Network Security Warning ..... How to Protect Yourself On The Internet

PCBruiser · 04-09-2004, 06:54 AM

Edit: Subsequent to this thread, Tweakhound and I published a paper entitled Securing Windows XP, which is available to ABX members here:

http://www.abxzone.com/forums/showthread.php?t=83569

That paper is more complete, easier to use and find info, corrects some errors, and consolidates and adds significantly more material that I think members may find useful.

___________________________________________________

I just wanted to warn members that there has been a significant increase in the number of port scans worldwide over the last week or so. And, these port scans are becomming increasingly sophisticated. I am now personally seeing about 25+ attempts per day to compromise my home LAN. So, beware, tighten up your LAN security, buy a good router/firewall (if you don't already have one) with Stateful Packet Inspection, and surf safely. It is getting even more dangerous out there.

Decent router/firewalls with SPI are NOT a big investment. You can find several major brands at places like NewEgg for only about $45. Remember, if you use a broadband connection, you have a LAN whether you think so or not.

One final note. If you are not familar with the consequences of a successful port scan, here they are in a nutshell: If a scanner can get to your system, they can mount your hard drives just as if they were connected to their system. They can read EVERYTHING on your hard drive - every file, all your data, whatever, and when they are finished, they can reformat your hard drives, or otherwise completely hose your system. If you think viruses and trojans are bad, successful scanners are your worst nightmare.

Moop · 04-09-2004, 07:07 AM

Lot's of free tools to check your security can be found here.

http://www.foundstone.com/index.htm?.../freetools.htm

PCBruiser · 04-09-2004, 07:42 AM

In addition to CactusRat's reference, there are a number of sites which test your security, GRC is one. Click on the ShieldsUp link in the middle of the page here:

http://www.grc.com/default.htm

In a prior thread, I posted some general rules to follow when setting up a firewall/router, worth repeating here:

1. Block everything you can at the hardware level before it reaches your system, i.e., at the router.

2. Close everything, all ports, all protocols as default. Open only those ports/protocols that you actually need to have open.

3. Prohibit all inbound connections entirely unless you are running a secure VPN.

4. To protect open ports/protocols, always get a hardware router/firewall that has Stateful Packet Inspection.

5. If your router provides MAC address selection, exclude all MAC addresses except those MAC address actually on your LAN.

6. Do exactly the same with software firewalls, but add to that outbound program control.

7. Limit the NAT address range at the router to only enough internal IP addresses to accomidate the systems on your LAN.

8. If your firwall has a "stealth" setting, use it.

Edit: Please check Post #74 for some additional very important information.

FearFactory · 04-09-2004, 08:04 AM

Thanks you both for that 2 links. Im downloading some patchs now. I have Zonealarm firewall installed, but i see that's not enough

PCBruiser · 04-09-2004, 08:10 AM

I am a beta tester for ZA, and it is a very good product. However, it is not a substitute for having a hardware solution as well. In fact, ZA is an excellent software complement to a router/firewall, and does add at least one important feature - outbound program protection. Router/firewalls with SPI provide excellent inbound protection, but, by their nature, they cannot protect you from programs accessing the internet via a permitted port and protocol. ZA adds that important feature.

UH60LimaTI · 04-09-2004, 08:14 AM

Thanks alot for the heads-up. I myself am kinda worried now. I have just a simple home network going , just mine and the wife's puter. I do alot of bills and stuff on mine. I'm starting to wander if what I have is enough to keep my sensitive info secure? Linksys befsr41 w/NIS2004(updated on a daily basis). I went and looked thru the owners manual for the Linksys and didn't notice ANYTHING about a SPI, but it says it does have a NAT. Should I be overly concerned with what I have, or you think I should replace my Lynksys with a better model? If so, which 1 do U suggest?( I know, that was a very opinionated question

HHmmmmmmmmmmmmmmmm?????

FearFactory · 04-09-2004, 08:21 AM

Quote:

Originally posted by PCBruiser
I am a beta tester for ZA, and it is a very good product. However, it is not a substitute for having a hardware solution as well. In fact, ZA is an excellent software complement to a router/firewall, and does add at least one important feature - outbound program protection. Router/firewalls with SPI provide excellent inbound protection, but, by their nature, they cannot protect you from programs accessing the internet via a permitted port and protocol. ZA adds that important feature.

