The Times: Tech special - The security perils of 'always on' broadband
High-speed, always-on Internet access makes you far more likely to be targeted by a malicious hacker or cybercriminal. Unless you practise the highest levels of security awareness, your broadband connection could allow an intruder to steal your documents, monitor your communications and use your computer to launch hostile attacks on third parties. By David Rowan
The risks are far greater than with dial-up Internet connections. When you use a standard 56k modem to go online, your service provider will temporarily assign your computer an identifying number called an Internet Protocol (IP) address. This address will normally change each time you dial in, which makes it hard for a hacker to identify your individual machine.
But with cable or Asymmetric Digital Subscriber Line (ADSL) broadband connections, some service providers will assign you a fixed IP address. This helps a hacker locate your individual machine. For this reason, many ISPs have now chosen to assign "dynamic" rather than fixed IP addresses to broadband users.
More importantly, the fact that your PC is likely to be online for long periods makes it a target for hours, if not days, at a time. Your computer could be used for a range of nefarious purposes: a hacker could install a program that could then be used to attack other machines; your e-mail account could be used to send unsolicited bulk mail; or your hard disk could be used to store pornographic or other illegal or unwanted files.
A hacker can easily scan an entire region looking for Internet-connected computers, which can then be probed for security weaknesses. The risks include "trojans", programs that arrive unannounced in your computer, often within unrelated files, and can affect its performance by altering its settings or infecting it with a virus. Up-to-date virus-protection software should alert you to their presence.
Your computer might also be accessed remotely to launch a denial-of-service (DoS) attack on other computers without your knowledge, or to paralyse its own processing powers. Microsoft Windows-based computers are particularly vulnerable to such security weaknesses.
Cable modems can increase the risks because connections within a neighbourhood are routed through a central node. In the early days of cable, this allowed individual users to access files on their neighbours' computers through a vulnerability in Windows software. The cable companies say they have now solved this problem.
Never forget that you are a target for hackers as long as you are online. Before installing a broadband connection, you should take some basic security precautions.
If you are working from home, ask your company's IT department to check that your system is securely set up - especially if you are connected to your office as part of a Virtual Private Network (VPN). At the very least, you should install anti-virus software such as McAfee VirusScan or Norton Anti-Virus, and apply whatever security "patches" are released from time to time for the programs that you run.
You should also install a personal firewall program: these are sold by all the main security companies for around £30 or £40. Internet-security companies are now also selling various "sniffer boxes" - such as the Gatelock from Trend Micro - that sit between your computer and your network link and alert you to attempted breaches.
There are also free programs available on the Web - one is called Shields UP! - that will check the security of your computer's Internet connection.
Never open an e-mail attachment unless you are confident about its source - and even then, check that it is something that you are expecting. Be especially aware of accepting files whose names end with .vbs or .exe, which means that they can execute commands on your computer. Do not drop your guard even if you recognise the sender's name: many viruses, such as the notorious Melissa virus, propagate themselves by sending themselves through every address in an e-mail contact book. And never download software from the Internet without satisfying yourself that it is from a reputable source.
Use passwords that are difficult to guess - combine upper- and lower-case letters and numbers, for instance, rather than use common nicknames or pets' names. If you are working from a single Windows computer or Mac, turn off the file-sharing and print-sharing options. This will limit the access outsiders have to your personal files.
You should try to back up your data as often as you can in case you lose it or need to reconfigure your system. And turn off your computer, or disconnect its network cable, if you are not planning to go online in the near future.
It may dilute the benefits of broadband's "always on" capabilities, but it will make you one less target for the malicious hacker.
(The Times, April 12 2002)
The risks are far greater than with dial-up Internet connections. When you use a standard 56k modem to go online, your service provider will temporarily assign your computer an identifying number called an Internet Protocol (IP) address. This address will normally change each time you dial in, which makes it hard for a hacker to identify your individual machine.
But with cable or Asymmetric Digital Subscriber Line (ADSL) broadband connections, some service providers will assign you a fixed IP address. This helps a hacker locate your individual machine. For this reason, many ISPs have now chosen to assign "dynamic" rather than fixed IP addresses to broadband users.
More importantly, the fact that your PC is likely to be online for long periods makes it a target for hours, if not days, at a time. Your computer could be used for a range of nefarious purposes: a hacker could install a program that could then be used to attack other machines; your e-mail account could be used to send unsolicited bulk mail; or your hard disk could be used to store pornographic or other illegal or unwanted files.
A hacker can easily scan an entire region looking for Internet-connected computers, which can then be probed for security weaknesses. The risks include "trojans", programs that arrive unannounced in your computer, often within unrelated files, and can affect its performance by altering its settings or infecting it with a virus. Up-to-date virus-protection software should alert you to their presence.
Your computer might also be accessed remotely to launch a denial-of-service (DoS) attack on other computers without your knowledge, or to paralyse its own processing powers. Microsoft Windows-based computers are particularly vulnerable to such security weaknesses.
Cable modems can increase the risks because connections within a neighbourhood are routed through a central node. In the early days of cable, this allowed individual users to access files on their neighbours' computers through a vulnerability in Windows software. The cable companies say they have now solved this problem.
Never forget that you are a target for hackers as long as you are online. Before installing a broadband connection, you should take some basic security precautions.
If you are working from home, ask your company's IT department to check that your system is securely set up - especially if you are connected to your office as part of a Virtual Private Network (VPN). At the very least, you should install anti-virus software such as McAfee VirusScan or Norton Anti-Virus, and apply whatever security "patches" are released from time to time for the programs that you run.
You should also install a personal firewall program: these are sold by all the main security companies for around £30 or £40. Internet-security companies are now also selling various "sniffer boxes" - such as the Gatelock from Trend Micro - that sit between your computer and your network link and alert you to attempted breaches.
There are also free programs available on the Web - one is called Shields UP! - that will check the security of your computer's Internet connection.
Never open an e-mail attachment unless you are confident about its source - and even then, check that it is something that you are expecting. Be especially aware of accepting files whose names end with .vbs or .exe, which means that they can execute commands on your computer. Do not drop your guard even if you recognise the sender's name: many viruses, such as the notorious Melissa virus, propagate themselves by sending themselves through every address in an e-mail contact book. And never download software from the Internet without satisfying yourself that it is from a reputable source.
Use passwords that are difficult to guess - combine upper- and lower-case letters and numbers, for instance, rather than use common nicknames or pets' names. If you are working from a single Windows computer or Mac, turn off the file-sharing and print-sharing options. This will limit the access outsiders have to your personal files.
You should try to back up your data as often as you can in case you lose it or need to reconfigure your system. And turn off your computer, or disconnect its network cable, if you are not planning to go online in the near future.
It may dilute the benefits of broadband's "always on" capabilities, but it will make you one less target for the malicious hacker.
(The Times, April 12 2002)
posted by David Rowan at Friday, April 12, 2002
<< Home