The internet is a jungle out there!  Without you knowing, many people could be accessing your computer!  The main security threat is a protocol used by Windows which is on by default on many versions of Windows.  It is a protocol which lets others connect to your hard drive! 

At this point, as the owner of a scamming company, I would try to sell you a very expensive product.  The bottom line is, staying secure can cost you as little as $0. 

How server/clients work?

The way the internet works is based on this main concept.  Servers and clients.  When you type in the address and load this page, your browser is acting as a client and connecting to our server and once the connection is established, both the client and the server communicate.  However, your own computer could be acting as a server without you knowing it!  One of the major causes would be the protocol mentioned above, which is called Netbios.  It is good to have on a local network, and is used in corporate environments, but on a computer directly attached to the internet, it's a bad idea. It has many security holes, and even your shared folders are password protected, they can easily be cracked.  I know this from personal experience as I was able to hack into my own PC from school to get homework, by cracking the password which I had forgot!  In Windows 2000 for example, the protocol is automatically set to share your entire C drive.  Anyone can connect to it and view all your files - or delete them.

Also, there are type of viruses called trojans, which act as a server which is designed to do bad things such as delete files etc.  If a client (in this case most likely a script kiddie using the program designed for that trojan, or simply a telnet session) can connect to it and command it to do harm to your computer.

IPs and ports

An other concept on server/clients that is good to know is ports and IP's (Internet Protocol).  Think of a port as a door to your computer.  A single PC can have up to 65 thousand ports or close to that number.  There are special ranges for special purposes but we will not get there.  Trojans tend to listen on various port numbers, while servers such as Netbios are more standard.  For example, Netbios uses port 139.  A webserver such as the one you are connected to listens on port 80.  The term listen is used to describe that the server is active and waiting for connections.

Also, each computer connected to the internet has a unique address called an IP address.  All it takes is the IP address of your computer, and a sensible open port number and someone can hack into your computer.  By sensible, I mean that it is not really wanted by you, to be open or is insecure, such as full access Netbios, or a trojan.  However, even more secure ports such as web servers (ex: our server has port 80 opened for anyone such as you to connect to it to view this page) can also be insecure.  But this is when software reliability comes in, and the choice of server software.  My personal experience with badly written software is pretty good, I've used server software which enabled a script kiddie to hijack our server and send spam!  We quickly got rid of it when we found that out!  So it's not only trojans and Netbios that are a security threat.

Port scanners

What most people say is "why would someone find ME, the internet is huge!".  Very true, but there are tools out there called port scanners, which scan for certain known insecure ports (such as 139) on large IP ranges.  A typical port scanner can scan 253 IP addresses on several ports within minutes.  It will list all the computers it finds that have open ports.  Some very serious people will scan large port ranges and large IP ranges and leave it overnight.  They could easily get over a few thousand ports waiting to be attacked.  Now the question remains "why would he go after MY port?" but the fact that it is exposed and easily accessible at this point should be enough to scare you, as there's a good chance a serious script kiddie would dump the info in a program that attacks all at once!  Anything is possible.

Locking your doors

Just like you lock your door at night, you want to close ports that you don't need or want.  If you are not using the netbios protocol, you can disable it through file and print share found in the control panel under network properties.  For trojans, it is recommended to update your virus scanner more frequently to avoid them in the first place, but if it's too late, there are many utilities available to remove trojans, and most virus scanners will remove them upon a notice.

To be even more secure, it is a must to have a firewall, especially if you are on an always-on connection such as dsl or cable.  A firewall is like a wall between your PC's ports and the outside world.  It only allows certain traffic to pass through certain applications.  Incoming traffic (someone connecting to an open port on your computer) is filtered according to what you decide.  If you have an open port and someone tries to connect to it, you will be asked if they can, through that specific port, and specific application.  For example, when we first install our server, the first person to try to access our site triggers a box on our server asking if connections can be made through port 80 through the web server software we use.  We can decide to let it through, and also make a rule to always allow it.  If we had a trojan on our server, we would know right away to not let it, and block it - and remove it to be even more safe.  Firewalls also block outgoing traffic - if your computer tries to connect to another on a specific port using a certain application.  For example, if you open your browser for the first time and type www.reliexec.dynu.net it will ask you if your browser (will list the name of it) can connect to port 80 of the reliexec server.  From there, you can say yes or no.  Fact is, you now know about the connection being made.  You would want to let it in this case.  But if you have spyware and it's now connecting to a server to send out your last 1000 typed words, you'd know about it, and be able to stop it!

