PDA

View Full Version : Internet Security - protect yourself!!


HC_Chief
06-01-2001, 09:44 AM
If you have a dedicated link to the internet, such as a cable-modem or DSL connection, you had BETTER be protecting yourself from hackers and 'script kiddies'!

Gibson Research Corporation (great site-very informative BTW) was recently 'blasted off' the internet by a <i>thirteen year old</i> with very little hacking knowledge (aka a 'script kiddie'). Using a Trojan file, this kid was able to take control of over 400 PCs across the country... I'm talking FULL control: he has all user names, passwords; can capture keystrokes, catalog files - FULL control-remotely from his PC! This could be one of your PCs!! Using the machines they control, hackers and script kiddies are waging a terroristic campaign against web sites and users across the globe. Read the VERY informative article here: <a href="http://grc.com/dos/grcdos.htm">dDOS attacks revealed</a>

HOW can you protect yourself? With a personal firewall of course. ;) The best FREE easy-to-use firewall is <a href="http://www.zonelabs.com">Zone Alarm</a> There are other firewalls out there, but I've found this one to be the easiest to employ(ANYONE can figure it out) and it works better than most PAY-per-protect firewalls (such as BlackICE and Norton's firewall)

Until people start protecting their systems -locking out the hackers and script kiddies- these attacks will continue to worsen. Eventually, someone will take out YOUR system or network. POOF, no internet access for you! Or worse, they get a list of ALL of your usernames and passwords... and credit card #s and billing addresses. Protect yourself!

keg in kc
06-01-2001, 09:54 AM
I run Zone Alarm as well, HC. Seems to work pretty well.

Amazing how many "hits" I get against it some days too... :(

bishop_74
06-01-2001, 10:03 AM
I run Black ICE from home. It is GREAT. Unfortunately, when I upgraded from Win2000 SP1 to SP2, those little MF'ers got in to my computer within 20 min and F#CKED up my personal website. Be weary, if you update your Windows, be sure to update your firewall software. If you want to tell these idiots off, go to www.elitehackers.com. They have absolutely NO IDEA what they are doing, they all relyon special programs called scripts, hence the name script kiddies, which practically do all of the work for you. In addition, they can get credit card information of your computer if you have used them to buy things on line, and they WILL. So beware! Whew... I'm done.

HC_Chief
06-01-2001, 10:06 AM
I don't use ZoneAlarm - I am an IT professional(applications analyst and network engineer), so I use a much more complex solution: <a href="http://linuxrouter.org">LRP (Linux Router Project)</a> + Seattle Firewall(SeaWall) for LRP. I use LRP because I run a network of systems at home - I need it to act as a NATting router as well as a firewall, DHCP and DNS server.

I recommend ZoneAlarm for everyday home PC use - it is especially effective and easy to use for 'lay persons'. Even the most computer illiterate can deploy it.

People need to be informed of the risks they run by having a PC connected to the internet. If you surf the web, you had better protect yourself! A firewall + anti-virus = protection. Anything less, you might as well <i>ask</i> people to use your system for illegal means...or worse, <i>steal</i> from you.

BISHOP - get rid of BlackICE ASAP! It is worthless against IRC Trojans!!!

From GRC.com(article I linked in the topic) As far as I could tell, BlackICE Defender had ABSOLUTELY NO EFFECT WHATSOEVER on the dialogs being held by the Zombies and Trojans running inside the poor "Sitting Duck" laptop. I knew that BlackICE Defender was a lame personal firewall, but this even surprised me.

The Zombie/Bot happily connected without a hitch to its IRC chat server to await further instructions. The Sub7 Trojan sent off its eMail containing the machine's IP and the port where it was listening. Then it connected and logged itself into the Sub7 IRC server, repeating the disclosure of the machine's IP address and awaiting port number. No alerts were raised, nothing was flashing in the system tray. The Trojans were not hampered and I received no indication that anything wrong or dangerous was going on.

bishop_74
06-01-2001, 10:22 AM
HC_Chief,
I have a question. How can anyone put a Tojan on your computer via IRC? I understand if you execute the program after you get it via email, but I am fuzzy on the whole thing. I actually support ATM/Frame Relay sevice for Broadwing including Cisco routers. I am farmiliar with the bottom 3 layers of OSI, but the top 4 are still kind of weird to me. What good would a buffer underrun do you? It just crashes yoour computer right? That sounds pretty stupid.

