Security and broadband connections


18-02-2002

by Ben Claridge of Panda Software



The advent of Integrated Services Digital Network (ISDN), cable connections and broadband systems (ADSL, DSL) has converted computer security into an issue for concern way beyond just the business sector.

Any user with this kind of Internet connection is open to attack, not just from viruses or Trojans, but also the greatest danger on the Web: hackers.



The most frequent attacks suffered by users with this kind of connection are unauthorized access to confidential data (e.g. passwords), or the use of victim's machines as 'zombies' to attack other machines and hide the attacker's identity.



When this happens, and the attack is sufficiently serious, investigations first center on the IP address of the 'zombie' machine apparently used to launch the attack. This doesn't mean that the victim will end up in jail, but they could have some serious headaches whilst things are sorted out. A hacker was recently jailed for carrying out this kind of attack using computers from Californian universities that had not been adequately protected.



Attacks are made considerably easier when computers have a fixed IP address, as some broadband service providers are now offering. Not all of these offer fixed IPs but this is a point that should be specified in the contract signed with the service provider. The IP address gives information on the location of the computer, and therefore the random addresses provided by servers to modem connections represent an added obstacle for hackers, who generally search out fixed IP addresses.



A hacker first searches for unprotected machines using an automatic mapping program, which looks for open ports in hundreds of IP addresses and in the 65535 communication ports including those used for standard services. Hackers are constantly on the look out for an open port through which they can launch an attack.



The first basic security measure that can be applied to prevent this kind of attack is the installation of a personal firewall. These can block all ports that are not in use or, when necessary, block all communications quickly and effectively.



It is also true that many programs open communication ports for completely legitimate purposes and this can unnecessarily alarm users. Not all users are fully versed in such matters and just as they may open a port for a program to operate correctly a Trojan or hacker may trick them into doing so.



In addition to firewall protection, it is also advisable to install software capable of detecting intruders. These applications warn users not when ports are opened or closed, which could be a normal legitimate action, but when ports are being scanned from an external source with the intention of launching an attack.



In any event, in all of the above cases, we are still talking about people inserting or trying to insert malicious code into the victim's computers. The best solution therefore is to use a good antivirus program that can be kept permanently up-to-date. This won't warn you of open ports or of remote port scanning, but it will warn immediately when any harmful software tries to enter your computer.



Quick and effective technical support that offers permanent personalized services is also an essential component of any antivirus.



IT security companies must be aware of the new security needs of users which means that an antivirus program must scan both inbound and outbound e-mail, allow services to be blocked (FTP, HTTP etc.) and deal effectively with viruses hidden in compressed files downloaded from the Internet, with any of the common browsers (Explorer, Netscape, Opera, etc.).



For these reasons, companies like Panda Software are constantly striving to develop the tools necessary to guarantee complete protection for companies and home users alike.



Ben Claridge

Technical Division

Panda Software

E-mail: feedback@pandasoftware.co.uk

To read more information, click here.