CastleCops, Internet Crime Fighters
Need help? Click here to register for free! Absolutely zero advertisements on this site!

$9736.22 of $21422.68
left sidedonated so farneed $11686.46 donated to reach our goalright side, our goal
Help CastleCops serve the community on new servers, Donate Here to reach our goal.

Donation/Premium
spacer
Donations. Become Premium Today! Premium Icon
block bottom
Security Central
spacer
· Home
· PIRT/Fried Phish
· MIRT
· SIRT
· Deutsch
· Wiki
· Newsletter
· O16/ActiveX
· CLSID List
· Contest2007
· Downloads
· Feedback (send)
· Forums
· HijackThis
· Hijacktrend
· LSPs
· My Downloads
· O18
· O20
· O21
· O22
· O23
· O9
· Premium
· Private Messages
· Proxomitron
· Reviews
· Search
· StartupList
· Stories Archive
· Submit News
· WsIRT
· Your Account
· Acceptable Use Policy
block bottom
Survey
spacer
Was 2007 a good year?

Yes it was a wonderful year
Yes, but there is always room for improvement
Status quo
It was a challenge
Other (leave comment)



Results
Polls

Votes: 940
Comments: 25
block bottom
spacer spacer
image WeekEnd Feature: Knock, knock… image
Cyber Security

WeekEnd Feature: Knock, knock…










by Ian Thompson, CCSP Staff Editor
February 27, 2004

 Who's there?
Ivana
Ivana who?
Ivana …..wander freely through your system, nick off with your ID, download a load of illegal stuff over your Internet link, then leave something in there to make it easier to come back and do it all again.
(Slight pause) I'm sorry… is that a hyphenated surname?

Oh, I should have warned you of the crappy joke beforehand… But for those to whom this happens, it's no joke. Yet this is exactly the situation faced by users of most bog-standard, out of the box systems. And mostly, they are unaware of it.

This is about firewalls, isn't it?
Well, maybe another article set could deal with the basics. In this one, I'm fulfilling my role of 'worrier to the masses', just trying to scare everyone back into their boxes.

Seriously, a firewall is essential kit on any connected PC. However, I'm also throwing the net wider than this, since there are many avenues and paths into a system these days. But since firewalls are a good place to start, let's deal with this quickly.


Get one. Use it. Keep it up to date.



It doesn't matter for most home users whether it's a hardware or software solution. In other words, just get one and use it. There are advantages of hardware over software, but only when a home user expands from one PC to a simple network - for example, most 'home use' routers, like those from Linksys or Netgear, include at least four LAN ports, plus one for hooking up to the Internet service (either by another LAN connection or by including a built-in modem of one sort or another).

As well as making it easier to simply hook up a new device to the single Internet connection, these also hide the systems from direct view by using something called NAT (network address translation). The router has a real IP address, leased from the service provider (like 172.177.224.12, which is an AOL address - ACB1E00C.ipt.aol.com), but the PCs connected to it have a different IP, dished out by the router itself, that is usually in the range 192.168.0.x. There are a series of these 'non-routable' address ranges, as defined by IANA, such as 10.11.x.x and 172.16.x.x that are never given to 'public' systems. If you ever see traffic arriving at your PC from one of these, it's almost certainly spoofed and can be treated with - oh, what's the phrase used in 'Apocalypse Now'? - extreme prejudice.


A free router?
You can use Internet Connection Sharing (which basically turns one connected PC into a router for the rest), but you need to have as many network connections in that one as there are connected devices. Okay, you might have a USB modem, plus an onboard LAN socket, but in all likelihood this won't be enough. Unless you then use a network hub of some sort, which is only a bit cheaper than a router, and those free-with-the-service USB ADSL adapters are a bit flaky - best off spending a bit of cash on decent kit in the first place. I've just had my Alcatel 'squashed frog' USB ADSL adapter replaced by my teleco, after about 30 months service, and the engineer commented that it had done well to last that long. At least when I signed up for this, they were giving a long warranty. Still, if the replacement USB jobby goes pop, I'll be following my own advice and getting a Netgear DG814 or similar.

