Network Security Warning ..... How to Protect Yourself On The Internet

[UH60LimaTI]

Thank you kindly for all of the great info here. It has definitely raised my awareness now. Thanks again PCBruiser

[Wingit]

Quote:

Originally posted by PCBruiser
In addition to CactusRat's reference, there are a number of sites which test your security, GRC is one. Click on the ShieldsUp link in the middle of the page here:

http://www.grc.com/default.htm

In a prior thread, I posted some general rules to follow when setting up a firewall/router, worth repeating here:

1. Block everything you can at the hardware level before it reaches your system, i.e., at the router.

2. Close everything, all ports, all protocols as default. Open only those ports/protocols that you actually need to have open.

3. Prohibit all inbound connections entirely unless you are running a secure VPN.

4. To protect open ports/protocols, always get a hardware router/firewall that has Stateful Packet Inspection.

5. If your router provides MAC address selection, exclude all MAC addresses except those MAC address actually on your LAN.

6. Do exactly the same with software firewalls, but add to that outbound program control.

7. Limit the NAT address range at the router to only enough internal IP addresses to accomidate the systems on your LAN.

8. If your firwall has a "stealth" setting, use it.

Great stuff PCB!...I have been lax in doing all I should in this area, so the link to the "Shields Up" test was both timely and appreciated (the test showed my computer to be very secure, through no doing of my own )

I wonder if a "security thread" might not be a good candidate for a sticky....or even a guide

Thanks again PCB!

[pointreyes]

Quote:

Originally posted by UH60LimaTI
...I went and looked thru the owners manual for the Linksys and didn't notice ANYTHING about a SPI, but it says it does have a NAT. Should I be overly concerned with what I have, or you think I should replace my Lynksys with a better model?

NAT is not a firewall. It never has been and will never be. NAT simply allows for you to use multiple private IP addresses addressed to the one public IP that connects to the outside world. PCB has hit on what a 'cracker' can do through NAT. Anyway to make your router 'unpingable' is extremely important because a cracker's scanner will hopefully bypass your router since it can't be pinged. However, with the latest scanning tools being used I not to sure how safe that is anymore. I'm almost to the point where I think I can create a secondary firewall on my networked system along with a third firewall on my Windows boxes.

BTW: I will use the term cracker, the stupid idiotic media made hacker mean something bad. You would not have a computer today with software running on it if it was not for hackers. Stickin' stupid media.

[Bofinn]

Thx PCB - I'm going to covince my Dad to buy a router because he leaves his puter on for days at a time.

I shut mine down when I go to bed and turn it on when I get home, just for added protection.

[Stooo]

Good information but any expereined hacker is not gonna do wide range port scans
more than likely the port scans are initiated by kids.. What valuable information could a person have on a home computer that is enough to warrant an expereinced hacker to waste time to gain access? Maybe to launch a DOS attack or spoof ip's or the likes but a worm/trojan is much more suitable to get results than port scans.The increase could be because of spring break and more kids are off school.

[NeoXtremeX]

Hello Grandpa, KT, i have a question, my LAN consists of a router,and two PCs, mine has WinXP SP2 RC1, so it has the buit-in firewall thing, i dont know how reliable is that, but i only use that one, and the other PC, my sister's, has nothing, NADA, its full of spyware and stuff, even if i do regular clean-up.

My Router is a Efficient Networks SpeedStream 5660, my ISP gave it to me so i dont have any manuals to it. In that router, NAT has no ports open, none, i still havent figured out how it works, cause i think you need port 80 to at least browse, but.... it does.

Now my question is, can a "cracker" hack into my Sisters PC, which is vulnerable and then hack into mine? like use my sisters PC as gateway?

I personaly have a friend who was into hacking when he has a kid, he knows how to do it quite well, and i've actually told him to hack my network and he couldnt do it, so im assuming my lan is safe, but one never knows.... and another thing is, how do you know when you are being Port Scanned?

Thanks for reading this!

[Ozzie]

With people doing online banking and financial stuff on their puters (scares the you-know-what out of me) and having either cable or dsl that gives us always on connections...those not taking precautions are just asking for trouble.

I'm all for a guide to lock down our puters as tight as we can...these days we are much more vulnerable than just a short time ago.

How much is enough? How many barricades do we need?
Steve Gibson is a prime example - he says what he cannot do today he may tomorrow...

