Computer security seems to be making the news a lot lately. Almost every week, malevolent forces crawl out of the woodwork to take down high-profile Web sites. Companies lose millions of dollars and suffer damage to computer systems. As a result, large companies spend thousands of dollars for security systems and products to protect the doors to their corporate networks. Microsoft recently felt the brunt of two intruder attacks on its Web properties, resulting in hours of downtime and decreased customer confidence. (For more information about the attacks against Microsoft, see Paul Thurrott's coverage at the WinInformant news site.) The corporate world battles computer intruders daily.
Most small office/home office (SOHO) users, however, wallow in a false sense of security. Just because a SOHO isn't a large corporation, such as Microsoft, doesn’t mean it's not a target. Many of us are fortunate enough to have broadband connections, such as cable modem, DSL, or satellite capabilities, serving our homes and offices. Before, when we were stuck with a slow dial-up modem connection, we usually weren't online 24 hours a day, 7 days a week. It was, and still is, difficult for intruders and attackers to target a dial-up account because of its unpredictable connectivity. However, broadband brought full-time connections to a lot of users. As a result, intruders have more opportunities to attack than ever before.
It’s hard to know the number of intruders currently threatening the computer realm. Many systems administrators and users have built up a tolerance to attacking attempts, accepting intruders as the norm and byproducts of using a directly connected system. Many attempts, successful or not, go unnoticed by unaware users. Internet security experts agree, though, that the number of attempts at security breaches is increasing, as is the sophistication and efficiency of the attempts. To keep up, vendors and security hardware manufacturers struggle to plug the security holes that intruders uncover and exploit with today’s easy-to-use system-cracking tools.
SOHO users are typically concerned with external security—protecting their systems from providing unintentional access to outsiders. Very few SOHO users are concerned with internal security. Most home users' internal network security usually involves protecting children from adult Web sites, limiting access to newsgroups, and generally filtering Internet content. Likewise, users of SOHO networks (i.e., networks with typically less than 10 computers) generally consider their internal networks to be trusted environments. However, making a distinction between internal and external security can be important, because intruders often take advantage of the lax system-to-system security of a trusted, internal network. Once attackers have broken down the internal door, the game has just begun—they are free to roam the entire network.
Why would computer intruders target a SOHO user? What do they have to gain? Experience, for one thing. Intruders have to start small, just like any other person mastering a hobby, and systems with minimal or no security are the perfect beginning target. Most vulnerabilities that these beginners can exploit are the direct result of curiosity, error, shoddily coded software, or misconfigured OSs. Attempts commonly originate from other compromised systems, often with that system's primary user unaware that an intruder is using his or her computer to launch other intrusion attempts. Intruders also target systems to satisfy their boredom—for them, compromising a system takes the place of a good dinner and a night at the movies. Intruders use someone else's system to host questionable sites, such as warez (pirated software) stores and adult-oriented media centers. Of course, there’s also the possibility that an intruder wants to steal the unique intellectual property you have stored on your system.
For whatever reason intruders have, you stand to lose something when you’re attacked. Although you probably don't have as much at stake as large businesses with regard to downtime and lost sales, an intruder is still an inconvenience and, more likely, frightening and costly. SOHO users typically lose data when an intruder attempts to wipe out the primary hard disk. Restoring compromised systems from a backup takes time, and making a clean rebuild to avoid any further intrusion costs money. Your ISP account might be cancelled. You can be embarrassed or have to deal with issues of losing integrity—after all, if an intruder compromises other users' systems by using your system, these victims have no way of knowing that you weren’t the attacker. Also, if you’re caught with inappropriate material or copyrighted software that the intruder linked to your machine, you can face criminal and civil charges.
An intruder attack is only one facet of security with which you should be concerned. Viruses are another big security threat; the fact that they spread easily only increases their infestations. For example, worm viruses spread when users open email attachments, which causes the virus to email itself to the user's entire contact list. Other Trojan horse viruses can come into your system and leave a back door for intruders to use your computer to make countless attacks on other users' machines.
Helping you learn how to protect your computing environment from these various threats is the reason for this new column. In future columns, I’ll introduce you to the most serious and the most common threats to SOHO security. I'll tell you how to prevent security breaches and how to remove doors that intruders go through to access your system. Computer administration should be as proactive as it is reactive, so I’ll also discuss ways you can eliminate the risk of attack, whether it's from viruses or vindictive intruders. Of course, your mail is always welcome—if you have questions, comments, or suggestions for future topics of concern, email me at [email protected], or post a reader comment here using the tool in the Article Information box on the right.