| What is computer security? | | | | associated with it that uniquely identifies it. However, |
| Computer security is the process of preventing and | | | | that address may change over time, especially if the |
| detecting unauthorized use of your computer. | | | | computer isdialing into an Internet Service Provider |
| Prevention measures help you to stop unauthorized | | | | (ISP)connected behind a network firewallconnected to |
| users (also known as "intruders") from accessing any | | | | a broadband service using dynamic IP addressing. |
| part of your computer system. Detection helps you to | | | | What are static and dynamic addressing? |
| determine whether or not someone attempted to | | | | Static IP addressing occurs when an ISP permanently |
| break into your system, if they were successful, and | | | | assigns one or more IP addresses for each user. |
| what they may have done. | | | | These addresses do not change over time. However, |
| Why should I care about computer security? | | | | if a static address is assigned but not in use, it is |
| We use computers for everything from banking and | | | | effectively wasted. Since ISPs have a limited number |
| investing to shopping and communicating with others | | | | of addresses allocated to them, they sometimes need |
| through email or chat programs. Although you may not | | | | to make more efficient use of their addresses. |
| consider your communications "top secret," you | | | | Dynamic IP addressing allows the ISP to efficiently |
| probably do not want strangers reading your email, | | | | utilize their address space. Using dynamic IP |
| using your computer to attack other systems, sending | | | | addressing, the IP addresses of individual user |
| forged email from your computer, or examining | | | | computers may change over time. If a dynamic |
| personal information stored on your computer (such as | | | | address is not in use, it can be automatically |
| financial statements). | | | | reassigned to another computer as needed. |
| Who would want to break into my computer at | | | | What is NAT? |
| home? | | | | Network Address Translation (NAT) provides a way |
| Intruders (also referred to as hackers, attackers, or | | | | to hide the IP addresses of a private network from |
| crackers) may not care about your identity. Often they | | | | the Internet while still allowing computers on that |
| want to gain control of your computer so they can | | | | network to access the Internet. NAT can be used in |
| use it to launch attacks on other computer systems. | | | | many different ways, but one method frequently used |
| Having control of your computer gives them the ability | | | | by home users is called "masquerading". |
| to hide their true location as they launch attacks, often | | | | Using NAT masquerading, one or more devices on a |
| against high-profile computer systems such as | | | | LAN can be made to appear as a single IP address to |
| government or financial systems. Even if you have a | | | | the outside Internet. This allows for multiple computers |
| computer connected to the Internet only to play the | | | | in a home network to use a single cable modem or |
| latest games or to send email to friends and family, | | | | DSL connection without requiring the ISP to provide |
| your computer may be a target. | | | | more than one IP address to the user. Using this |
| Intruders may be able to watch all your actions on the | | | | method, the ISP-assigned IP address can be either |
| computer, or cause damage to your computer by | | | | static or dynamic. Most network firewalls support NAT |
| reformatting your hard drive or changing your data. | | | | masquerading. |
| How easy is it to break into my computer? | | | | What are TCP and UDP Ports? |
| Unfortunately, intruders are always discovering new | | | | TCP (Transmission Control Protocol) and UDP (User |
| vulnerabilities (informally called "holes") to exploit in | | | | Datagram Protocol) are both protocols that use IP. |
| computer software. The complexity of software | | | | Whereas IP allows two computers to talk to each |
| makes it increasingly difficult to thoroughly test the | | | | other across the Internet, TCP and UDP allow individual |
| security of computer systems. | | | | applications (also known as "services") on those |
| When holes are discovered, computer vendors will | | | | computers to talk to each other. |
| usually develop patches to address the problem(s). | | | | In the same way that a telephone number or physical |
| However, it is up to you, the user, to obtain and install | | | | mail box might be associated with more than one |
| the patches, or correctly configure the software to | | | | person, a computer might have multiple applications |
| operate more securely. Most of the incident reports of | | | | (e.g. email, file services, web services) running on the |
| computer break-ins received at the CERT/CC could | | | | same IP address. Ports allow a computer to |
| have been prevented if system administrators and | | | | differentiate services such as email data from web |
| users kept their computers up-to-date with patches | | | | data. A port is simply a number associated with each |
| and security fixes. | | | | application that uniquely identifies that service on that |
| Also, some software applications have default settings | | | | computer. Both TCP and UDP use ports to identify |
