System Sales
Graphic Design

System Sales 

Tech Docs 
Product Info 


Contact Info.
Ken Goldstein

About CATI

Something Completely 
Virtual Hawaii

Links around town!



High-Tech Times Article 030

What to Do When a Hacker Comes Calling?

Welcome back to the High-Tech Times. This month, I’m going to concentrate on the problems that many people are facing when they sign up for Oceanic Cable’s RoadRunner cable-modem service. But I’m including enough tips and tricks for anyone who accesses the Internet.

Now don’t get me wrong, I absolutely love RoadRunner! It’s hundreds of times faster than my 56K modem, simple to share across computers on my in-house network, and relatively inexpensive ($40/month for home accounts, and $80/month for business accounts). But about six months ago, Oceanic did me the “favor” of changing their login system so that my computers are “always-on,” rather than giving me the option to access RoadRunner only when I choose.
When you dial up using a telephone modem, you are usually assigned an Internet Protocol (IP) address by your Internet Service Provider (ISP) that is fairly random, which means that hackers have to scan billions of IP addresses to find someone to harass. But with RoadRunner, your IP address may not change for weeks or months at a time, giving hackers a much broader target for abuse. I was unpleasantly reminded of this one afternoon when I came back from lunch to find an hacker’s invisible hand moving my on-screen mouse cursor!
I didn’t want to try to understand why a hacker would be interested in prowling around my network -- I just wanted him off! Now! A quick flip of my power switch did the job, at least this time. But I started looking at this incident as a problem that many of my clients might also be suffering. The Internet is a two-way street: if it’s easy for you to access other people, it’s also easy for them to access you - whether or not you want them to. And even if you have a stand-alone, non-networked computer, you may have forgotten that the Internet is the world’s largest network....
The first thing to note is that all Windows (and most Macintosh) computers are configured with really lousy security settings. Think of it this way: unless you take positive action, your computer’s hard-drive is wide open to anyone with just a small bit of knowledge - and lots of software tools that are readily available on the Web. A hacker can quickly download your most private files, delete key information, and even reformat your hard-drive completely - all without your even knowing that there’s a problem! Okay, now that I have your attention, what can you do about these gaping security holes?
Let’s start by making a complete backup of all your data files; the information I’m presenting isn’t dangerous, but you should never pass up an opportunity to make another backup “just in case.” If you’re on a Local Area Network (LAN) at your employer’s office or on a Virtual Private Network (VPN) at home, it would be an excellent idea for you to first check with your network administrator before implementing any of these changes. And be sure to write down all of your settings before changing them, so you can go back and restore things if you need to.
Now, let’s examine your networking setup (remember, if you can access the Internet, you are on a network): right-click your mouse on Network Neighborhood on your Desktop, and go down to Properties and click. [Yes, this is exactly the same as going to Start/Setting/Control Panels/Network.] What we’ll do now is to remove the part of your networking setup that allows hackers to easily connect to your computer: the Transport Connect Protocol/Internet Protocol (TCP/IP). All RoadRunner users have a network interface card (NIC) either internally mounted or via a PC Card for connecting to RoadRunner’s cable-modem.
Scroll down to where you see your NIC, and look for TCP/IP; double-click on TCP/IP and then click on the Bindings tab. If you see that either “Client for Microsoft networks” or “File and printer sharing for Microsoft networks” has a check-mark next to it, UNcheck it. If you’re on a LAN and want to share files and printers locally, then we need to add a non-Internet protocol - either IPS/SPX or NetBEUI.
Under Network, click on Add, double-click on Protocol, click on Microsoft, and double-click on NetBEUI; you may need to have your Windows 95/98 CD-ROM available to load drivers. Then under Network again, click on Add, double-click on Client, click on Microsoft, and double-click on Client for Microsoft Networks. Last, under Client for Microsoft Networks, click on File and Printer Sharing, and enable print sharing, file sharing, or both.
Now go back and examine the bindings for every adapter and protocol installed in your system, and be sure that “Client for Microsoft networks” and “File and printer sharing for Microsoft networks” are present and checked only for NetBEUI and not for TCP/IP, and reboot. This ensures that your computer system is using simple TCP/IP for accessing the Internet via RoadRunner, and uses a non-Internet protocol for file- and printer-sharing. Repeat this process for every computer on your network. As hackers must use TCP/IP, they’ll now have a much harder time accessing your computer systems. This procedure also works for systems using dialup modems, by the way, but you’ll be checking the dialup adapter, rather than the NIC.
Okay, but what if this procedure doesn’t provide enough protection from hackers? I had already done everything I described here when I found my mouse moving across my screen. There are several additional levels of security that you can implement, several free and one low-cost. Let’s start with the low-cost one, as it will help you determine whether you need to add more protection.
BlackIce Defender, from Network Ice <>, is a $40 download that provides both protection from and identification of hackers. This software is available for single machines all the way up to large networks, and generally provides all the protection you’ll need from any but the most tenacious hacker. I run BlackIce Defender on all my network machines, and find it particularly useful for viewing the URLs of hackers who are looking for my system.
But as a computer systems integrator, I’m also using tools that greatly increase my network’s vulnerability. Symantec’s PCAnywhere is a product that saves me many hours of travel time each week, as I can log onto my clients’ networks to identify and resolve problems right from my office. However, PCAnywhere is one of the “hooks” that hackers also look for, as it can give them the same access on my network! How did I find this security hole? I used the services of Steve Gibson’s Internet connection security site <>. Steve is an old friend who both writes excellent science fiction and comes up with truly useful software.  On his site, click on Shields Up! to run an automatic scan of your computer’s shields (as we installed above) and communications ports. I was astonished to find quite a few potential security problems on my network. With all of the Denial of Service (DoS) attacks lately, don’t be surprised if Steve’s site runs quite slow -- it’s worth the wait!
Further searching led me to what may be the final answer to my security problems: Zone Labs <>. To quote their Web site, “Combining the safety of a dynamic firewall with total control over applications' Internet use, ZoneAlarm gives rock?solid protection against thieves and vandals.” ZoneAlarm is a free download for personal use, and it does precisely what they advertise.
With ZoneAlarm installed, even Steve Gibson’s shields- and port-probe software couldn’t detect that my computer was on-line (he calls it “stealth” mode). You do have to tell ZoneAlarm that you want each program to have access to the Internet, but it’s smart enough to remember after that (as long as you check the appropriate box). With BlackIce Defender and ZoneAlarm installed, I can see hackers who try to access me, but it’s obvious that they can’t see me.  And, you know, I really don’t mind giving hackers a hard time...!

See you next month.