Yes, thats what a like about ZA, everytime a new program needs internet accessing, ZA aks if i want to let it or not. For now i will stcik with ZA, install security patches and write all my user names and passwords in a paper

PCBruiser · 04-09-2004, 08:25 AM

UH60LimaTI, that's really a decision you need to make on the cost vs. additional security that SPI provides. For those unfamilar with SPI, here is a brief, simplistic description.

In order to use the internet, you do have to open some ports and protocols on your firewall router to outbound packets. And, in return, you need to be able to receive return packets back from the internet in order to, say, get your email. That means that there is an open vunerability to attack via those open ports and protocols that can be exploited IF a hacker is sophisticated enough to be able to break through your NAT protections, and there are ones that certainly can do exactly that.

What SPI does is create a "one way door" so to speak. It "remembers" requests that have been made, again say for your email, and will permit entry only for those packets which are being received in response to that request. So, unrequested packets, spoofing say, a response to a request for your email will not be permitted entry, because there was no corresponding outbound request. Thus, it protects necessary open ports and protocols from inbound attacks.

PCBruiser · 04-09-2004, 08:39 AM

As to the question of WHICH router/firewall, I personally use a commercial grade SonicWALL SOHO, which I have had for a number of years. It isn't inexpensive, that's for sure, but it is a very solid well made absolutely dependable unit. And, at the time I purchased it, just about the only one available within reach of a home/small office user. Today, there are others available

Yesterday, I found a Netgear one at NewEgg for another member looking for exactly this kind of thing. Now, I am NOT playing favorites here, nor have I personally tried the Netgear, but its SPECS are what I would be looking for if I were buying now. Although personally, I would buy another SonicWALL despite its' considerable price. Here is a link for the Netgear at NewEgg:

http://www.newegg.com/app/ViewProduc...122-008&depa=0

Whichever brand is your favorite, fine, go for it. Just look for one with similar specs.

Edit: Please, don't turn this thread into an discussion about brands, there are pleanty of other threads discussing that issue. Get any brand you like, but just get something to protect yourself.

BKA · 04-09-2004, 08:46 AM

I have noticed a lot a port scans in the last month also. I usually block the IP from all ports when I see an attempt at port scanning.

You would think people would have better things to do with their time. It makes me so sick to see it. I can't imagine what people who don't have a firewall are susceptible too.

PCBruiser · 04-09-2004, 08:53 AM

Well, I'll tell you from personal experience. I do ALL my personal accounting on my computer. Years ago, before I knew anything, and still accessing the Internet via dial up, with NO protection at all - I had no idea that was even needed, I had all my personal info stolen by a hacker from Russia. Before I knew it, my accounts were raided, my credit cards compromised, and AMEX taken for over $50K. While I was completely protected by my bank and credit card companies, and lost no money, it took me over a year to get everything straightened out. I learned FAST how to protect myself, and haven't had any problems since, even though there are hundreds of attempts a week to gain access to my LAN.

Briton · 04-09-2004, 08:59 AM

How can you tell if someone is blocked?

UH60LimaTI · 04-09-2004, 09:02 AM

Quote:

Originally posted by PCBruiser

Edit: Please, don't turn this thread into an discussion about brands, there are pleanty of other threads discussing that issue. Get any brand you like, but just get something to protect yourself.

Thanks greatly PCBruiser!!

Just one more question if you don't mind.

Your explaination was very simplistic and understandable and I thank you for that, as I and probably others alike, are not networking savy. My question pertains online gaming.

Would the additional features of an upgarded router model(let's use the Netgear linked to for example) have any effect on being able to game online, HALO or UT2K4, for example? And Should a person that's using a puter for Banking also use that same one for online gaming?

Also, from the quote above, that's why I was a little hesitant on asking that question, as I have seen too many threads get outta hand at times. Thank you for adding that "EDIT" in there.

PCBruiser · 04-09-2004, 09:03 AM

Many routers provide the ability to block specific IP addresses or ranges of addresses. With those firewalls, you simply enter the IP address(es) you want to block, and there you go. I block ALL IP addresses from entry by default. After all why should ANYONE from outside your LAN be permitted entry unless you are establishing a VPN.

