General Security
[Implications]
[One Method]
[What to do when...]
[Firewalls]
[Different Connections]
[Available Options]
[Conclusion]
A problem with the web:
We all now use the Internet every day for various tasks ranging from email, ftp to web surfing. Each and every one of us seems to be more and more dependent on it. Applications are running fully over the web, but there is a seedier side to the web. The nasty people are out there - The hackers. There intent is not usually malicious but it can be.
Hacking used to be quite primitive. If you wanted to hack into a machine somewhere the first obstacle was to find a physical connection to the chosen machine. Typically this would be performed using a very slow modem and if the telephone number were not freely available this would be the first major obstacle.
Today, time has moved on. No longer do we need to know the number of a modem to dial into a machine. Most companies now have a Web Presence. This may be as basic as an email facility, but whilst we are picking up our email from the email server which might not even be ours, within half a second we have joined the big wide thingy called the Internet.
From this point on, we are vulnerable. If we have a connection to the Internet so that we can connect to our mail server, then the rest of the world can see us as well. Do you want to share your hard disk/server or database with the rest of the world?
Implications
We are all using different operating systems to control our machines. Typically this would be a Windows or maybe a Linux machine. Some of the windows versions that have been released in the past were never intended to be used in this way, and it is relatively simple for nasty people to take advantage of weak security in the operating system. Even newer operating systems still have holes in them that allow the nasty people to achieve nasty things.
Take Windows 2000, one of the more secure operating systems. But out of the box without appropriate patches, there are bugs/features that can be used against us. The press has recently published some of these issues with FBI making strong statements to attempt to constrain the potential damage.
One solution is to make sure our operating systems are fully protected. This is hard to do, but we can at least make sure all the different patches are applied to our machines to stop the nasties in their tracks. Unfortunately there will still be issues that have not been discovered yet. So we need to keep a watchful eye on the patches so we can apply them as soon as possible.
One Method
Unfortunately this is a newsletter and not a book so we can't discuss all the known issues, this article is an attempt to raise awareness.
The recent CodeRed alert was a virus instigated by the nasty people that went looking on the Internet to find machines that were open to attack. Any unpatched version of Windows 2000 was a prime target. Once a machine was discovered it would be infected with the virus so that it could propagate itself further.
Just as this problem went away, along came another virus called Nimda, which looked for weaknesses in the operating system in a similar manner. However unlike the CodeRed virus that concentrated on one specific access method, the Nimda virus investigated and exploited up to ten different methods. If one failed, it would move on to the next one.
This significantly increased the virus's ability propagate.
What do the Nasty people want to do?
Taking the Nimda virus as a basis to discuss. Once infected, the virus will attempt to spread itself as discussed above. There is, however another side to the virus.
The virus also changes the share status of your hard disks so that they can be accessed by anyone. At the same time, it switches on the Guest user logon so that someone could log on to the machine using the standard windows networking and then do what ever they like with your hard disk data.
Another feature is that if your machine is running as a webserver, it will infect your web site People who then access your web site will also be exposed to the virus.
One possible solution is to use Virus software combined with Firewalls.
Firewalls
Firewalls were created to stop unwelcome traffic from accessing a machine which is attached to a network. In effect the software or hardware stops the offending traffic from accessing the machines on the other side of the firewall. You do not need to use these specifically to stop hackers, they can be used to stop internal people seeing different parts of a network. For example, email passwords can be lifted from the network itself.
As we said earlier we all have connections to the net, but do we all have firewalls?
Different Connections
If we have a slow connection (e.g. Dial Up via Modem) then it will take a virus a long time to search out other machines and do what ever it wants to do on them. By comparison if we have a high speed Broadband connection then the speed at which the virus can work is accelerated.
There is therefore a benefit to the virus if it infects machines that have a fast connection.
A few weeks ago, I saw a message that had been left on a forum suggesting: 'if you were accessing the internet with a dial up modem, there was no real point in worrying about it as the connection was too slow to be of much use to a virus'.
But the virus could still be there, looking for other machines, stealing your processing time and potentially causing damage to your own systems.
Once on your machine, if you have a number of other servers on the local network, the virus can see them. It then has a very high speed LAN that it can use to spread within the company, from server to server and from desktop to desktop.
The cleanup operation to resolve this sort of infection could be quite lengthy not to mention expensive.
Available Options
Unfortunately the time has come when we should all run firewalls, whether they be hardware or software it doesn't really matter. The issues and threats do exist.
Experience
So with the above knowledge we made sure that we were protected by firewalls etc in the office. This was fine until one day, due to a technical fault with a piece of hardware a machine was connected directly to the Internet that was normally shielded with a firewall.
Within minutes of making the connection, the security of the machine had been breached. The Nimda virus was starting to install itself, settle in and get ready for the next hop to the next victim. Fortunately this was caught before it got too far. We had the controls in place but unfortunately we allowed the virus to bypass them.
Conclusion
Our companies have machines with permanent or dial up connections to the Internet with sometimes sensitive if not always company confidential data on them. If the security is not in place then the systems can and will at some point be breached.
What can we do about this, learn more about the security issues. Install the firewalls and separate networks in an attempt to limit the possibility of this occurring. Hardware firewalls are good and some come with managed contracts where the unit will be tested periodically to make sure there are no issues, and the configuration is kept up to date. These do however cost money, but in the long term it might be worth it.
In the past an ex boss of mine would not permit a connection to the Internet in the organisation. Now it is hard not to. Email alone, is such a powerful tool.
This is not always just an operating system problem, applications can leave just as big a door open for the hacker/virus to exploit. Make sure the patches are applied.
We need the connections, we don't need the viruses - make sure your systems are 'locked up' as tight as they can be.
Further Reading...
Michael Syree
Proxcom
© Copyright Proxcom Limited 2001 - All Rights Reserved
[Top]
[Implications]
[One Method]
[What to do when...]
[Firewalls]
[Different Connections]
[Available Options]
[Conclusion]
Proxcom Limited
Home 