| that allow other users to access your computer unless | | | | services. Some common port numbers are 80 for |
| you change the settings to be more secure. Examples | | | | web (HTTP), 25 for email (SMTP), and 53 for Domain |
| include chat programs that let outsiders execute | | | | Name System (DNS). |
| commands on your computer or web browsers that | | | | What is a firewall? |
| could allow someone to place harmful programs on | | | | The Firewalls FAQ ( defines a firewall as "a system or |
| your computer that run when you click on them. | | | | group of systems that enforces an access control |
| Technology | | | | policy between two networks." In the context of home |
| This section provides a basic introduction to the | | | | networks, a firewall typically takes one of two forms: |
| technologies that underlie the Internet. It was written | | | | Software firewall - specialized software running on an |
| with the novice end-user in mind and is not intended to | | | | individual computer, or |
| be a comprehensive survey of all Internet-based | | | | Network firewall - a dedicated device designed to |
| technologies. Subsections provide a short overview of | | | | protect one or more computers. |
| each topic. This section is a basic primer on the | | | | Both types of firewall allow the user to define access |
| relevant technologies. For those who desire a deeper | | | | policies for inbound connections to the computers they |
| understanding of the concepts covered here, we | | | | are protecting. Many also provide the ability to control |
| include links to additional information. | | | | what services (ports) the protected computers are |
| What does broadband mean? | | | | able to access on the Internet (outbound access). |
| "Broadband" is the general term used to refer to | | | | Most firewalls intended for home use come with |
| high-speed network connections. In this context, | | | | pre-configured security policies from which the user |
| Internet connections via cable modem and Digital | | | | chooses, and some allow the user to customize these |
| Subscriber Line (DSL) are frequently referred to as | | | | policies for their specific needs. |
| broadband Internet connections. "Bandwidth" is the | | | | More information on firewalls can be found in the |
| term used to describe the relative speed of a network | | | | Additional resources section of this document. |
| connection -- for example, most current dial-up | | | | What does antivirus software do? |
| modems can support a bandwidth of 56 kbps | | | | There are a variety of antivirus software packages |
| (thousand bits per second). There is no set bandwidth | | | | that operate in many different ways, depending on |
| threshold required for a connection to be referred to | | | | how the vendor chose to implement their software. |
| as "broadband", but it is typical for connections in | | | | What they have in common, though, is that they all look |
| excess of 1 Megabit per second (Mbps) to be so | | | | for patterns in the files or memory of your computer |
| named. | | | | that indicate the possible presence of a known virus. |
| What is cable modem access? | | | | Antivirus packages know what to look for through the |
| A cable modem allows a single computer (or network | | | | use of virus profiles (sometimes called "signatures") |
| of computers) to connect to the Internet via the cable | | | | provided by the vendor. |
| TV network. The cable modem usually has an | | | | New viruses are discovered daily. The effectiveness |
| Ethernet LAN (Local Area Network) connection to the | | | | of antivirus software is dependent on having the latest |
| computer, and is capable of speeds in excess of 5 | | | | virus profiles installed on your computer so that it can |
| Mbps. | | | | look for recently discovered viruses. It is important to |
| Typical speeds tend to be lower than the maximum, | | | | keep these profiles up to date. |
| however, since cable providers turn entire | | | | More information about viruses and antivirus software |
| neighborhoods into LANs which share the same | | | | can be found on the CERT Computer Virus Resource |
| bandwidth. Because of this "shared-medium" topology, | | | | page |
| cable modem users may experience somewhat | | | | [ |
| slower network access during periods of peak | | | | Computer security risks to home users |
| demand, and may be more susceptible to risks such | | | | What is at risk? |
| as packet sniffing and unprotected windows shares | | | | Information security is concerned with three main |
| than users with other types of connectivity. (See the | | | | areas: |
| "Computer security risks to home users" section of this | | | | Confidentiality - information should be available only to |
| document.) | | | | those who rightfully have access to it |
| What is DSL access? | | | | Integrity -- information should be modified only by those |
| Digital Subscriber Line (DSL) Internet connectivity, unlike | | | | who are authorized to do so |
| cable modem-based service, provides the user with | | | | Availability -- information should be accessible to those |
| dedicated bandwidth. However, the maximum | | | | who need it when they need it |
| bandwidth available to DSL users is usually lower than | | | | These concepts apply to home Internet users just as |
| the maximum cable modem rate because of | | | | much as they would to any corporate or government |
