With any connection to the Internet there comes some risk of a malicious hacker gaining access to your computer. The longer that connection lasts, the higher the risk. Every day automated scans are searching the Web for open ports on computers attached to the Internet. A port is a connection, usually in place for a particular resource such as file transfer, remote login or system identification. When malicious hackers scan the Internet searching for open ports, they are looking for a port that responds to the malicious hacker's request. This response advertises your computer's Internet address, alerting the malicious hacker to a potential target.

I use the term 'hacker' loosely since a true hacker is someone who understands a software well enough to use it in a manner beyond its intended design. Hackers are a vital part of software development and non-malicious hacking is, and should be, encouraged. Most of the malicious Internet hacking is done by 'script-kiddies,' who download prepackaged scripts to run. But for ease of reading and for lack of a better-understood term, I use 'malicious hacker' throughout. My apologies to the real hackers.

Once a computer has been targeted, there are tools that identify the computer's operating system, and therefore identify its weaknesses. Other tools assist in cracking passwords and in placing backdoors and malicious scripts. Once compromised, the malicious hacker can use the computer as a remote base of operation, keeping one additional step between the malicious hacker and possible arrest. All attacks then seem to be generated from the compromised computer, making the owner's life a misery if the actions trigger a law enforcement trackdown.

A recent example made national news because of the 'denial of service' attack launched against ebay.com, e-trade.com and others. The malicious hackers compromised lightly defended university (and other) computers, planted scripts that could be triggered to generate constant traffic to a specified site, and triggered them at will. Within hours, the FBI teams were at the campuses, asking system administrators tough questions, attempting to track the malicious hackers. The denial of service attack inconvenienced many people, slowed Internet speeds, and cost the Web sites a lot of lost business.

So, as University and other large, previously undefended computer systems tighten security in response to the FBI crackdowns, guess who's next? The lightly defended small user with a full-time connection. Hello, cable modem and DSL users!

Fortunately, there are easy steps you can take to protect your system from most malicious hackers. First, unless you are networked to other computers or need to share files over the Internet, you can remove the Client for Microsoft Networks from your computer and disable File and Printer Sharing. If you share files and printers locally, you should do so using the NetBEUI protocol. This closes many of the front doors to your system.

A more secure method of protecting your computer from direct attack is to use a good firewall. These often-affordable (under $50 for single computers) and sometimes free applications close open ports and keep your system from responding to malicious hackers' probes. Make sure you carefully research these tools. There are tools being distributed that claim to fix security holes that actually make backdoors for malicious hackers. Use only tools from trusted sources.

Next, you need to block backdoor intrusions. These intrusions are accomplished using scripts or applications that arrive on your computer attached to e-mail, applications and as downloads. There is even a method that uses Web addresses with hidden content. In spite of the appeal of animations of dancing bears, don't run or download items from unknown sources -- and think twice about those from known sources.

Defending against most of these intrusions is achieved by making sure you have excellent anti-virus software; keeping the virus definitions up-to-date; and not downloading applications from untrusted Web sites. E-mail is tough enough to monitor but you should also watch for links on untrusted sites. It is possible that a link may look like it is taking you to a trusted site but actually inserts a hidden address to a duplicate site that is malicious. Downloads from the malicious site will then infect your computer, giving the malicious hacker the keys to your system's locks -- again creating a backdoor for the malicious hacker to use.

One last thought -- and the most important. All shared resources can be, and should be, password protected. Use passwords! And use passwords that are not easy to break. Don't use words or names. Use a combination of letters and numbers. On very sensitive resources, include a non-printable character. On NT systems, which have an inherent risk due to backward-compatibilty with Windows for Workgroups, use a seven-digit password.

There are mountains of material available on Internet security. Please make use of it. While no computer is completely secure, everyone should take basic steps to secure their systems. I know that I don't want the FBI Internet SWAT team at my door in the early morning hours.

netechs consults to small businesses on technology issues. If we can be of service to you, please contact us by e-mail or call us at 203-882-8890.
 

  Thanks to Steve Gibson, Stuart McClure, Joel Scambray and George Kurtz for their thoughtful writings on Internet security.