HC_Chief
06-01-2001, 10:31 AM
Bishop - the trojan actually gets on your system as a parasite riding a file download. (Typically, from a USENet server) Because the file is so small, and usually is named close to a system file, they are very hard to detect w/o a solid anti-virus screen. Once online, the trojan uses IRC to connect to a channel. The operator then issues commands within the channel - allowing him/her to issue TCP/IP commands on your local system. Some variants allow the hacker/sk to upload files to your system such as the dreaded Sub7. Once that bad-boy is in place, they have complete control. There are also instances of malicious code executing on websites - IE, by default, has some bugs which allow scripts to be executed which download nasty little files into your browser cache. A guy here at work had a VIRUS downloaded into browser cache - simply by browsing to a website. Luckily, our AV solution squashed the bastid before it could do any harm.

keg in kc
06-01-2001, 10:38 AM
HC, if at some point I have the financial wherewithal is it worth it to go to ZA's pro version, or am I suitably covered with the freebie?

Along the same lines, I'm running a 2.5 year-old version of McAfee Virus Scan, and have just been updating the virus files and haven't purchased the annual program upgrade (i'm a real miser...). I do upgrade the virus data files at least once a month and whenever I get an alert from McAfee, and I don't run Outlook at all (never have, I don't like it) which probably helps because at least half the alerts I see are through that. So, seeing that I haven't gotten any viruses in the entire time I've had the machine I'd think I'm okay but the question is "am I, really?"

gh4chiefs
06-01-2001, 10:40 AM
I'll show my ignorance here. Am I at risk with a dial-up connection? I seem to recall reading that it was the people who are continuously connected that are at risk and those who connect occaisonally via dial-up didn't have much to worry about.

HC_Chief
06-01-2001, 10:48 AM
keg - you're solid dude! :) No need to purchase the Pro unless you want to use it in a professional setting - i.e., at the office. The free version is for home use and works just as effectively as the Pro. The AV solution is solid as well(though I prefer Norton - I have friends who are Symantec developors, so I'm biased) The virus .DATs are typically useless. I read somewhere there are really only about 200 viruses out there that do any real damage. The rest are either harmless, or just knock-off 'variants' of the original 200. Every once in a while, a nasty one comes out (Melissa).

gh4 - Anti-virus is a must, no matter if you're online via dialup or a 'nailed'(static) connection. A personal firewall is also recommended. You run less of a risk because you're not <i>always</i> online, but that does not mean you are impervious to it.

Bishop - seeing how you have quite a bit of routing knowledge, you should check out <a href="http://linuxrouter.org">LRP</a>! It's a damn good routing firewall/DHCP/DNS system. It's opensource(free) and requires no more than a 486, 16MB RAM and a 3.5" floppy drive! The learning curve is steep, but people with TCP/IP knowledge should be familiar with the majority of it. It effectively masquerades(NAT) a network - with the router itself being completely invisible to the world. talk about safe - you're freaking <i>invisible</i>! :D

keg in kc
06-01-2001, 10:56 AM
That's mucho HC. ;)

I used to use Norton, but my hard drive crashed about a year and a half ago and it turned out it was from a faulty batch, so it was Gateway's problem, not mine (thankfully...). The new drive had a new version of McAfee on it, and my year of Norton (I had to buy it originally, Gateway's come with McAfee, or did at the time, dunno now...) was up. I didn't have a copy of the Norton program, and I didn't want to have to buy another new version so I've just stuck with McAfee. In other words, while I personally like Norton, I'm too d@mn cheap to buy it, heh.