[Stooo]

And if you do use a router be sure to not let the default password/user combination set. IE linksys user/pass admin/admin

[PCBruiser]

Hey, son. Well, I really don't know what a cracker can do, almost anything once they gain access to your LAN, I would guess. But, in your case the spyware is more likely a result of bad browsing habits, and not hack, sorry pointreyes, crack attacks the anything else. So, as long as you are NOT permitting file sharing on your LAN, and have essentially walled off your sister from your system, my guess is that you are relatively safe. RELATIVELY. Maybe you should sneak anti-virus, anti-trojan and firwall protection on her machine some day, sounds like she might not know you did it anyway.

As to the SP2 firewall, I can't answer that - I personally haven't tested SP2 myself as yet. I'm waiting for the entire SP to be better tested all around.

As to how I know I am being scanned, easy. My firewall/router sends me an email message with detailed info about every attempted attack. And, I report every one to the responsible ISP. Once I have been scanned more then once by the same scanner, I start to send more harsh reports to the ISPs, and eventually threaten legal action against them. I have been successful in having several scanners kicked off of the Internet for repeated attacks.

[Fraoch]

Quote:

Originally posted by FearFactory
Thanks you both for that 2 links. Im downloading some patchs now. I have Zonealarm firewall installed, but i see that's not enough

I run ZoneAlarm and use the exact router PCBruiser quoted (Netgear RP614). It doesn't use SPI but it does use NAT.

But all port scans at the GRC.com site show me as fully stealthed, so I'm OK so far. I guess it is possible I could be spoofed though.

[Stooo]

cracker = Person who cracks software
Hacker = Person who illegally gains or attempts to gain access to an information system he/she is not authorized to...


Funny thing is the old admin here w/ 4 yr degree did not know what a port scan was or a port for that matter...

[PCBruiser]

Stooo, I really have to respond to your post. It is big business getting personal info and raiding credit cards/bank accounts of individuals. Scans can be setup to run automatically, and once in can search for files from software like Quicken or TurboTax quite easily. That gives them info like your social security numbers, bank account numbers, account balances, investment portfolio, etc. What more do you need? It is that kind of thinking, I'm small potatos why would they go after me, that gives crooks all they need to go after folks on an organized basis. Look what happened to me years ago - you think that $50 -100,000 is small money for a little bit of work? And, just because someone is a "script kiddie" doesn't mean they are any less dangerous.

[PCBruiser]

Fraoch - from Netgear's product description of the or the RP614:

"Easily Share the Internet While Protecting Your Network
NETGEAR‘s 4-port Router lets you securely extend your broadband Internet connection to all of your computers. Each person on your network can instantly enjoy high-speed web access, file sharing, video streaming, head-to-head Internet gaming and MP3 downloads. This highly capable 4-port Internet router provides True Firewall protection: Stateful Packet Inspection (SPI) eliminates potential threats to your network by scanning incoming files and requests for information, and Network Address Translation (NAT) conceals your networked devices from hackers. State-of-the-art filtering and controls allow parents to limit URL access and monitor Internet activities. Setup couldn't be easier – Smart Wizard automatically detects your Internet connection type, then the animated Smart Wzard Install Assistant and onscreen help guide you through each step. The sleekly designed RP614 Router is compatible with all Ethernet cable and DSL modems and virtually all Internet service providers."

I relied on that for my info on the unit. Nonetheless, my purpose in this thread is to warn about the issue, encourage members to protect themselves, and not to argue the merits of one piece of hardware vs. another.

[pointreyes]

Quote:

Originally posted by Stooo
cracker = Person who cracks software
Hacker = Person who illegally gains or attempts to gain access to an information system he/she is not authorized to...

Click on the term for hack and you will see two definitions:

Quote:

4 a : to write computer programs for enjoyment b : to gain access to a computer illegally

m-w.com basically dropped the ball on their hacker definition since 'to write computer programs for enjoyment' would mean that a hacker must be doing it to make illegal gains.

I sent a comment to m-w.com about this one.

http://www.webopedia.com/TERM/c/crack.html

[Stooo]

Im not saying they are not serious I am saying that the probability of it being an expereinced person on the other end is unlikely... Most expereinced hackers would like to maintain unknown remeber the idea is to not get caught.. A port scan is like standin on someone's porch and yelling "Anyone home!"... Blanket statement follows.. Almost all computers that get connected to the internet will have someone trying to gain access to it within the first 24 hrs.... Do not remeber where I saw that but it was a good source... No system is secure if a person is determined Checkpoint, Bulldog, AEP, etc. can all be defeated... manyt times it is through user error but not all the time... Not saying you advice isnt appreciated because it is but I just hope everybody does not go out and buy a router because if not set up properly it is as good as nothing. Most people are good with software firewalls. I use sygate and have tried ZA too but like sygate better.