to enter a dial-up system occurred nine times in one day. There were numerous additional attempts over a two-week period. Another reference reported 11 attempts in the first 24 hours after installation of intrusion detection software. The longer your system is continuously on-line, the greater the probability that someone will be probing it to see if entry is possible. Why would this occur? All I can say is that there are people who write virus programs to see how much damage they can do. In my mind, these other intrusions occur for the same reason or reasons.
So what can you do to increase the security of your system? In a home system, setting up a hardware firewall would be too expensive. There is a software solution called "BlackIce Defender" published by Network Ice (www.networkice.com). It can be downloaded at a cost of $39.95. I have downloaded it and am using it on my system. After I have more experience with it, I will report on it in more detail in a later issue of the Monitor. However, there are a number of reports from various reliable sources indicating that this detection software does work. It reports all intrusions and provides countermeasures to prevent access to your system. It can also backtrack the path of the suspected intruder and may provide enough information to determine where the attack originated. Stay tuned for further information.
If you spend hours surfing the net, or if you have a cable modem setup, you should look into this software. If my study of information available on the Internet is any indication, then the number of these intrusive attacks is on the increase. So you should consider some form of internet security for your computer. An anti-virus program is essential for anyone who is on the Internet, and now it seems intrusion detection and blocking software should also be part of your system protection.
*Dr. Lewis, a former university & medical school professor, is a computer consultant doing instruction, hardware/software services and system upgrades.
He is available to help you with your home or business computer problems. He does make house calls and can be reached via e-mail at bklew@worldnet.att.net or voice mail at 941/925-3047. :
_______________________________________________________________ Copyright 2000. This article is from the January 2000 issue of the Sarasota PC Monitor, the official monthly publication of the Sarasota Personal Computer Users Group, Inc., P.O. Box 15889, Sarasota, FL 34277-1889. Permission to reprint is granted only to other non-profit computer user groups, provided proper credit is given to the author and our publication. We would appreciate receiving a copy of the publication the reprint appears in, please send to above address, Attn: Editor. For further information about our group, email: admin@spcug.org/ Web: http://www.spcug.org/
The Sarasota Personal Computer Users Group, Inc. has 1,300+ members and was established in 1982. We are members of the Assoc. of PC User Groups (APCUG), the Florida Assoc. of PC Users Groups, Inc., and we are members of the America Online Ambassador Program.
See http://www.spcug.org for all reviews from the Sarasota PC Monitor, go to the Newsletter Section.