Three Big Security Problems - 14 Jun 2001

Imagine having your house in the middle of a big city parade—like it or not, you'd have to secure your house to prevent people from entering without your permission and damaging or stealing your belongings. Working on the Internet today is similar because it brings a parade of people close to your home who are eager to get through your computer’s door and come inside. Fortunately, you can take steps to keep this from happening. Once you know the three biggest security problems that a small office/home office (SOHO) user needs to take care of, you can keep out uninvited users.

Problem 1: An Insecure OS

An insecure OS is an invitation for attackers to come in. Millions of computers have been shipped with OSs in various states of accessibility. Most users are unaware that their default settings let unauthorized users gain control and enter their systems with very little effort. (We’ll talk about one such example later in the column involving Microsoft file-and-print sharing.) Attackers have specific tools that scan tens of thousands of Internet addresses looking for publicized exploits in common OSs, making anyone a potential target.

I searched the Internet using the phrase port scanner and found 6 links to freeware port scanning programs out of 10 matches displayed on just the first page. Many of the available port-scanning utilities are Windows- or GUI-based, which makes them automated and easy-to-use. An intruder can start a scan of a region of IP addresses, step away for a dinner break, and come back to a list of vulnerable targets. In fact, these tools have become so sophisticated that there are scripts especially made to test known vulnerabilities against services running on your machine.

Several of my friends used to recommend keeping a low online profile as a real deterrent to intrusion attempts. Unfortunately, with tools like port scanners so easily available, this advice is no longer as significant. Another colleague pointed out an adage: There is little, if any, security to be obtained through obscurity.

If you haven't secured your OS, chances are that any programs integrated with the OS are also at risk. Executable programs you download using a Web browser and execute on your system can cause all sorts of problems. However, it’s up to you whether to accept and trust downloads. The latest Web browsers identify code that an intruder attempts to download to your machine, letting you accept or reject it. Some users, however, simply accept everything that comes down the pipe, and that's not a good practice.

Problem 2: Unused Open Ports

The second problem is leaving unused services open. Ports are what programmers refer to as logical connection places. For example, TCP/IP uses ports like doors. When a client computer or program requests a service from another computer or program, the client sends that request to a specific IP address and port number. Developers design servers and programs to listen on specific ports for requests (knocks on the door) and answer them.

It’s entirely possible that you have services running and, therefore, open ports that you had no idea were there. To scan your system for open ports, I suggest you visit Steve Gibson’s Shield’s Up! Web site and follow his prompts. Alternatively, you can have someone you know run a port scan from the outside for you, as a double check against Gibson's scan. Gibson’s utility examines an entire range of ports on your PC and alerts you to what’s open. If the utility finds an open port and you aren’t using the software that's listening on that port, you will want to shut down that software—it’s a definite security risk. If you're using server software, such as a Web, mail, or news server, it's imperative that you stay current with all security updates and announcements from that product’s vendor. Windows 2000 Magazine even runs the Security Advice mailing list that lets you monitor these situations and get information even faster than you can get from the vendors. Most manufacturers correct problems and security issues quickly.

The most prominent security hole in Microsoft OSs is the port 139 NetBIOS hole. The default setting assigns Microsoft’s Client for Microsoft Networks and for file-and-print sharing to communicate using TCP/IP. By default, the OS assigns all Ethernet adapters in a system to communicate using TCP/IP. Using this client/protocol combination in an Internet-connected environment eliminates your security by divulging information about you and your computer to anyone who requests it and exposing Microsoft’s lax password protection system to intruders. With these vulnerabilities, your machine becomes more of a target to intruders because of the simplicity of making this attack and the fact that your computer is actively advertising its condition to whatever program asks. It’s equally simple to protect yourself—disable file-and-print sharing on your connected computers.

Problem 3: Backdoor Programs

Be sure you don’t have any backdoor programs on your computer. Most antiviral programs will search your computer for these programs and get rid of them. Trojan horse programs most often fall into this category because they come in with rather innocent-looking email messages that lurk on your system until you activate the email. Again, these types of intrusions play on a user's innocence and trust during Web-browsing sessions. One of the more common backdoor programs is the two-part Back Orifice. An intruder can use the client application, running on one machine, to monitor and control another remote machine running the other part of Back Orifice, the server application. An intruder can use the Back Orifice client to run any program on the compromised system, record keyboard actions, restart or lock up the computer, look at the contents of any file, transfer files to and from the system, and display the screen saver password of the current user of the target machine.

These backdoor applications can be a big threat to your computing environment. A malicious attacker can use these tools to compromise the security of and inflict damage on a Windows system. However, there are ways to limit the threat. All backdoor attacks trick you into installing the application, so being educated and aware of this threat is a strong deterrent. Also, any firewall between the compromised machine and the attacker’s computer makes it all but impossible for the attacker to communicate with the pseudo-client machine. Primarily, though, you can protect yourself from the potential threat by following safe computing practices—mainly, by not downloading or running applications from unknown sources. Remember that there's no such thing as a 100 percent secure system. Security is an ongoing process, and this column and Web site are here to walk you through that process.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.