|
|
|
So You Just Bought A Cable Modem
by Russ Rogers - writing for AntiOnline
DISCLAIMER - This article is not written for hackers or security
experts. You will get bored very quickly with this article. It's meant to
foster some security oriented thinking by end users of cable modems.
So you finally did it. You went out and spent the money to get a cable
modem. Those things sure are fast! Believe it or not, you're not alone
in your quest for high speed internet access. According to a
Reuters article, "cable-modem installations had outpaced high-speed telephone-line
installations by 14 to 1 by the end of 1998." This quote comes from CFO
William Ruehle from Broadcom, who develops chips for both types of
technology.
|
When the modem is installed, you will enjoy a constant connection
to the internet, but have you stopped to consider the security issues associated with your
new toy? What *IS* that network neighborhood icon on your desktop? How can
you control who has access to your computer and how can I tell WHO has tried
to access my computer? What is a network sniffer?
First question is, "What OS are you using? Win95? Win NT?
Linux?" The reason this matters is that you need to know things about your network
connection and how to control that connection. A cable modem attaches directly to a
network card inside your computer. If you weren't already aware, this makes you a node
on the network that the cable company has set up. This also makes your system
available on the network.
USER NAMES and PASSWORDS - Always use user names with REAL passwords. Blank
passwords are NOT safe. If I browse through my network neighborhood, I can
see all the computers on the network. About half of those have
user names and
some sort of password. Clicking on a computer with no user name
associated with
it (mostly Windows 95 machines) allows us to look through their
hard drives and
rummage through what they have. We can even see the printers that
are installed.
Use a GOOD password. No, don't use the word "password" as a
password and don't use your
username, even if you add a number to it (i.e. 99, or 01).
Password length is really
up to you, but is something that is under debate in the security
world. When we are
talking about the Windows operating systems, I believe that the
L0pht recommends a
password of 7 characters because of the method Windows uses to
store passwords. The
government is looking to a 12 character password because of the
amount of time it takes
to crack a password of that length. It's also best to combine
alpha characters in lower
case, upper case and even special characters. The more variety of
characters in your
password the more difficult and time consuming it will be to crack.
Turn off your shares. Windows is quite friendly out of the box,
actually most of your
drives are shared by default and so is your printer. With sharing
enabled, users on
the network may be able to access your drives and the information
on them. Shares can
be controlled through "winfile" or the properties section of each
drive letter.
If you're using NT or a flavor of Unix, turn on auditing. You can
turn on important
auditing under NT by going to the User Manager and clicking on
Policies and then on Audit.
At a minimum, log the successful and failed logons and logoffs.
Audit the Security Policy
Changes, User and Group Management, and the System Restarts and
Shutdowns. I get
alot of information about people on the cable network trying to
hack into my computer.
When I view the event viewer and look at the security log, I see
that between 2/23
to 2/27 I had 13 attempts on my computer, and I'm in a SMALL rural area.
UNIX auditing software works differently than NT. Under the
Solaris version of UNIX that
is sold by Sun Microsystems, auditing is controlled by the Basic
Security Module (BSM).
You can enable BSM from /etc/security. If you go to this
directory, you will see about
ten files. The file audit_control is where you designate what
activities you want
audited. The file bsmconv will install the auditing function and
the file bsmunconv will
uninstall the auditing. Auditing under HP-UX is easily set up
inside the SAM tool. I
won't go into any other UNIX flavors, but you can look up with
version you are using.
Another concern is network sniffers. When you use a cable modem,
you're on the network
directly and as such, your traffic can be "sniffed" from the
network. Sniffing translates
to "listening" on the network for traffic and "watching" what
exactly comes across. User
names and passwords that are sent across the network in plaintext
are easily captured.
There is not an easy way to avoid being "sniffed" except to avoid
using services that send
usernames and passwords in the clear. Buying merchandise from the
web on a non-secure
web server could be a BIG mistake since your data is sent in
plaintext. Try to stick to
secured web servers when buying merchandise.
The last thing I want to discuss is port scans. Port scanning
tells someone what "services"
your computer is running. Services are programs or "daemons" that
run and offer a service
to folks on the net. Some good examples are from the UNIX world
where ftp, telnet, smtp,
and http are typically seen. You can't really STOP port scans, but
you CAN detect them in
alot of cases. Two good software packages for Windows are Genius and Nuke Nabber.
Both of these can detect scans on particular ports or a range of ports and alert you.
These methods will help secure your computer. If you're using
another OS, then the
concepts are the same. Use good passwords, turn off un-needed
network services (*nix),
and audit everything. O'Reilly has released some excellent books
on the various operating
systems and also on security. These steps are just simple steps to
keep normal everyday
"Joes" out of your system, but you should try to learn more advanced methods.
Enjoy the speed, but keep yourself secure.
All times are GMT. The time now is 02:15 AM.
|