| differences in their respective network technologies. | | | | network. You probably wouldn't let a stranger look |
| Also, the "dedicated bandwidth" is only dedicated | | | | through your important documents. In the same way, |
| between your home and the DSL provider's central | | | | you may want to keep the tasks you perform on your |
| office -- the providers offer little or no guarantee of | | | | computer confidential, whether it's tracking your |
| bandwidth all the way across the Internet. | | | | investments or sending email messages to family and |
| DSL access is not as susceptible to packet sniffing as | | | | friends. Also, you should have some assurance that |
| cable modem access, but many of the other security | | | | the information you enter into your computer remains |
| risks we'll cover apply to both DSL and cable modem | | | | intact and is available when you need it. |
| access. (See the "Computer security risks to home | | | | Some security risks arise from the possibility of |
| users" section of this document.) | | | | intentional misuse of your computer by intruders via |
| How are broadband services different from traditional | | | | the Internet. Others are risks that you would face even |
| dial-up services? | | | | if you weren't connected to the Internet (e.g. hard disk |
| Traditional dial-up Internet services are sometimes | | | | failures, theft, power outages). The bad news is that |
| referred to as "dial-on-demand" services. That is, your | | | | you probably cannot plan for every possible risk. The |
| computer only connects to the Internet when it has | | | | good news is that you can take some simple steps to |
| something to send, such as email or a request to load | | | | reduce the chance that you'll be affected by the most |
| a web page. Once there is no more data to be sent, | | | | common threats -- and some of those steps help with |
| or after a certain amount of idle time, the computer | | | | both the intentional and accidental risks you're likely to |
| disconnects the call. Also, in most cases each call | | | | face. |
| connects to a pool of modems at the ISP, and since | | | | Before we get to what you can do to protect your |
| the modem IP addresses are dynamically assigned, | | | | computer or home network, let’s take a closer |
| your computer is usually assigned a different IP | | | | look at some of these risks. |
| address on each call. As a result, it is more difficult (not | | | | Intentional misuse of your computer |
| impossible, just difficult) for an attacker to take | | | | The most common methods used by intruders to gain |
| advantage of vulnerable network services to take | | | | control of home computers are briefly described |
| control of your computer. | | | | below. More detailed information is available by |
| Broadband services are referred to as "always-on" | | | | reviewing the URLs listed in the References section |
| services because there is no call setup when your | | | | below. |
| computer has something to send. The computer is | | | | Trojan horse programs |
| always on the network, ready to send or receive data | | | | Back door and remote administration programs |
| through its network interface card (NIC). Since the | | | | Denial of service |
| connection is always up, your computer’s IP | | | | Being an intermediary for another attack |
| address will change less frequently (if at all), thus | | | | Unprotected Windows shares |
| making it more of a fixed target for attack. | | | | Mobile code (Java, JavaScript, and ActiveX) |
| What’s more, many broadband service | | | | Cross-site scripting |
| providers use well-known IP addresses for home | | | | Email spoofing |
| users. So while an attacker may not be able to single | | | | Email-borne viruses |
| out your specific computer as belonging to you, they | | | | Hidden file extensions |
| may at least be able to know that your service | | | | Chat clients |
| providers’ broadband customers are within a | | | | Packet sniffing |
| certain address range, thereby making your computer | | | | Trojan horse programs |
| a more likely target than it might have been otherwise. | | | | Trojan horse programs are a common way for |
| The table below shows a brief comparison of | | | | intruders to trick you (sometimes referred to as "social |
| traditional dial-up and broadband services. | | | | engineering") into installing "back door" programs. These |
| Dial-up Broadband | | | | can allow intruders easy access to your computer |
| Connection type Dial on demand Always on | | | | without your knowledge, change your system |
| IP address Changes on each call Static or infrequently | | | | configurations, or infect your computer with a |
| changing | | | | computer virus. More information about Trojan horses |
| Relative connection speed Low High | | | | can be found in the following document. |
| Remote control potential Computer must be dialed in | | | | Back door and remote administration programs |
| to control remotely | | | | On Windows computers, three tools commonly used |
| Computer is always connected, so remote control can | | | | by intruders to gain remote access to your computer |
| occur anytime | | | | are BackOrifice, Netbus, and SubSeven. These back |
| ISP-provided security Little or none Little or none | | | | door or remote administration programs, once installed, |