Anyway, FWIW, I use Zone Alarm on this PC, together with ZoneLog Analyser as the frontline, with a few things sitting behind it, like another firewall and a whole bunch of security stuff that gobble up about half of the available resources. Like many users, reading about the risks made me aware of it. My source was Gibson Research, (www.grc.com), which is a bit geeky for most regular users (well worth an occasional read, though - check out the DrDOS stuff, even though it's now a few years old), but word gets around in other places too. Eventually, it strikes the mainstream press, but is likely to remain in 'specialist sections' (like Guardian Online), rather than making the headlines. It was only recently that the tabloids started to sensationalise it on their front pages.


There are many ways to skin a cat…
Or so the saying goes. The best results are with a sharp blade, skill and care, but I suppose a road roller would get it done, just in a more messy way.

The point of this is to make y'all aware of the many ways into a modern system. Consider this.

I have security software running on my home PC. It's mostly free-to-download (I am, after all, a Yorkshireman, which can be defined as a Scotsman without the generosity…). This could all be applied to my school laptop, but I don't because of one thing - the laptop needs to log on at work as well. School also licenses a different AV system, so sticking mine on would likely cause conflict.

Those of you who followed the 'Firewall for educational use' thread over in the MiSec Forum will know I've been trying to solve the problem of having absolutely battened-down home-dialup whilst also being able to actually log on at work. Most of the 'free' stuff also blocks the NT logon box, which is not useful, so when it came to deciding to spend real money, I needed to test things out a bit more. I'm still trying this.
These are all fairly normal systems.

In the few years I've been in this job, (having 'come up through the ranks' of classroom teaching and hobby programmer) I've tried to standardise stuff at school. So, we have Canon inkjet printers because I can get a complete set of BCI-3 cartridges - black and three colours - for less than £10 (as opposed to HP or Xerox at between £25 and £40 a set). I've also made moves in the technical support stuff, and the latest acquisitions include a USB flash disk and iPaq 5550 each for Geoff and Craig, (my two technicians), and for myself.
Like most PDAs, these synchronise with a host PC. The idea is for mobile copies of our inventories and maintenance records to be used out and about, and these are then synchronised with the central version that we can all get to over the network. Craig's looking at XML scripting so we can use a web front end eventually.


Don't make the Backdoor a front door…
If these were only ever used internally, via either the USB dock or over our WiFi system, then our system router and all the other stuff we use would shield them from the attentions of those 'out there'. Even at home, this PC's systems stand like a bouncer in front of the doorway in. However, it didn't take too long before we'd investigated all the other ways we could connect. I've got a Sony Ericsson T610 (Craig's got a z600, which is basically the same but in a clamshell format). It took about 1 hour of digging before we had all the information to hook up the iPaqs via Bluetooth to the GPRS network connection, giving a mobile browsing speed roughly equivalent to a hard-wired 56Kbps modem.

Since the iPaqs themselves don't have firewall or AV software (yet - I am on the lookout), any connection made using the GPRS mobile system would bypass any security in place on the school network or home PC. This creates a dangerous side-step around firewalls, routers and the like straight in to the system, in the same fashion as a home user connection a school laptop up to an external phone line away from the network - anything getting onto the mobile device would then by physically brought into the fold, so to speak. Only in this case, it is actually possible for me to hook the iPaq up to the GPRS network whilst also docked, so the connection is real-time.

Technically, this would also be possible if the cell phones were online (which they can do very well, like most modern high-end handsets) whilst connected via Bluetooth, infrared or cable, or simply used by the PC for their modem. Does anyone still use cables to hook up mobile phones? I've never had one in all the years I've used mobile email and so on, always using one form of wireless connection or another because it was free with the handset and data cables are costly (remember; Scotsman with the generosity removed).
Plenty of malware items can make use of a 56Kbps modem. Therefore, these 'conveniences' open the door to the whole gamut of nasties that had been so carefully kept at bay by our expensive systems.

