Keeping your PC secure on the net.|
You may not even know how many are connected...
By Red Squirrel
The internet is a jungle out there!
Without you knowing, many people could be accessing your computer!
The main security threat is a protocol used by Windows which is on by
default on many versions of Windows. It
is a protocol which lets others connect to your hard drive!
At this point, as the owner of a scamming company, I would
try to sell you a very expensive product. The
bottom line is, staying secure can cost you as little as $0.
The way the internet works is based on
this main concept. Servers and clients. When you type in the address
and load this page, your browser is acting as a client and connecting to our
server and once the connection is established, both the client and the server
communicate. However, your own computer could be acting as a server
without you knowing it! One of the major causes would be the protocol
mentioned above, which is called Netbios. It is good to have on a local
network, and is used in corporate environments, but on a computer directly
attached to the internet, it's a bad idea. It has many security holes, and even
your shared folders are password protected, they can easily be cracked. I
know this from personal experience as I was able to hack into my own PC from
school to get homework, by cracking the password which I had forgot! In
Windows 2000 for example, the protocol is automatically set to share your entire
C drive. Anyone can connect to it and
view all your files - or delete them.
Also, there are type of viruses called trojans, which act as a server which is
designed to do bad things such as delete files etc. If a client (in this
case most likely a script kiddie using the program designed for that trojan, or
simply a telnet session) can connect to it and command it to do harm to
IPs and ports
An other concept on server/clients that is good to know is ports and IP's
(Internet Protocol). Think of
a port as a door to your computer. A single PC can have up to 65 thousand
ports or close to that number. There are special ranges for special purposes but we will not get
there. Trojans tend to listen on various port numbers, while
servers such as Netbios are more standard. For example, Netbios uses port
139. A webserver such as the one you are connected to listens on port
80. The term listen is used to describe that the server is active and
waiting for connections.
Also, each computer connected to the internet has a unique address called an IP
address. All it takes is the IP address of your computer, and a sensible
open port number and someone can hack into your computer. By sensible, I
mean that it is not really wanted by you, to be open or is insecure, such as full
access Netbios, or a trojan. However, even more secure ports such as web
servers (ex: our server has port 80 opened for anyone such as you to connect to
it to view this page) can also be insecure. But this is when software
reliability comes in, and the choice of server software. My personal
experience with badly written software is pretty good, I've used server software
which enabled a script kiddie to hijack our server and send spam! We
quickly got rid of it when we found that out! So it's not only trojans and
Netbios that are a security threat.
What most people say is "why would someone find ME, the internet is huge!".
Very true, but there are tools out there called port scanners, which scan for
certain known insecure ports (such as 139) on large IP ranges. A typical
port scanner can scan 253 IP addresses on several ports within minutes. It
will list all the computers it finds that have open ports. Some very
serious people will scan large port ranges and large IP ranges and leave it
overnight. They could easily get over a few thousand ports waiting to be
attacked. Now the question remains "why would he go after MY
port?" but the fact that it is exposed and easily accessible at this point
should be enough to scare you, as there's a good chance a serious script kiddie
would dump the info in a program that attacks all at once! Anything is
Locking your doors
Just like you lock your door at night, you want to close ports that you don't
need or want. If you are not using the netbios protocol, you can disable it
through file and print share found in the control panel under network
properties. For trojans, it is recommended to update your virus scanner
more frequently to avoid them in the first place, but if it's too late, there
are many utilities available to remove trojans, and most virus scanners will
remove them upon a notice.
To be even more secure, it is a must to have a firewall, especially if you are
on an always-on connection such as dsl or cable. A firewall is like a wall
between your PC's ports and the outside world. It only allows certain
traffic to pass through certain applications. Incoming traffic (someone
connecting to an open port on your computer) is filtered according to what you
decide. If you have an open port and someone tries to connect to it, you
will be asked if they can, through that specific port, and specific
application. For example, when we first install our server, the first
person to try to access our site triggers a box on our server asking if
connections can be made through port 80 through the web server software we
use. We can decide to let it through, and also make a rule to always allow
it. If we had a trojan on our server, we would know right away to not let
it, and block it - and remove it to be even more safe. Firewalls also block outgoing traffic - if your computer tries to
connect to another on a specific port using a certain application. For example,
if you open your browser for the first time and type www.reliexec.dynu.net
it will ask you if your browser (will list the name of it) can connect to port
80 of the reliexec server. From there, you can say yes or no. Fact
is, you now know about the connection being made. You would want to let it
in this case. But if you have spyware and it's now connecting to a server
to send out your last 1000 typed words, you'd know about it, and be able to stop
When a firewall can save you
These are certain situations where a firewall will save you:
-If a program on your computer tries to connect to something and you never
requested it. Many programs called spyware will spy on you and send data
to servers. If you have a firewall, you will be prompted for it, and can
then block it.
