Quick Overview of Internet Security

A Very Quick Overview of Internet Security

Dr. Michael Ward, June 2003

What is the Internet?

In the simplest terms, the Internet is a world-wide collection of network devices (switches, routers, hubs,...) connected by physical media (fiber optics, copper cabling,....) that provide a means of communcation between hosts (personal computers, mainframes, supercomputers, telephone equipment,...).

Brief History of the Internet:

1957 - ARPA (Advanced Research Projects Agency) founded in response to Sputnik
1962 - Paul Baran docments "packet switching" for Air Force distributed command
1968 - ARPA funds ARPANET, 4 Universities connected @ 50Kbps
1972/73 - ARPA becomes DARPA (DefenseARPA), work on TCP/IP begins.
1976 - Bob Metcalfe invents Ethernet
1977 - Unix and UUCP (Unix to Unix Copy) protocol released by AT&T Bell Labs
1983 - ARPANET converts to TCP/IP DNS created. 562 Hosts @ 56Kbps
1984 - ARPANET divides into MILNET (Military) and ARPANET (research)
1990 - ARPANET replaced by NSFNET 313k Hosts@45Mbps T.Lee invents hypertext
1993 - M. Anderson invents Mosaic, first browser. Later starts Netscape
1994 - NSFNET begins being called Internet, Pizza Hut offers first Pizza online

Ethernet

Ethernet is a means of network communication usually running over category 5(6) wiring or coaxial cabling. Ethernet allows for a variety of speeds during communcation, but the most common are 10 megabytes per second, 100 megabytes per second, and 1 gigabyte per second. The earliest form of Ethernet required each host to monitor the network to wait until the "line was clear." Later forms of Ethernet (switched Ethernet) allows multiple hosts to communicate at the same time.

TCP/IP

TCP (Transmission Control Protocol) and IP (Internet Protocol) are two separate communication protocols. IP provides the means of communication as each host on the Internet has an IP "address" which functions much like a zip code allowing data to be transmitted between those hosts. TCP controls how that data is packaged and sent. If IP provides the zip code and postal service, than TCP is the letter and envelope.

URL

Uniform Resource Locator. http://www.google.com is a URL.

Ports

Shortened form of TCP Port. While each host on the Internet has an IP address, each host can be "speaking" and "listening" on more than one port (similar to more than one P.O. Box at a single address). Web browsers communicate with web servers on TCP port 80 (usually). FTP uses port 21, etc.

Hackers, Crackers, and ScriptKiddies

Over the last dozen or so years, most of the mainstream media have labeled all persons engaged in overcoming computer security measures as hackers, no matter what the motivation of these persons. The term hacker historically refers to someone who benevolently tests a system's security and then details how it was done to the system's administrator so that corrective measures can be taken. Hackers are often refered to as the whitehats. Crackers are the evil hackers out to take over your PC, steal your money, and cause havok by writing viruses and trojans. They are the blackhats. Crackers often create write scripts, small programs that automatically exploit a system without the need for an expertise. Why? To cause more havok. ScriptKiddies are those persons who run these scripts, compromising computer systems without knowing exactly how they did it.

Why worry about Internet Security?

SQL/Slammer aka Sapphire:

"Although the worm caused roughly $1 billion in damage by some estimates, its most significant casualty may be the perception that companies can remain secure by keeping up with software patches and other protective updates. The truth of the matter, security experts say, is that companies need to begin treating such attacks as inevitable and focus on limiting their damage, rather than expending every effort trying to create an ironclad perimeter....The SQL Slammer worm, at 376 bytes of computer code, is much smaller than either Code Red's estimated 4KB (4,096 bytes) or Nimda's 60KB (61,440 bytes). Exploiting a hole that had been announced and patched by Microsoft six months earlier to the day, the worm inundated other computers on the Internet with a copy of itself. The worm's small size meant that it could send itself out in a single data package, or packet, that automatically infected the victim by loading Slammer into memory. That efficiency made Slammer the fastest-spreading worm to date, infecting 90 percent of all vulnerable servers in its first 10 minutes..."

http://news.com.com/2009-1001-983540.html

How did the SQL worm "infect" its victims?