HC_Chief
06-01-2001, 10:59 AM
keg - hehe, I understand completely. I'm very lucky: company I work for has partnerships with all of the big software companies - we get NFRs (Not For Resale) copies of <i>everything</i>. I haven't purchased software for about four years now. :)

bishop_74
06-01-2001, 11:10 AM
Thanks HC! I will give it a whirl. Unfortunately, because of finances( i.e. girlfriend), I only have one computer, so no need for NAT. :( I always like trying out new toys!

HC_Chief
06-01-2001, 11:15 AM
bishop - give it a go anyway :) You can pick up an old crappy system from a 'used computer' store or out of the newspaper. Like I said, a 486DX will do(hard to find anymore tho'). Get yourself a $50-100 low-end Pentium system, 16MB RAM and a floppy drive (no hard drive required!). Of course, you need a keyboard, but mouse is not required - and after initial setup, a monitor isn't either(telnet to it from your system from within your home network). If you want a separate monitor, monochrome is all you need :)

It will increase your networking knowledge base quite a bit(I know it did for me) and introduce you to the wonderful world of open source Linux(kernel only - no GUI).

gh4chiefs
06-01-2001, 12:16 PM
Thanks HC. I do run Norton Anti-virus, I just don't have a firewall. I'll probably download the freebie when I get home.

bishop_74
06-01-2001, 01:18 PM
HC,
I think I am actually just going to go all out and build an athalon 1.4Mhz with the new GeForce 3 card (WEEEEEEEEEEE!). Screamin' fast and run 256 of the DDR. I like Linux, but I'll be gosh darned if I can't find half of the games/drivers I am looking for out there. I am also pretty unfarmailiar with that O/S. I'm an old DOS guy and the directory structury and security features REALLY are different. Maybe I'll give it another go. Do you use the command line interface more, or do you use the GUI? Which version did you like the best? I found Mandrake to be the easiest of the few that I tried. Keep in mind, I really don't know much about it. BTW, thanks for the free advice. :)

HC_Chief
06-01-2001, 01:35 PM
bishop - just talked with one of the guys I know at Symantec (he helped write the Norton Internet Security app - which, I really don't care for to be honest...;)) - his take on BlackICE: Technically, BlackIce isn't a firewall. It's intrusion detecion, and only filters incoming traffic, not outgoing. That would explain why the IRCbot trojans had no problem getting out! :eek:

Dude, that system is going to kick some SERIOUS booty! :D I myself am waiting for the GeForce3 to drop to ~$250/300 before I build a new gaming (Athlon) system

LRP = the Linux kernel, stripped bare. It is 100% command-line. If you're familiar with DOS, you should have no problems with LRP (there are differences of course... like '/' instead of '\' i.e., 'CD<b>/</b>{directory_name}' rather than 'CD<b>\</b>{directory_name}')

It has a nifty little DOS menu with which to view and modify modules. The docs usually give you all the info you'll need (I recommend you go with EigerStein - get it at http://http://lrp.steinkuehler.net/ )

As for FULL-BLOWN Linux distros, I like Caldera the most. Probably because it was developed with business users in mind. Setup is a breeze - just like Windows, follow the Wizard prompts. The GUI is configurable - can look like Windows 9x, MacOS, OS/2, Amiga, etc. - whatever you choose. It is fairly straight-forward and VERY stable. :)

keg in kc
06-01-2001, 01:44 PM
This should give you an impression of just how poor I am right now: I'm still running a PII (that's "2") 450 with a TNT (that's the original TNT). No problems with any games yet, no slowdown, etc., until this last month or so, when my computer has just started to randomly drop system resources from it's normal 80% down to about 65-70% (that's frustrating me to no end, just can't figure it out...). Even so, I don't have any problems playing any of the games I have. However, if I want to play anything coming out this fall and next year, I'm completely S.O.L.

That's certainly something motivating me to write right now. I'd like to be able to play Star Wars: Galaxies at some point in time.