-If someone tries to connect to a trojan on your computer. You can block
the port of the trojan, which will make it look invisible. If someone
tries to connect for the first time, you are asked to accept the connection. Unless you are running
a server such as a web server or P2P software, you should never need accept incoming
-If someone is launching an attack on you, you will quickly know as your
firewall will alert you, and you will have the information of the individual,
ready to contact their isp if needed. But you must not go crazy with that,
the best thing to do is to ignore blocks - as you are protected anyway.
Where to get a firewall?
There are many firewalls out there. Some will cost you big bucks, and some
The two most popular ones are Zone Alarm and
Firewall. You can click on ether one (they will open a new window) to
start a Google search.
Don't go crazy!
When you install a firewall for the first time, you will get many
alerts. Not only asking you for "first time use" programs to
communicate, but also blocked connections. Do not panic. Many of
these are simply automatic (mostly safe) processes such as a server checking if you are
there, or on a worse case, a passing port scanner. They are not all hack attempts!
Even they are, you are protected and it's that which counts. If you do not
run networking software such as file sharing programs or servers, you are even
more safe then if you would.
Firewalls are a great tool, and like virus scanners, everyone should have one!
Once you install it you forget it!
I hope that this article helped you make your PC more secure. For more
advanced issues, please ask your questions on our forum!
~Red Squirrel AKA Ryan
Latest comments (newest first)|
Posted by wtd on July 07th 2005 (14:15)|
|QUOTE (Red Squirrel @ Jul 27 2005, 08:49 AM)|
| It might actually be more secure then I think even by default. |
It probably would be.
Posted by Red Squirrel on July 07th 2005 (08:49)|
Let's say for FTP or what not, etc. There's lot of reasons. Mine at home is behind my router so security is not an issue, but as I don't know much about linux yet, if I put it online I'd most likely get hacked into. Actually, I should try it for fun, image it in a VM, delete all the confidential data, and set the VM in the DMZ zone. It might actually be more secure then I think even by default.
Posted by wtd on July 07th 2005 (00:23)|
|QUOTE (Red Squirrel @ Jul 26 2005, 08:12 PM)|
| Yeah it's more secure in that sense, but in terms of being hacked into. A linux server that someone who knows nothing about linux just finished setting up will get hacked much easilly then one set up by a knowledgeble windows admin. I'm sure if I would decide to put my linux server online, it would get hacked very quick. I'll find out though once I deploy my firewall which will run on linux, though I might just go and use smoothwall instead, not sure yet. The firewall will be in front of the router so if someone does hack into it, oh well, it will be a learning experience. |
Why set up a server at all then? Most people have no need to run servers, and most desktop-oriented distributions don't start or even include much in the way of servers.
Posted by Red Squirrel on July 07th 2005 (20:12)|
Yeah it's more secure in that sense, but in terms of being hacked into. A linux server that someone who knows nothing about linux just finished setting up will get hacked much easilly then one set up by a knowledgeble windows admin. I'm sure if I would decide to put my linux server online, it would get hacked very quick. I'll find out though once I deploy my firewall which will run on linux, though I might just go and use smoothwall instead, not sure yet. The firewall will be in front of the router so if someone does hack into it, oh well, it will be a learning experience.
Posted by wtd on July 07th 2005 (18:50)|
|QUOTE (Red Squirrel @ Jul 26 2005, 09:32 AM)|
| Yeah that works, but if you don't know lot about linux it's even more unsecure then windows. |
No, it's not.
There are inherent social engineering reasons why Linux is vastly more secure, owing primarily to the use of repositories, vs. downloading an executable installer off of a website. The repositories are moderated, and bad software is regularly weeded out.
|View all comments|