When a firewall can save you

These are certain situations where a firewall will save you:

-If a program on your computer tries to connect to something and you never requested it.  Many programs called spyware will spy on you and send data to servers.  If you have a firewall, you will be prompted for it, and can then block it.

-If someone tries to connect to a trojan on your computer.  You can block the port of the trojan, which will make it look invisible.  If someone tries to connect for the first time, you are asked to accept the connection.  Unless you are running a server such as a web server or P2P software, you should never need accept incoming connections.

-If someone is launching an attack on you, you will quickly know as your firewall will alert you, and you will have the information of the individual, ready to contact their isp if needed.  But you must not go crazy with that, the best thing to do is to ignore blocks - as you are protected anyway.

Where to get a firewall?

There are many firewalls out there.  Some will cost you big bucks, and some are free.

The two most popular ones are Zone Alarm and Tiny Personal Firewall.  You can click on ether one (they will open a new window) to start a Google search.

Don't go crazy!

When you install a firewall for the first time, you will get many alerts.  Not only asking you for "first time use" programs to communicate, but also blocked connections.  Do not panic.  Many of these are simply automatic (mostly safe) processes such as a server checking if you are there, or on a worse case, a passing port scanner.  They are not all hack attempts!  Even they are, you are protected and it's that which counts.  If you do not run networking software such as file sharing programs or servers, you are even more safe then if you would.

Firewalls are a great tool, and like virus scanners, everyone should have one!  Once you install it you forget it!


I hope that this article helped you make your PC more secure.  For more advanced issues, please ask your questions on our forum!


~Red Squirrel AKA Ryan

Next Page

Latest comments (newest first) Posted by wtd on July 07th 2005 (13:15) QUOTE (Red Squirrel @ Jul 27 2005, 08:49 AM) It might actually be more secure then I think even by default. It probably would be. Posted by Red Squirrel on July 07th 2005 (07:49) Let's say for FTP or what not, etc. There's lot of reasons. Mine at home is behind my router so security is not an issue, but as I don't know much about linux yet, if I put it online I'd most likely get hacked into. Actually, I should try it for fun, image it in a VM, delete all the confidential data, and set the VM in the DMZ zone. It might actually be more secure then I think even by default. Posted by wtd on July 07th 2005 (23:23) QUOTE (Red Squirrel @ Jul 26 2005, 08:12 PM) Yeah it's more secure in that sense, but in terms of being hacked into. A linux server that someone who knows nothing about linux just finished setting up will get hacked much easilly then one set up by a knowledgeble windows admin. I'm sure if I would decide to put my linux server online, it would get hacked very quick. I'll find out though once I deploy my firewall which will run on linux, though I might just go and use smoothwall instead, not sure yet. The firewall will be in front of the router so if someone does hack into it, oh well, it will be a learning experience. Why set up a server at all then? Most people have no need to run servers, and most desktop-oriented distributions don't start or even include much in the way of servers. Posted by Red Squirrel on July 07th 2005 (19:12) Yeah it's more secure in that sense, but in terms of being hacked into. A linux server that someone who knows nothing about linux just finished setting up will get hacked much easilly then one set up by a knowledgeble windows admin. I'm sure if I would decide to put my linux server online, it would get hacked very quick. I'll find out though once I deploy my firewall which will run on linux, though I might just go and use smoothwall instead, not sure yet. The firewall will be in front of the router so if someone does hack into it, oh well, it will be a learning experience. Posted by wtd on July 07th 2005 (17:50) QUOTE (Red Squirrel @ Jul 26 2005, 09:32 AM) Yeah that works, but if you don't know lot about linux it's even more unsecure then windows. No, it's not. There are inherent social engineering reasons why Linux is vastly more secure, owing primarily to the use of repositories, vs. downloading an executable installer off of a website. The repositories are moderated, and bad software is regularly weeded out. View all comments Post comment