Speaking of writing... ;)

HC_Chief
06-01-2001, 01:56 PM
keg - that system is 'better' than my current gaming platform: Celeron 400 overclocked to 500! :) TNT2 Ultra & 128MB RAM Just like you, no problems with games so far (except the occasional crappy game that won't run under Windows 2000 grrrrr)

A new squad-based military sim is coming out soon: <a href="http://www.codemastersusa.com/flashpoint/front.htm">Operation Flashpoint</a> It looks BAD A$$! (Think Counterstrike on steroids!) The recommended specs: <i>PIII700</i> and a 3D SVGA with a <i>minimum of 16MB</i> video memory! I watched a guy from work playing it - OMG, it is so kicka$$ - it has real-world physics, HUGE outdoor maps, hit-scan weapons, built-in voice com, and <i>drivable vehicles</i> (jeeps, humvees, tanks, helicopters!!!)

Armyofme
06-01-2001, 02:01 PM
It doesn't seem like anyone here has looked at (or at least hasn't mentioned) Mac OS X. The new operating system is built on a Unix kernel and has firewall features built into the system. Pretty cool stuff. Just thought I would mention it.

HC_Chief
06-01-2001, 02:03 PM
The new one is based off the Unix kernel?

Does it have a command line? (If so, they just lost the ONE thing that made them nearly 'hack-proof')

keg in kc
06-01-2001, 02:06 PM
I know with Galaxies, they're already planning to take advantage of the next generation of video cards after the GeForce 3, whatever the hell that will be.

I have a feeling I'd download that game on here and my system would just cough and die.

Oh, HC, my crappy laptop (upon which I do my writing...) actually has a faster processor (475 Athlon, but it's a K-6), but I didn't get 3D hardware for it. Good thing, too, probably, because I'd probably write even less, if such a ludicrous thing is possible. Games on the go... ;)

I think the 128 MB RAM is what's keeping us going, but our days are numbered...

I could run Black & White okay, but that's probably one of the last new games I'll be able to run without a problem. I'm really getting behind the 8 ball...

In the excitement over Star Wars games following E3, I've been playing through Jedi Knight, now 4 years old. It's really staggering how much games have advanced in that time.

Armyofme
06-01-2001, 02:20 PM
Yeah, you can get into what they call the "Console" that allows you to get into a command line. I guess that has its advantages and disadvantages. I know quite a few people that the main reason they hated the Mac was because they couldn't get in and "tweak" things to their liking. I, for one, could care less about having that flexibility.

It is a HUGE change from the OS's of old... not in usability, but in being a truly modern operating system, built from the ground up. They finally got rid of a lot of old baggage that was way overdue.

I would encourage anyone to at least take a peek at it, it is quite impressive.

HC_Chief
06-01-2001, 02:32 PM
I was once an Apple certified tech (can you believe that? hehe)

Back in the old OS7x days. I always said: "The Mac is superior in hardware, but WOEFULLY behind in software!" If they cut out the crap (backward compatibility to the first Mac OS); <i>rebuilt</i> the OS to take advantage of the hardware - RISC processing especially, they would be competitive again. So they FINALLY did it, huh? Wow... I bet there are a lot of pissed Mac OS 'purists' right now! (Who cares if they are? it HAD to happen if the Mac was going to try to compete in the 21st century!)

The only bad thing: they are now 'hackable'. Before, there was no command line - so a hack was virtually impossible. Sure, you could DOS them all day/night long - but that is a function of the TCP/IP protocol and it's weaknesses - the OS itself was impenitrable. No longer...

Armyofme
06-01-2001, 02:52 PM
Since you mentioned the RISC processors, I'll add one more thing ;) The OS was built with multiple processors in mind. They have had dual processor machines for a little while now, but I wouldn't be surprised to see a quad processor machine in the summer, and there are rumors of 8+ in early 2002. The tests that I have run show that it is extremely efficient using everything the chips can give them in unison, sharing the loads equally. Add to that the protected memory, multi-threading, the Mac UI and all of the other misc. niceties of a Unix system and you have a killer setup.

Don't think I am a Mac fanatic. I have a couple PCs that I use for games and such, but when I need to get the job done... hehe, I just realized... that is like calling someone out for being a racist and them coming back with "I have a couple friends that are Jewish" Oh well, take it for what it's worth :)

HC_Chief
06-01-2001, 03:06 PM
Interesting.