There's an old computer saying, "Security, Convenience, or Speed. Pick any two." Windows is the most popular operating system in the world and it's designed to be easy to use, this makes it a popular target of crackers. Windows XP is the first "out of the box" secure version of Windows. Windows users must be vigilant in applying patches to their systems due to something called a buffer overflow. Microsoft defines a buffer overflow as, " A buffer overflow attack in which a malicious user exploits an unchecked buffer in a program and overwrites the program code with their own data. If the program code is overwritten with new executable code, the effect is to change the program's operation as dictated by the attacker. If overwritten with other data, the likely effect is to cause the program to crash."

Simple translation: If a cracker (or worm) can cause a buffer overflow, they can run programs of their choosing. With the SQL/Slammer worm, a well know buffer overflow existed in the SQL database program running on Windows and was exploited to infect the server. Once a server was infected, it would attempt to infect other servers. The code for SQL worm was about the same size as this paragraph.

The SQL worm was only a warning, as it only required a reboot to remove the worm and caused no physical damage (it didn't erase any files) to the server. It was small, fast, and incredibly efficient at spreading, really a masterpiece of coding.

Windows is not alone in its vulnerability to buffer overflows, MacOS X (and 9), FreeBSD, Linux, OpenBSD, AIX, Solaris, HPUX are also susceptible. Crackers need to be able to establish a connection to a system to effect it, firewalls effectively prevent this.

Malware

Malware is software specifically designed to disrupt or alter the behavior of a computer without the knowledge of its operator. Viruses(worms) (programs designed to infect and spread) and trojans (disguised programs) fall in this category.

Why do people write viruses? Some believe that the Antivirus companies fund virus writers so they will stay in business. Last year Symantec, the largest antivirus company in the world (Norton Antivirus), had a net income of $1.3 billion of which 44% was from their security products. IMHO, most viruses are written by intellegent teenagers with too much time on their hands and parents that can't fathom what they're doing on their computers. The teenagers write the software mainly for "name recognition" from other crackers. A very good description of viruses and trojans can be found at http://www.faqs.org/faqs/computer-virus/new-users/
What can I do about viruses and trojans?
- Have a good antivirus program and keep it updated. Norton Antivirus, McAfee, Sophos are all major players in the virus wars with good products. You can buy most antivirus software for less than $50. A very good free (for personal use) antivirus program is AVG, which is produced by Grisoft. http://www.grisoft.com
- Always scan any attachments you receive via email for viruses before you open them. Also be sure to scan any files you download from the Internet.
- Do regular backups!! Some viruses destroy files, making it impossible for an antivirus program to fix them. CD burners, as well as blank CD media, are cheap and well worth the cost. The average CD can hold 660 megabytes of data, which is quite a few documents.

Spyware and Adware

The number of companies producing software that secretly monitor surfing habits seems to be growing. Most of these spyware programs analyze a user's surfing habits, and then target commercial ads toward the user via browser "pop-up" windows or by redirecting the browser to another web page. Spyware itself is most often installed unknowingly by a user when it is "bundled" with another program, most often freeware. Spyware can also be installed by a single click when a user visits a cleverly crafted web page touting specialized freeware. The terms spyware and adware are often used interchangibly.

Spyware programs also often download and install other programs to "help" in their information gathering. The cumulative effect of spyware, other than the loss of privacy, is a slower and more problematic PC. Almost all spyware programs target the Windows operating system.