PCBruiser · 04-09-2004, 09:07 AM

I personally do not game on line, but my kids do, and have set up their routers to do exactly that. One has a Linksys like yours, the other a SonicWALL like mine, so I know it can be done easily. And they have built a VPN with a group of their friends for gaming as well, all of whom have a number of different brands of hardware firewall routers.

And, yes, it is "safe", or as safe as you can be, if you are properly protected to use the same computer for gaming and banking. Remember that banking transxctions are heavily encrypted, the encryption methods are determined by your bank, and you are protected by your bank if any of those transactions are compromised.

04-09-2004, 06:54 AM	#1
PCBruiser Registered User Join Date: Nov 2003 Posts: 13,497	Network Security Warning ..... How to Protect Yourself On The Internet Edit: Subsequent to this thread, Tweakhound and I published a paper entitled Securing Windows XP, which is available to ABX members here: http://www.abxzone.com/forums/showthread.php?t=83569 That paper is more complete, easier to use and find info, corrects some errors, and consolidates and adds significantly more material that I think members may find useful. ___________________________________________________ I just wanted to warn members that there has been a significant increase in the number of port scans worldwide over the last week or so. And, these port scans are becomming increasingly sophisticated. I am now personally seeing about 25+ attempts per day to compromise my home LAN. So, beware, tighten up your LAN security, buy a good router/firewall (if you don't already have one) with Stateful Packet Inspection, and surf safely. It is getting even more dangerous out there. Decent router/firewalls with SPI are NOT a big investment. You can find several major brands at places like NewEgg for only about $45. Remember, if you use a broadband connection, you have a LAN whether you think so or not. One final note. If you are not familar with the consequences of a successful port scan, here they are in a nutshell: If a scanner can get to your system, they can mount your hard drives just as if they were connected to their system. They can read EVERYTHING on your hard drive - every file, all your data, whatever, and when they are finished, they can reformat your hard drives, or otherwise completely hose your system. If you think viruses and trojans are bad, successful scanners are your worst nightmare. Last edited by PCBruiser : 02-02-2005 at 02:31 PM.
(Offline)

04-09-2004, 07:07 AM	#2
Moop Registered User Join Date: Jan 2004 Location: Arizona Posts: 659	Lot's of free tools to check your security can be found here. http://www.foundstone.com/index.htm?.../freetools.htm __________________ A8N32-SLI Deluxe - Opteron 170 - G.Skill F1-4000USU2-2GBHZ - Leadtek 7950gx2 - Zalman CNPS7000A-ALCU - OCZ GameXStream 600w - Antec P180b - Ubuntu 7.1
(Offline)

04-09-2004, 07:42 AM	#3
PCBruiser Registered User Join Date: Nov 2003 Posts: 13,497	In addition to CactusRat's reference, there are a number of sites which test your security, GRC is one. Click on the ShieldsUp link in the middle of the page here: http://www.grc.com/default.htm In a prior thread, I posted some general rules to follow when setting up a firewall/router, worth repeating here: 1. Block everything you can at the hardware level before it reaches your system, i.e., at the router. 2. Close everything, all ports, all protocols as default. Open only those ports/protocols that you actually need to have open. 3. Prohibit all inbound connections entirely unless you are running a secure VPN. 4. To protect open ports/protocols, always get a hardware router/firewall that has Stateful Packet Inspection. 5. If your router provides MAC address selection, exclude all MAC addresses except those MAC address actually on your LAN. 6. Do exactly the same with software firewalls, but add to that outbound program control. 7. Limit the NAT address range at the router to only enough internal IP addresses to accomidate the systems on your LAN. 8. If your firwall has a "stealth" setting, use it. Edit: Please check Post #74 for some additional very important information. Last edited by PCBruiser : 04-10-2004 at 09:20 AM.
(Offline)