| Table 1: Comparison of Dial-up and Broadband | | | | allow other people to access and control your |
| Services | | | | computer. We recommend that you review the CERT |
| How is broadband access different from the network I | | | | vulnerability note about Back Orifice. This document |
| use at work? | | | | describes how it works, how to detect it, and how to |
| Corporate and government networks are typically | | | | protect your computers from it: |
| protected by many layers of security, ranging from | | | | [ |
| network firewalls to encryption. In addition, they usually | | | | Denial of service |
| have support staff who maintain the security and | | | | Another form of attack is called a denial-of-service |
| availability of these network connections. | | | | (DoS) attack. This type of attack causes your |
| Although your ISP is responsible for maintaining the | | | | computer to crash or to become so busy processing |
| services they provide to you, you probably | | | | data that you are unable to use it. In most cases, the |
| won’t have dedicated staff on hand to manage | | | | latest patches will prevent the attack. The following |
| and operate your home network. You are ultimately | | | | documents describe denial-of-service attacks in |
| responsible for your own computers. As a result, it is | | | | greater detail. |
| up to you to take reasonable precautions to secure | | | | It is important to note that in addition to being the target |
| your computers from accidental or intentional misuse. | | | | of a DoS attack, it is possible for your computer to be |
| What is a protocol? | | | | used as a participant in a denial-of-service attack on |
| A protocol is a well-defined specification that allows | | | | another system. |
| computers to communicate across a network. In a | | | | Being an intermediary for another attack |
| way, protocols define the "grammar" that computers | | | | Intruders will frequently use compromised computers |
| can use to "talk" to each other. | | | | as launching pads for attacking other systems. An |
| What is IP? | | | | example of this is how distributed denial-of-service |
| IP stands for "Internet Protocol". It can be thought of as | | | | (DDoS) tools are used. The intruders install an "agent" |
| the common language of computers on the Internet. | | | | (frequently through a Trojan horse program) that runs |
| There are a number of detailed descriptions of IP | | | | on the compromised computer awaiting further |
| given elsewhere, so we won't cover it in detail in this | | | | instructions. Then, when a number of agents are |
| document. However, it is important to know a few | | | | running on different computers, a single "handler" can |
| things about IP in order to understand how to secure | | | | instruct all of them to launch a denial-of-service attack |
| your computer. Here we’ll cover IP addresses, | | | | on another system. Thus, the end target of the attack |
| static vs. dynamic addressing, NAT, and TCP and UDP | | | | is not your own computer, but someone else’s -- |
| Ports. | | | | your computer is just a convenient tool in a larger |
| An overview of TCP/IP can be found in the TCP/IP | | | | attack. |
| Frequently Asked Questions (FAQ) at | | | | Unprotected Windows shares |
| What is an IP address? | | | | Unprotected Windows networking shares can be |
| IP addresses are analogous to telephone numbers | | | | exploited by intruders in an automated way to place |
| – when you want to call someone on the | | | | tools on large numbers of Windows-based computers |
| telephone, you must first know their telephone number. | | | | attached to the Internet. Because site security on the |
| Similarly, when a computer on the Internet needs to | | | | Internet is interdependent, a compromised computer |
| send data to another computer, it must first know its IP | | | | not only creates problems for the computer's owner, |
| address. IP addresses are typically shown as four | | | | but it is also a threat to other sites on the Internet. The |
| numbers separated by decimal points, or | | | | greater immediate risk to the Internet community is the |
| “dots”. For example, 10.24.254.3 and | | | | potentially large number of computers attached to the |
| 192.168.62.231 are IP addresses. | | | | Internet with unprotected Windows networking shares |
| If you need to make a telephone call but you only | | | | combined with distributed attack tools such as those |
| know the person’s name, you can look them up | | | | described in |
| in the telephone directory (or call directory services) to | | | | Another threat includes malicious and destructive code, |
| get their telephone number. On the Internet, that | | | | such as viruses or worms, which leverage unprotected |
| directory is called the Domain Name System, or DNS | | | | Windows networking shares to propagate. One such |
| for short. If you know the name of a server, say and | | | | example is the 911 worm described in |
| you type this into your web browser, your computer | | | | There is great potential for the emergence of other |
| will then go ask its DNS server what the numeric IP | | | | intruder tools that leverage unprotected Windows |
| address is that is associated with that name. | | | | networking shares on a widespread basis.more...please |
| Every computer on the Internet has an IP address | | | | visit site... |