Is that crappy Appletalk protocol stack still featured? Or did they finally wise up & go 100% TCP/IP?

If that OS pans out, M$ may have some serious competition again (of course, I'm sure they don't mind - seeing how they are part-owners of Apple anyway...)

Armyofme
06-01-2001, 03:22 PM
Appletalk is still an option, but it seems that TCP/IP is the preferred way of networking.

As far as Microsoft goes, yes they own stock in Apple if that is what you mean by being "part-owners". That deal was more to keep MS developing their apps for the Mac. Apple knows that they need Office on the platform (as bad as PowerPoint is on any platform) to stay in the game. You can't underestimate the power of Office to stay in the business sector. They do develop some fairly decent apps for the Mac, you gotta give them that.

HC_Chief
06-01-2001, 03:23 PM
It seems I'm quite a bit behind when it comes to CPU architecture! The G4 is actually a <i>post-RISC</i> processor. But, surprisingly, so are the AMD K7 and Intel's P4 and Xeon processors. As a matter of fact, the G4 and AMD K7 are basically the same CPU! (or close enough to be considered siblings;))

Interesting article on it here: <a href="http://www.arstechnica.com/cpu/1q00/g4vsk7/g4vsk7-1.html">Arstechnica</a>

Blurb:
<font face="times" size="-1">The G4 and the K7 are both fascinating and powerful modern processors. Each represents the current peak of performance for one of two rival platforms that have been at each other's throats since the dawn of personal computing. Though some would have us believe that the K7 is from Mars and the G4 is from Venus, both processors actually have quite a bit in common. Both CPUs were hotly anticipated, and were released with much hype. Also, with the somewhat recent announcement of a process technology licensing agreement between Motorola and AMD, the G4 and the K7 both use Motorola's copper interconnect technology to achieve higher clock rates and lower power consumption. Finally, and most importantly, the G4 and the K7 both share a number of architectural similarities. Each incorporates such post-RISC elements as out-of-order (OOO) execution and vector processing capabilities, and each has a superscalar design with functional units that perform comparable functions. </font>

Looks like the CISC/RISC argument has been dead for a while now. They've become so mingled, they are really hybrids of one another.

Otter
06-01-2001, 05:23 PM
One of the few days I don't visit every 45 minutes and you guys get into a cool techie post :mad:

I don't know anything about LINUX anyway.

AS/400 platform is my area so I still get to deal alot with the PC interface and TCP/IP data communications.

Beuller, Bueller, anybody, anybody....

Brock
06-01-2001, 06:06 PM
I'm sure this is a stupid question, but couldn't one simply shut down their computer when they are finished with it? Saves on the electric bill too.

Otter
06-01-2001, 06:58 PM
Brock,

Some computers can't be turned off. Servers for instance.

When you connect to the internet there is a server out there somewhere that is always or on you can't connect. There is alot of other simlar applications for an always on mode as well.

Turning it off makes sense for personal computers, but your still vulnerable when your connected.

Besides, that solution is way to simple for the IT industry. It would never fly. ;)

HC_Chief
06-01-2001, 07:37 PM
Otter - 'green screen' boy eh? A friend of mine writes in Jaywalk for AS/400 integration... I guess it makes nice GUIs with which AS/400 interfaces. (I am totally cluless when it comes to IBM mainframe/application server software)

keg in kc
06-01-2001, 07:52 PM
Man, I finally got around to reading the article HC, and that's some frightening shiznit. Future doesn't look good, and the BIG majority of people running computers probably know about as much about this as I did before reading that.

The guy's nicer than me, I'd have had that 13 year old drawn and quartered...

Otter
06-01-2001, 07:58 PM
HC_Chief,

"green screen boy" LOL - been in the industry for 3 years now and thats the first I heard that one.

IBM mainframes are a different animal than pretty much anything else I've ever worked with. We use Client Server as our GUI.