However, it's not just as a conduit, but also as a host that I'm concerned. The iPaqs run PocketPC 2003, a Microsoft operating system, and if I know anything about anything then, sure as eggs, there is malware targeted at it. Even if that isn't common, the iPaqs can carry files that don't run directly on them but can infect another system (just like the USB flash disks, for that matter, or a CD-R, or a humble floppy). If this were not possible, then no malware would circulate the Internet since most web servers run Linux - the power of incubation, my friends. I recently read of one Mac user's plight that amounted to his PC harbouring a Windows virus that was otherwise undetected and only came out to play when he started WinXP on VirtualPC…


WiFi again…
And, if that's not all, Geoff and Craig recently went to another business where their iPaqs picked up an unprotected 11b system. It took Craig just a few minutes to get online and browse the web. Which brings us back to the beginning - protect your systems. My school WiFi is hidden. It uses proper authentication based on some fairly hefty kit. Checks and balances all the way. A home user wouldn't fit a RADIUS server, but can hire a doorman (firewall), and bouncer (AV) to make sure things don't get out of hand on the PC.
You wouldn't open your front door to everyone, and even then you suss out the visitor. Do the same with your PCs - keep a wary eye out for the sneaky one slipping round the back whilst Mr Flash distracts you up front.



by Ian Thompson ComputerCops Staff Editor



Ian Thompson is a Network Manager of a 500-PC, 9-server, 1700-user school network and is an ICT teacher at a UK high school near the city of Leeds. He has written articles for the Hutchinson Encyclopedia, plus many resources in support of teaching ICT in the UK schools' National Curriculum.


Copyright © Ian Thompson All Rights Reserved 2004.
Posted on Saturday, 28 February 2004 @ 10:21:51 UTC by phoenix22 (4329 reads)
[ Trackback ]		image

"WeekEnd Feature: Knock, knock…" | Login/Create an Account | 5 comments | Search
Threshold
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register

Re: Knock, knock… (Score: 1)
by !Mariner (duxdlux@bebop.com)  on Saturday, 28 February 2004 @ 17:59:58 UTC
(User Info | Send a Message)
Yet another highly informative and educational article, Ian. Thank you.



Re: Knock, knock… (Score: 1)
by Madwelly  on Friday, 05 March 2004 @ 16:16:57 UTC
(User Info | Send a Message) http://www.html-uncovered.co.uk
My first visit here. I didnt really know what to expect, but knew I needed to keep up to date on the nasties out there, and how to zap them.

Then I spotted your article.

That was really interesting, and informative reading.

There is more to this site than meets the eye. I look forward to your next article.

Thankyou.


 
Login
spacer
Nickname

Password

Security Code: Type Security Code: Usage signifies AUP acceptance
· New User? · Click here to create a registered account.
block bottom
Related Links
spacer
· del.icio.us!
· digg it!
· reddit!
· TrackBack (0)
· Linux.com
· PHP HomePage
· Microsoft
· Microsoft
· HotScripts
· Babelfish Translator
· W3 Consortium
· CSS Standard
· Hewlett Packard
· America Online
· Sony HomePage
· More about Cyber Security
· News by phoenix22

Most read story about Cyber Security:
Booby Trapped software!
block bottom
Article Rating
spacer
Average Score: 5
Votes: 2


Please take a second and vote for this article:

Bad
Regular
Good
Very Good
Excellent
block bottom
Options
spacer

Printer Friendly Page  Printer Friendly Page
block bottom
2002-2008 © Computer Cops LLC dba CastleCops®. All rights reserved.
Acceptable Use Policy. Use signifies your agreement.
126ppm 0.300s (0.034s)
Making cybercriminals unhappy since 2002*
In Memory of Trpm
spacer spacer