Why doesn't my anti virus program detect and remove spyware? It's in the small print. Spyware programs get "permission" to be installed when a user clicks "OK" without reading the EULA (End User License Agreement). The EULA of some programs allow the automatic installation of other programs. Viruses and trojans are known as malware, and they infect your PC without your permission and cause problems.
What can I do to help protect myself?
- Keep your system updated. For personal PCs, keep your Windows updated by visiting http://windowsupdate.com. If you have a warning stating your system needs updating, follow the directions and let the updates occur.
- Surf safe. Stay away from questionable web sites. Watch where you click. Read the disclaimers.
- Avoid downloading and installing software that you don’t need. This is not to say that all freeware is bad.
How do I check for Spyware? How do I get rid of Spyware? My favorite program is Spybot-S&D. Adaware is also a good programs. Both are free and routinely updated with the newest offenders. Spybot Search and Destroy: http://beam.to/spybotsd Adaware: http://www.lavasoftusa.com/support/download/
What are some examples of spyware/freeware programs? RealNetworks Real Downloader, Netscape Smart Downloader, Comet Cursor, Virtual Bouncer, EZSearch bar. For a full list: www.spywareguide.com
Where can I go to learn more about spyware? An excellent page by Steve Gibson detail his battle against Real Networks: http://grc.com/downloaders.htm Another article on spyware from Zdnet: http://www.zdnet.com/products/stories/reviews/0,4161,2612053,00.html

Peer 2 Peer Programs

Kazaa, Gnutella, LimeWire, eDonkey are all examples of PC to PC file sharing programs commonly in use today. For the most part, these programs are used for the trading of copyrighted materials such as music (mp3s) and movies. Aside from the legal issues, P2P software opens a user up a new variety of viruses.

Firewalls

Network and computer based firewalls are named from their firefighting counterparts. They are used to prevent access to a certain area, in this case your PC. Firewalls come in two flavors, hardware and software. Hardware firewalls are most often included in cable-modem or ADSL based routers. These routers allow one network connection to be shared amoung a household full of computers. Software firewalls are programs installed on a PC to protect it from outside attack. Software firewalls can also monitor "outgoing" connections and thereby detect most spyware/adware programs. Windows XP and MacOS X have basic built-in firewalls, but these programs are not activated by default. ALL COMPUTERS CONNECTED TO THE INTERNET VIA ADSL OR CABLE MODEM SHOULD HAVE SOME FORM OF FIREWALL!!! These computers are often left on, making them more "ripe" targets for attack by crackers than those PCs connected by modem. A very good free (for personal use) firewall for Windows is Zonealarm. http://www.zonealarm.com

Online Purchasing

The Internet, along with companies like Amazon, has made shopping easy and convenient for a variety of products. It has also made credit card fraud easier than ever. Here are some tips to help ensure safe online transactions.

Get a credit card especially for online transactions with a low credit line. Make sure the company that issues the card knows you're going to use it for online purchasing and has some form of fraud protection.
Shop at major named sites. Make sure the sites have a phone number that you can call incase of problems. Shopping for the cheapest price and then using your credit card at Joe Blow's Used Car Emporium could lead to a large credit card bill. Websites can be LOCATED ANYWHERE!!!
Make sure you see the "closed padlock" when you are entering your credit card number. This ensures that your transaction is encrypted.
Don't let the online store save your credit card number for convenience. Most online stores will offer this, but allow you to decline. If you do store your number, it may be stored on the company's server which could be cracked later and your number stolen. Some stores save the credit card number in a cookie, a small file on your hard drive. There are email viruses that scan for cookies w/credit card numbers and then send these numbers back to the virus writer.

Passwords

Often the weakest part of any on line system's security is the passwords of its users. People have a bad habit of using the same password for everything, and the password is usually the name of a relative or pet. These are easily guessed by the black hats. Passwords should be unique, and have a mixture of letters and numbers. For example, the password "wireless" could be changed to "w1r3l3$$" which would be much more difficult to guess and crack. Cracking a password refers to using a dictionary attack (program using dictionary words) to continiously guess until the correct password is found.

Social Engineering

Also known as "shuck and jive" if you're from Hazard county. This is where a black hat attempts to fool a victim into revealing sensitive computer information, most often passwords, through email or phone conversations.

So I've got a firewall, virus protection, and I'm being careful surfing, am I safe?

The short answer is no, but you're a lot safer than if you had none of those protections. A good firewall will stop ~99% of all hacking attempts (unless the user does something foolish, like opening an email attachments without scanning it for viruses.) Updated antivirus programs will keep your PC safe from infection. Protecting your PC is like protecting your house, you do the best you can but it is still possible for a determined attacker to get in. The only truly "hack proof" computer is the one that is not on.