04-09-2004, 08:04 AM	#4
FearFactory The FC.Porto dragon! Join Date: Apr 2003 Location: Portugal Posts: 3,925	Thanks you both for that 2 links. Im downloading some patchs now. I have Zonealarm firewall installed, but i see that's not enough __________________ P4 3.0E@3.4, Zalman CNPS7000B-Alcu, Asus P4C800-E Deluxe, 2x 512MB DDR500 Twinmos Twister, Gigabyte Geforce 6800 128MB (OC 16x6vp 385/900), NEC 2500a 8x DVD+RW/-RW (flashed to dual layer 2510a), Liteon DVD-ROM 16X, Samsung 500GB SATA, Seagate 200GB SATA (lLinux), SB Live 1024 Player, USRobotics ADSL2+ router, PSU LC Power Ozeanos 650W, Samsung 17' 795MB Flat
(Offline)

04-09-2004, 08:10 AM	#5
PCBruiser Registered User Join Date: Nov 2003 Posts: 13,497	I am a beta tester for ZA, and it is a very good product. However, it is not a substitute for having a hardware solution as well. In fact, ZA is an excellent software complement to a router/firewall, and does add at least one important feature - outbound program protection. Router/firewalls with SPI provide excellent inbound protection, but, by their nature, they cannot protect you from programs accessing the internet via a permitted port and protocol. ZA adds that important feature.
(Offline)

04-09-2004, 08:14 AM	#6
UH60LimaTI Retired and luv'n it Join Date: Oct 2002 Location: Fayetteville, North Carolina Posts: 908	Thanks alot for the heads-up. I myself am kinda worried now. I have just a simple home network going , just mine and the wife's puter. I do alot of bills and stuff on mine. I'm starting to wander if what I have is enough to keep my sensitive info secure? Linksys befsr41 w/NIS2004(updated on a daily basis). I went and looked thru the owners manual for the Linksys and didn't notice ANYTHING about a SPI, but it says it does have a NAT. Should I be overly concerned with what I have, or you think I should replace my Lynksys with a better model? If so, which 1 do U suggest?( I know, that was a very opinionated question HHmmmmmmmmmmmmmmmm????? __________________ The Sikorsky BLACK HAWK. America's helicopter. Rock-steady veteran of 30 years - and counting......FLY ARMY!!!!! Abit IC7-G v1.1 Bios 28 P4 3.4E (Game Accelerator Settings= A-A-A-D-D) AGPv=1.65 DDRv=2.9 2 x CORSAIR XMS3202 TWIN X CMX1024-3200C2PRO 1:1 (2-3-3-6) PAT=Enabled (2 GIGS) XFX 7800 GS Extreme Edition (Nvidia 91.31) 453/1319 Thermalright XP-90C/AS5 Delta 92mm EHE fan ANTEC 550 NEO HE Power Supply CoolerMaster ATC-201B-SXT Heavily Modded IDE 1 (Master)=SEAGATE Barracuda 120gb HD SATA 1=WD360 Raptor / SATA 2=Hitachi Deskstar 120gb Plextor 708/A Firmware 1.11 ViewSonic 19"" VX922 2ms LCD Onboard Realtek Sound= enabled Onboard LAN= enabled WinXP Home (Slipstreamed SP2)
(Offline)

04-09-2004, 08:25 AM	#8
PCBruiser Registered User Join Date: Nov 2003 Posts: 13,497	UH60LimaTI, that's really a decision you need to make on the cost vs. additional security that SPI provides. For those unfamilar with SPI, here is a brief, simplistic description. In order to use the internet, you do have to open some ports and protocols on your firewall router to outbound packets. And, in return, you need to be able to receive return packets back from the internet in order to, say, get your email. That means that there is an open vunerability to attack via those open ports and protocols that can be exploited IF a hacker is sophisticated enough to be able to break through your NAT protections, and there are ones that certainly can do exactly that. What SPI does is create a "one way door" so to speak. It "remembers" requests that have been made, again say for your email, and will permit entry only for those packets which are being received in response to that request. So, unrequested packets, spoofing say, a response to a request for your email will not be permitted entry, because there was no corresponding outbound request. Thus, it protects necessary open ports and protocols from inbound attacks. Last edited by PCBruiser : 04-09-2004 at 08:32 AM.
(Offline)