When I first got out of college the closest thing to a mainframe experienced was a VAX system. I was taught the regular comp sci stuff. Visual Basic, COBOL and C++ all on PC based systsems. I remember the first time I worked with 400 I thought I was getting ripped off!!! Where's all the pretty colors and click and point interaction???

They are definatly not pretty but they run a business dependibly day in and day out (3 years and never had to reboot once ;) ) plus there is a high demand for them because the majority of college grads are trained and prefer the PC basesd system while all the "old" 400 people are starting to retire.

otter
~still misses the pretty colors

HC_Chief
06-01-2001, 08:45 PM
Yeah, AS/400 is about as solid as you can get. My friend told me the same: been up for five + years w/o a reboot.

The bad thing about it: OS upgrades run around 25 THOUSAND dollars! :eek:

Otter
06-02-2001, 10:47 PM
Since I'm up enjoying a Yuengling Lager and working on the ol' web page at this late hour I thought I'd add one thing about internet security that HC_Chief didn't mention.

COOKIES

Cookies are a threat to internet security as well. Not in the same fashion as the hacker/cracker stuff mentioned previously but they do allow an organization interested in your internet habits to track your activity on the net. I included a snapshot below of a small program I use (CookiePal) to block tracking and advertising cookies.

If you look you can see that cookies like:

admonitor
doubleclick (doubleclick cookies are actually spyware – bad medicine!)
ads.link4ads.com
admonitor.net
flycast.com

plus all the other ‘rejected’ ones can be blocked from being written to your computer. But one’s from the friendly sites that are actually useful, like the one from chiefsplanet.com are allowed to pass.

If interested you can download a copy of cookie pal form pcworld.com or shareware.com. However, if you do download it, you will only receive a 30-day trial version. (email me, I can take care of that for free ;) ) It’s a great little program that’s very easy to use and never interfered with IE or my firewall.


http://hodgepogde.homestead.com/files/Cookie_Pal_Snapshot.jpg

KS Smitty
06-02-2001, 10:56 PM
Otter:
I periodically (when the internet starts runnin really slowly) go through my Cookies and Temporary Files and delete unneeded cookies. I know this is time conuming but it works fairly well. But I haven't quite figured out which cookies to save, like the Planet ones and the Foundation, for example. Is there a way to keep the cookies you "need" while getting rid of the ones you don't?

Otter
06-02-2001, 11:25 PM
Kcsmitty,

Keeping the cookies you need is easy. Just don't delete them. As far as the ones you don't need, the best way to get rid of them is to prevent them from coming in.

Deleting cookies regularly is effective but I just don't like the idea of doubleclick.com or one of the others tracking what web sites I visit when they hit me with one of thier cookies that I didn't want or ask for in the first place. I could understand if I visited thier site, but they write them there through 3rd party software for no reason to collect stats and surfing habits.

I guess the only way to keep the ones you want and get rid of the ones you don't is to go through them one by one and pick and choose. Like you said, time consuming.

KS Smitty
06-02-2001, 11:36 PM
The last time I did this I thought I kep the cookies I needed but I had to relog on to the Planet and the Foundation site. Evidently there is more than 1 cookie needed. If I downloaded cookiepal would I keep the cookies I need?

Otter
06-02-2001, 11:49 PM
kcsmitty,

Yes, it will keep the cookies you want and ban the ones you don't. You just have to tell it what to do. Like I said, its a simple program.

BTW- I'm not pimping this program, its just the one I use. There are many like it but this one is mine.

KS Smitty
06-02-2001, 11:55 PM
Otter:
Tank you belly much. I appreciate the info and will look into it.

Rausch
06-03-2001, 03:53 AM
Appreciate the info man!


But I'm on a mac, immune to 99.9% of all hack attackts!

:D What a bastitch I is!

HC_Chief
06-03-2001, 12:18 PM
Speaking of 'spyware' (aka 'adware') in cookies & files, I know of a great FREE utility to scan your system and remove them:

<a href="http://www.lavasoftusa.com/">AdAware</a> by LavaSoft. Follow that link to their site and download the software; then run scans on your system regularly. It will get rid of all those pesky spyware apps and cookies. ;)