Sarasota PC Monitor
Tech Talk(2/00)
Internet Security - II
by Brian K. Lewis, Ph.D.*
Member of the Sarasota Personal Computer Users Group, Inc.Last month I wrote about the potential problem of "hackers" being able to enter your computer system via your cable, dial-up or DSL modem. In that article, I mentioned that I had downloaded a firewall program that I was going to test to see if it would be useful in preventing outside entry into my computer. While I was doing the test on my system, I also arranged for a couple of cable modem users to install "BlackIce Defender," the firewall software. After viewing the results of these installations, I will say again, if you use a cable or DSL modem, you had better install a firewall immediately! The number of entry attempts (intrusions) reported back to me by these cable modem users is absolutely amazing! The first user has averaged three attempts per day since the last week of December. The second user has recorded 57 attempts in the first two weeks and the total is still climbing. Neither of these systems has anything unusual about them. They are no different from other home systems. If you don't have a firewall, you will never know when one of these intruders is searching your hard disk for information! With a firewall, such as BlackIce, any attempt to get into your system from the outside will be blocked.
Once you have the firewall software installed, you really do not have to do anything further. It will keep watch for you. It will report and block any intrusion attempts. Only if you wish to report the hacker's attack, do you need to act. In that case, you can e-mail the evidence to the hacker's Internet Service Provider (ISP). The information you need to send is listed on the support site for NetWorkIce, the manufacturer of BlackIce Defender.
The majority of system attacks occur from widespread scans done to find any system with an open port that they can enter. These attacks are run from attack programs that scan thousands of computers logged on to the Internet. These attack programs, or scripts, can be downloaded from sites on the Internet and then simply run by the user. There are uncounted thousands of hackers using these scripts and looking for computer systems. Since cable modem and DSL users have a constant Internet IP address, they are easier to find. In addition, almost all cable modems use an IP address beginning with 24. A hacker can set the software to simply search for addresses in this range and then test each of them for access.
In some cases, the Internet address that shows in the intrusion report is a false address. In fact, that is one reason why computers with cable modems are being scanned for possible entry points. A sophisticated hacker who gains entry to your system can then use your Internet address as if that was the point of origin. This is done by software the hacker downloads to your computer after gaining entry to it. The hacker can then attack other computer systems and it will look like the attack originated with your computer. Some hackers have been known to chain multiple computers together to hide their true Internet address. That makes them much more difficult to trace. Your firewall can block their use of your system in such a chain.
I have also been interested in the origin of these attacks on the local cable setups. I have reviewed the attack list sent to me by the two cable modem users. Interestingly, some of the addresses indicate they originated with other ComCast cable modem users right here in Sarasota! However, these were in the minority. These intrusion reports indicated attacks coming through ISPs all over the country: Michigan, Chicago, Tampa, New Jersey, Arizona, etc. In some cases, the user name was the same (ie., DeepThroat), but it came through a dozen different ISPs! Obviously, this was a hacker who had broken into a number of different computers and was using them as false addresses.
So far, I have been talking about the attacks on cable modem systems. This is mainly because these are always on and because they always have the same Internet or IP address (as do DSL modems). This makes them easier to find. However, dial-up systems are not totally free from this problem. I was on the Internet on Christmas Day, reading and sending e-mail. While I was connected, two attempts were made to enter my computer. Both attempts came from the same user who had an Internet address in Tampa. Again, on a week day in the middle of January, while I was sending a long e-mail message, there was another attempt to enter my system. If you spend any time surfing the net, a firewall is cheap insurance.
One of the questions I am always asked is, "Why do people do this?" Only recently have I come across a really good answer and that is, "Identity theft"! Apparently, many of these hackers are not looking to do damage to your computer. What they want is your personal and financial information; name, birth date, social security number, credit card numbers, bank information, etc. These are items that they can use or sell. Just think about the information that you have stored on your computer that could be used for someone's unscrupulous financial gain. In some cases all they want is info that will allow them to charge your credit card for their access to pornographic Websites. Or, they may want to find passwords on your computer that might give them access to such Websites. They can also use your Internet password to get free Internet time. Frankly, the ability of these hackers to obtain your personal and financial information is the most worrisome part of all of this. Identity theft is a real problem.
What should you be doing to protect yourself from these hacker intrusions? First, buy and install firewall protection for your system. This doesn't need to be expensive. The one I am using, BlackIce Defender, is $39.95 downloaded from the Internet www.networkice.com This price gives you the software and one years support. Installation is simplicity itself and the program does not interfere with other normal operations. You can check the FAQs on their support Website for other information before you purchase the software. There are other companies as well that sell similar software. I have no connection with NetWorkIce other than I use their software. It's not really important where you get the firewall protection, just get it! I think you will be surprised by the activity it blocks.
Anyone with a cable or DSL modem who isn't using firewall protection is leaving their system wide-open for any hacker who wants to enter and steal personal information. Whether you choose to use BlackIce or some other program, is up to you. But, I believe everyone who surfs the Net needs to seriously consider this type of security now!
*Dr. Lewis, a former university & medical school professor, is a computer consultant doing instruction, hardware/software services and system upgrades.
He is available to help you with your home or business computer problems. He does make house calls and can be reached via e-mail at bklew@worldnet.att.net or voice mail at 941/925-3047. :
_______________________________________________________________ Copyright 2000. This article is from the February 2000 issue of the Sarasota PC Monitor, the official monthly publication of the Sarasota Personal Computer Users Group, Inc., P.O. Box 15889, Sarasota, FL 34277-1889. Permission to reprint is granted only to other non-profit computer user groups, provided proper credit is given to the author and our publication. We would appreciate receiving a copy of the publication the reprint appears in, please send to above address, Attn: Editor. For further information about our group, email: admin@spcug.org/ Web: http://www.spcug.org/
The Sarasota Personal Computer Users Group, Inc. has 1,600+ members and was established in 1982. We are members of the Assoc. of PC User Groups (APCUG), the Florida Assoc. of PC Users Groups, Inc., and we are members of the America Online Ambassador Program.
See http://www.spcug.org for all reviews from the Sarasota PC Monitor, go to the Newsletter Section.