04-09-2004, 08:39 AM	#9
PCBruiser Registered User Join Date: Nov 2003 Posts: 13,497	As to the question of WHICH router/firewall, I personally use a commercial grade SonicWALL SOHO, which I have had for a number of years. It isn't inexpensive, that's for sure, but it is a very solid well made absolutely dependable unit. And, at the time I purchased it, just about the only one available within reach of a home/small office user. Today, there are others available Yesterday, I found a Netgear one at NewEgg for another member looking for exactly this kind of thing. Now, I am NOT playing favorites here, nor have I personally tried the Netgear, but its SPECS are what I would be looking for if I were buying now. Although personally, I would buy another SonicWALL despite its' considerable price. Here is a link for the Netgear at NewEgg: http://www.newegg.com/app/ViewProduc...122-008&depa=0 Whichever brand is your favorite, fine, go for it. Just look for one with similar specs. Edit: Please, don't turn this thread into an discussion about brands, there are pleanty of other threads discussing that issue. Get any brand you like, but just get something to protect yourself. Last edited by PCBruiser : 04-09-2004 at 08:47 AM.
(Offline)

04-09-2004, 08:46 AM	#10
BKA Registered User Join Date: Feb 2003 Posts: 2,093	I have noticed a lot a port scans in the last month also. I usually block the IP from all ports when I see an attempt at port scanning. You would think people would have better things to do with their time. It makes me so sick to see it. I can't imagine what people who don't have a firewall are susceptible too. __________________ DFI LT X48-T2R Q9450@3.2 2-3870(CF) 4GB Patriot Viper Vista x64 ULT
(Offline)

04-09-2004, 08:53 AM	#11
PCBruiser Registered User Join Date: Nov 2003 Posts: 13,497	Well, I'll tell you from personal experience. I do ALL my personal accounting on my computer. Years ago, before I knew anything, and still accessing the Internet via dial up, with NO protection at all - I had no idea that was even needed, I had all my personal info stolen by a hacker from Russia. Before I knew it, my accounts were raided, my credit cards compromised, and AMEX taken for over $50K. While I was completely protected by my bank and credit card companies, and lost no money, it took me over a year to get everything straightened out. I learned FAST how to protect myself, and haven't had any problems since, even though there are hundreds of attempts a week to gain access to my LAN.
(Offline)

04-09-2004, 08:59 AM	#12
Briton Registered User Join Date: Mar 2003 Location: Boston Posts: 2,775	How can you tell if someone is blocked? __________________ ASUS P5Q Pro \|\| E8400 Wolfdale \|\| 4GB G.Skill DDR2 1200 \|\| MSI Radeon 4850 \|\| AVerMedia PCIe Tuner \|\| SB Audigy2 ZS Platinum \|\| Zalman 750W PSU \|\| LG GGW-H20L HD/BR Burner \|\| Vista Ultimate 64 \|\| Samsung 22" LCD (Desktop) Lenovo T60p \|\| T7600 Core 2 Duo \|\| 3GB \|\| 160GB \|\| FireGL 5250 \|\| Vista Ultimate / Backtrack (School) Lenovo X61 \|\| T8300 Centrino Pro \|\| 3GB \|\| 160GB \|\| XP Pro (Work)
(Offline)

04-09-2004, 09:03 AM	#14
PCBruiser Registered User Join Date: Nov 2003 Posts: 13,497	Many routers provide the ability to block specific IP addresses or ranges of addresses. With those firewalls, you simply enter the IP address(es) you want to block, and there you go. I block ALL IP addresses from entry by default. After all why should ANYONE from outside your LAN be permitted entry unless you are establishing a VPN.
(Offline)

04-09-2004, 09:07 AM	#15
PCBruiser Registered User Join Date: Nov 2003 Posts: 13,497	I personally do not game on line, but my kids do, and have set up their routers to do exactly that. One has a Linksys like yours, the other a SonicWALL like mine, so I know it can be done easily. And they have built a VPN with a group of their friends for gaming as well, all of whom have a number of different brands of hardware firewall routers. And, yes, it is "safe", or as safe as you can be, if you are properly protected to use the same computer for gaming and banking. Remember that banking transxctions are heavily encrypted, the encryption methods are determined by your bank, and you are protected by your bank if any of those transactions are compromised. Last edited by PCBruiser : 04-09-2004 at 09:13 AM.
(Offline)

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode