TeamTuxedo

Internet security has become a major issue over time, and even non technical folks are beginning to think in defensive terms. Firewalls have become standard equipment, and when it comes to firewalls, a router is mans best friend. The advent of affordable internet access has spawned a whole new generation of internet attackers, and malicious software such as viruses and worms. Malicious software has two basic elements, the delivery system and the “warhead”.

Before the internet connected computer was as common as the dining room table, anti virus software was a must to defeat the delivery system of the malicious code. The virus package was often delivered to a computer by the installation of an application. Frequently the victim was the unwitting carrier of the infection, placing it on their own system. Once the malicious software was delivered to it’s intended target, the “warhead” code would attach itself to your system and begin inflicting the damage it was designed to do. They are very hard to combat because there’s a lot of electronic real estate inside your computer and they hide well. Viruses ranged from the annoying, such as the “I love you” virus that periodically said so on your screen, to the plethora of destructive viruses designed to corrupt your data and render your computer unusable. Anti virus software struggled to keep up with the tide of harmful software in a never ending electronic arms race. But the situation was about to get quite a bit worse.

Things went out of control exponentially when the internet became a home appliance. As common as a microwave, it has revolutionized our world as profoundly as the development of written language. That profound sociological change has brought a new battlefield into our homes that couldn’t have been foreseen when the net was young.

The authors of malicious software quickly realized the potential of the internet as a delivery system for their destructive software “warheads”, and began to write malicious software that took advantage of internet technology. It was wildly successful and took the world wide web completely by surprise. Web application programmers were stunned by the sudden vulnerabilities of their programming. Web browsers were hit especially hard. The arms race was moved to a new location. Let the games begin.

Malicious code is a tough nut to crack. But humans are a whole ‘nother ball game. Very not-nice people, called “Crackers”, began showing up at the connection point between you and the net, with the intention of covertly breaking in to your system.

A common technique is to test your computers access points to the internet, called ports. The goal is to see if a port will accept a connection that the computer didn’t ask for (port open) or deny the connection (port closed). For instance, if your file sharing port is open, meaning it’s accepting connection requests, then the cracker has a way into your system through that port, just by asking for it. A basic firewall will simply deny all requests for connections unless you’ve asked for something. For instance, port 80 which is used for web access is opened only if you request that another computer send you web stuff, pages and pictures and such.

Sounds good so far. However, there’s a problem with this approach to security. A cracker can simply scan the internet looking for ports. If the scanning software comes to a port that says whether it’s open or closed, the scanner knows you’re there. It notes your IP address so the cracker can come back and visit sometime.

There’s a way to minimize this weakness. You can use a firewall that functions like the old one but doesn’t respond to the “are you open” question at all. As they say, silence is golden. The port scanner sweeps your computer looking for ports. When none of them reply, It just moves on to the next IP address none the wiser. You make your ports stealthy. It’s a simplification, but you get the idea.

Now bump it up to the next level. Lets assume that the bad guys somehow find out which internet address your service provider has assigned to you. Now that they know, they can go to work on you using the latest attack methods. Good for them, bad for you. Suddenly, having stealthy ports becomes irrelevant.

Enter Network Address Translation, or NAT. Remember when I said a router is your best friend? Here’s why; NAT is a protocol that makes it possible for your router to pretend it’s your computer, and every router can do it. Plug and play. Here’s the best part; it makes your real computer(s) invisible to the internet. Gotta love it. If that doesn’t put a smile on your face, this should - a good router costs around $100.00.

Your router is a hardware firewall. It sits between your internet connection, and your computer, acting as a middleman. The router can automatically assign your computer a new IP address with DHCP. With that new address, the router handles all the internet traffic to and from your computer, keeping your computers true IP address a secret. When combined with a good software firewall installed on your computer, you have a pretty secure system. Unfortunately, nothing is perfect. It’s not going to be exactly bullet proof, but it should give your computer a pretty good layer of Kevlar

It’s 116 degrees here. I think I’ll go have an iced tea.

have fun, and be safe!

Denigris

Filed under: General, Tutorial