Times Article 030
to Do When a Hacker Comes Calling?
back to the High-Tech Times. This month, I’m going to concentrate on the
problems that many people are facing when they sign up for Oceanic Cable’s
RoadRunner cable-modem service. But I’m including enough tips and tricks
for anyone who accesses the Internet.
don’t get me wrong, I absolutely love RoadRunner! It’s hundreds of times
faster than my 56K modem, simple to share across computers on my in-house
network, and relatively inexpensive ($40/month for home accounts, and $80/month
for business accounts). But about six months ago, Oceanic did me the “favor”
of changing their login system so that my computers are “always-on,” rather
than giving me the option to access RoadRunner only when I choose.
you dial up using a telephone modem, you are usually assigned an Internet
Protocol (IP) address by your Internet Service Provider (ISP) that is fairly
random, which means that hackers have to scan billions of IP addresses
to find someone to harass. But with RoadRunner, your IP address may not
change for weeks or months at a time, giving hackers a much broader target
for abuse. I was unpleasantly reminded of this one afternoon when I came
back from lunch to find an hacker’s invisible hand moving my on-screen
didn’t want to try to understand why a hacker would be interested in prowling
around my network -- I just wanted him off! Now! A quick flip of my power
switch did the job, at least this time. But I started looking at this incident
as a problem that many of my clients might also be suffering. The Internet
is a two-way street: if it’s easy for you to access other people, it’s
also easy for them to access you - whether or not you want them to. And
even if you have a stand-alone, non-networked computer, you may have forgotten
that the Internet is the world’s largest network....
first thing to note is that all Windows (and most Macintosh) computers
are configured with really lousy security settings. Think of it this way:
unless you take positive action, your computer’s hard-drive is wide open
to anyone with just a small bit of knowledge - and lots of software tools
that are readily available on the Web. A hacker can quickly download your
most private files, delete key information, and even reformat your hard-drive
completely - all without your even knowing that there’s a problem! Okay,
now that I have your attention, what can you do about these gaping security
start by making a complete backup of all your data files; the information
I’m presenting isn’t dangerous, but you should never pass up an opportunity
to make another backup “just in case.” If you’re on a Local Area Network
(LAN) at your employer’s office or on a Virtual Private Network (VPN) at
home, it would be an excellent idea for you to first check with your network
administrator before implementing any of these changes. And be sure to
write down all of your settings before changing them, so you can go back
and restore things if you need to.
let’s examine your networking setup (remember, if you can access the Internet,
you are on a network): right-click your mouse on Network Neighborhood on
your Desktop, and go down to Properties and click. [Yes, this is exactly
the same as going to Start/Setting/Control Panels/Network.] What we’ll
do now is to remove the part of your networking setup that allows hackers
to easily connect to your computer: the Transport Connect Protocol/Internet
Protocol (TCP/IP). All RoadRunner users have a network interface card (NIC)
either internally mounted or via a PC Card for connecting to RoadRunner’s
down to where you see your NIC, and look for TCP/IP; double-click on TCP/IP
and then click on the Bindings tab. If you see that either “Client for
Microsoft networks” or “File and printer sharing for Microsoft networks”
has a check-mark next to it, UNcheck it. If you’re on a LAN and want to
share files and printers locally, then we need to add a non-Internet protocol
- either IPS/SPX or NetBEUI.
Network, click on Add, double-click on Protocol, click on Microsoft, and
double-click on NetBEUI; you may need to have your Windows 95/98 CD-ROM
available to load drivers. Then under Network again, click on Add, double-click
on Client, click on Microsoft, and double-click on Client for Microsoft
Networks. Last, under Client for Microsoft Networks, click on File and
Printer Sharing, and enable print sharing, file sharing, or both.
go back and examine the bindings for every adapter and protocol installed
in your system, and be sure that “Client for Microsoft networks” and “File
and printer sharing for Microsoft networks” are present and checked only
for NetBEUI and not for TCP/IP, and reboot. This ensures that your computer
system is using simple TCP/IP for accessing the Internet via RoadRunner,
and uses a non-Internet protocol for file- and printer-sharing. Repeat
this process for every computer on your network. As hackers must use TCP/IP,
they’ll now have a much harder time accessing your computer systems. This
procedure also works for systems using dialup modems, by the way, but you’ll
be checking the dialup adapter, rather than the NIC.
but what if this procedure doesn’t provide enough protection from hackers?
I had already done everything I described here when I found my mouse moving
across my screen. There are several additional levels of security that
you can implement, several free and one low-cost. Let’s start with the
low-cost one, as it will help you determine whether you need to add more
Defender, from Network Ice <www.networkice.com/>, is a $40 download
that provides both protection from and identification of hackers. This
software is available for single machines all the way up to large networks,
and generally provides all the protection you’ll need from any but the
most tenacious hacker. I run BlackIce Defender on all my network machines,
and find it particularly useful for viewing the URLs of hackers who are
looking for my system.
as a computer systems integrator, I’m also using tools that greatly increase
my network’s vulnerability. Symantec’s PCAnywhere is a product that saves
me many hours of travel time each week, as I can log onto my clients’ networks
to identify and resolve problems right from my office. However, PCAnywhere
is one of the “hooks” that hackers also look for, as it can give them the
same access on my network! How did I find this security hole? I used the
services of Steve Gibson’s Internet connection security site <www.grc.com>.
Steve is an old friend who both writes excellent science fiction and comes
up with truly useful software. On his site, click on Shields Up!
to run an automatic scan of your computer’s shields (as we installed above)
and communications ports. I was astonished to find quite a few potential
security problems on my network. With all of the Denial of Service (DoS)
attacks lately, don’t be surprised if Steve’s site runs quite slow -- it’s
worth the wait!
searching led me to what may be the final answer to my security problems:
Zone Labs <www.zonealarm.com>. To quote their Web site, “Combining the
safety of a dynamic firewall with total control over applications' Internet
use, ZoneAlarm gives rock?solid protection against thieves and vandals.”
ZoneAlarm is a free download for personal use, and it does precisely what
ZoneAlarm installed, even Steve Gibson’s shields- and port-probe software
couldn’t detect that my computer was on-line (he calls it “stealth” mode).
You do have to tell ZoneAlarm that you want each program to have access
to the Internet, but it’s smart enough to remember after that (as long
as you check the appropriate box). With BlackIce Defender and ZoneAlarm
installed, I can see hackers who try to access me, but it’s obvious that
they can’t see me. And, you know, I really don’t mind giving hackers
a hard time...!
you next month.