January 30th, 2006, 01:11 AM
Lies, Betrayal, and Misplaced Trust? (Con't)
Lies, Betrayal, and Misplaced Trust?
Despite much of the publicity to the contrary, whether that be on the Internet or elsewhere, many of those Software Firewalls you depend upon to protect you from the nasty deviants, may not be as secure as we are led to believe.
Within the first section you'll find some ways in which many of our popular software firewalls can be fooled, bypassed, and even disabled. So hopefully now I can provide you with some ideas on how to help improve your situation despite those vulnerabilities.
4. Great! So what do we do now?
All seriousness aside, shut down all services. Nothing goes out - Nothing comes in. Make it as secure as one of the CIA's Intranet Workstations? And a little more silliness: unplug your computer and never use it again! If it's brand new, leave it in the cardboard box and never ever plug the dawg into the wall! Besides, why venture out into the cyber world and have some fun or glean any information? Citizens - become moles! [/Stupid] Ludicrous but fun none-the-less!
A. Exposure to the Hazard.
A huge element with regard to risk assessment, irrespective of what type of mishap we are attempting to prevent, is exposure to the hazard. For our purposes, we can apply this to mean the elapsed time you expose your computer to a potentially hazardous environment and what information is actually exposed.
Limit the Time You're Exposed
Many folks will tell you and I have to vote "Yea" on this, When you are not using your computer, disconnect it from the Internet. Well, there's some wise counsel contained within those words. In fact that was our very practice when on a dial-up connection and it still applies today. In case I would forget to terminate that connection, I would simply configure the settings to disconnect after so many minutes of inactivity; thus limiting the time I was exposed. Additionally your ISP may have an idle timeout or some other limitations on his accounts that may help reduce the time you are exposed to the potential hazard.
Originally posted here by nihil
I really do not understand why people leave computers on "24/7" without a valid reason.
Apart from the fire risk, and the cost of electricity, there is the thing sitting as a target. And why leave it connected to the internet?
If you don't want someone trying to use your machine as a server, don't make it available all the time
But why should I bother, the online scanner at....(Fill in the blank)....says that I am "stealthed"? Doesn't that mean I am invisible thus not exposed? Nope! Most of the time you can't see a fart, however your other senses will appraise you of it's presence. That's a good topic for another thread. Not flatulence detection! But how a so-called "stealthed" computer can be detected.
What about the always-on services like Cable or DSL?
"One of the worst things that can happen is when a hacker breaks into your computer and you don't even know it." (Author unknown) I've learned to really appreciate that quote after spending many hours acting as a land surveyor on a friend's computers. My task was to determine whom the computer actually belonged to! They were the unprotected always-on type of folks, who had no clue that they were owned until their boxes came to a screeching halt. So as before, if you can pull it offline when not in use, great!
Although that philosophy makes a whole lot of since and it will definitely reduce our exposure to the hazards of the Internet, I'm also aware it just isn't going to happen in my household! I have a teenager and as much as we love him to death, sometimes he has the attention span of a new puppy. He's going to run off and forget what he was doing. Whether that is to answer the door or the phone, check to see what's on TV, grab some munchies, and so on and so forth. When he gets sidetracked will he remember to disconnect the RJ45 or Coaxial from the Modem, or even shut it off? Most likely not! In all fairness, I don't believe this is limited to our teenagers.
Limit What You Expose.
If your computer is compromised in addition to probably being used as a "hop" or a "bot", your personal information is obviously pay dirt! So since we may or may not be able to control the time we are exposed, let's focus on limiting what we expose to the Internet. You know, all of your treasures stored on that hard drive. Those precious pearls - that folder with all your Passwords for the Accounts, Social Security Numbers, Insurance Information, Savings Bonds Numbers (with the name, that's all you need to report a loss and get a new one), Employment Information, Checking/Savings Records in Excel, Money, etc. What about your Digital Pictures showing everything you have or Family History Information; such as Wills, Probate Records and so forth?
Some years ago I was attending classes at the local college and I needed some simulations that our Instructor had had her house. So my Wife and I drove over to pick them up. When we arrived our Instructor grabbed a handle that was protruding out of one of her 5 1/4" Bays of her tower, and with a slight tug, out comes a hard drive. She then reached inside a drawer, grabbed another and slid that hard disk into the same bay and started her computer. After she burned a CD with the Sims on it, she said, "a friend of mine built these trays for me and now I never go online with the other disk, it contains my personal information". What a spark of genius, they were thinking years ahead! Obviously similar removable disk trays are readily available today.
So why on earth are we storing our treasures on fixed hard drives, or the same ones we use to go online with? Why not save that data to a removable medium? We actually have many more options than before. The example the college instructor provided, external USB/Firewire hard drives, the ole faithful floppy disks, burn them on to a CD/DVD; and of course my new favorites are the encrypted thumb drives. Remove the treasures from the chest and what will the deviant find?
B. Eradicate or Educate the User?
Not to be too insulting, however I believe the biggest threat to your personal computing security is the person you see in the mirror every morning. If it's a family computer, it may well be everyone within that family album on the coffee table or maybe only a few members of the family. Just food for thought - does Joey download his favorite anime or other cartoon characters from the Internet? Little does he know that it may be filled with viruses and other forms of malware. This particular example I have had personal experience with. On two occasions I have removed my son's hard drive, turned it into a slave on my computer and cleaned all the demons out. With just a little detective work, I was able to determine the cause of his infestation to be two sites he visited. You guessed it, anime! One of them they should have named "Pornoanime"! Tucked well within all of their characters were many explicit pictures of sexual activities.
Does anyone in the Family use an Instant Messaging Service or download files from one? That was another source of the problems on my son's hard drive. With the increase in use of the instant messengers, we can also anticipate a huge increase in attacks using that vector (an organism (as an insect) that transmits a pathogen, Merriam-Webster). Gotta love that definition as it applies to security.
AntiOnline is replete with information on how to be a wise Internet User, so I'll default on that. But seriously, the bottom line on this thought is that the Internet is a wonderful resource, however there are many deviants and pathogens out there. So teach yourself and your family members to be alert to the hazards.
I thought I'd also add that home users are not the only users that require training. Coming to you live from our very own thehorse13, he provides us with a great read and some interesting insight from work. "End User Ignorance - How long will we cope?" Most noteworthy is this gem, "Responsibility has been placed on the shoulders of the end user."
C. Establish a Change Control Process for Your Computer.
A change control process does not have to be as elaborate as it sounds. It can be tailored to fit the needs of your Home and Small Office and yet still be effective. What are we talking about? In a nutshell, you need to know if something has been changed on your computer bad or good, with or without your permission. What we want to achieve is to maintain our computer's integrity. This is most commonly accomplished with some form or combination of, "Integrity Monitors".
Gee Whiz Buddy! I already have to keep my Anti-Virus Programs updated, along with all my Malware Removing Utilities, and don't forget the doggone Operating System Updates. Now you want me to add some Integrity Monitors?
Is this too much to expect for a small network/home computer? I don't think so. "Format" is not always the best solution. If you don't know exactly what those files and folders looked like before someone broke in, and don't know how to restore them all, then it is appropriate for you.
Already on board
There is some good news though. You may already have assistance on board and not know it. If you are using Windows XP or Windows ME you have "Windows File Protection". Fortunately for us, it may appear that Microsoft realized that we (and others) have a tendency to corrupt or even down right delete critical files and/or their folders. Those being the essential .dll's, .exe's, and .sys's. I'm guilty as can be of this especially during the Pre-ME years. How did we delete programs back then if the uninstaller didn't exist or add/remove programs let us down as well? Invariably, I'd go on a witch-hunt for any folder or file related to that program. Shortly thereafter, you'd think I had a system hijacker with all those pop-up error messages being displayed! You definitely get to learn your operating system as you restore those buggers. Anyway so you have Windows File Protection that may replace a corrupted/missing file by using the previous version or by asking for the Installation Disk. This process could be invaluable if someone else went about changing your system.
Although this is not an advertisement for XP or ME, one of their other crowning features for us file corrupters/deleters and of course to thwart the effects of some deviant's action, is "System Restore". You can establish your own Restore Points and of course Windows does it automatically during application installations and every so often. This feature allows you to return critical system files back to a known-to-be-good date.
Outside Sources for Integrity Monitors
Ok this is were we need to keep it simple. For my home network, I don't have a staff on standby to respond to intrusions, a bunch of monitoring programs, pagers, or the like. And with the other precautions listed earlier, all I really need here is something to throw up a stop sign and let me know what's going on. Some might say, "That's what my firewall is for." Unfortunately your firewall may be the first target, so as to allow outbound connections.
There are multitudes of Integrity Monitors online. Just pop "Integrity Monitor" into your favorite search engine and select one that best fits your needs. For brevity I only listed two.
One of those programs is GFI LANguard System Integrity Monitor it comes with the ability to determine with files have been changed, deleted or added to Win XP & 2000.
Another similar program is WinPatrol "WinPatrol sniffs out worms, adware, keyloggers, spyware, cookies, and Trojan horses...it uses a heuristic approach, taking a snapshot of your critical system resources, then alerting you to any changes that occur without your knowledge."
When we access the Internet we cannot expect a "Nothing goes out - Nothing comes in" condition. Nor do we have to run to a corner and enter into the fetal position. We need to create and maintain our own Layered Defense to make it more difficult for the deviants to work their evil deeds. We should be educated users aware of the risks that are ever-present. If possible, limit the time we are exposed to the hazard. Employ some form of an Integrity Monitor to alert us when our files have been altered. And above all else, do not expose our treasures to the thieves.
Connection refused, try again later.