how-to block ads
|
azndude
Zen Master
Premium
join:2001-07-13
AL
| reply to rosco
Re: Good enough for me
How do you know for sure? Do you frequently audit your system to detect any security breaches? If so, what method did you utilize? If not, you should. Your information is always at risk, if you have an always-on broadband connection. Remember that.
--
The truth is packed in a cloud of lies... | |
rosco
Lumbergh
Premium
join:2003-11-10
Catskill, NY | I check logs and port-scan myself from work fairly often. | |
DracoFelis
Premium
join:2003-06-15
| reply to azndude
There is no such thing as perfect security.
said by azndude  :
How do you know for sure? Do you frequently audit your system to detect any security breaches? If so, what method did you utilize?
Actually yes. While there is always "more that can be done", I have taken the following steps to check out the protection from my "home firewall":
1) I had the "security officer" at work try connecting to my LAN (from the office), and see if he was able to. As expected, all the TCP/UDP ports were "closed" (blocked at the firewall), except for the couple I opened to allow "PC-Anywhere" to work from the office.
2) I have anti-virus scans every night, and the virus signatures are also updated nightly. There has been no reported "virus attack" on my Windows machine at home.
3) After turning on the outbound "file sharing" port blocks, I attempted to do just that (send data out those ports). Guess what? It didn't arrive at its destination (just as it should not)!
4) After several of the more virulent of the worm attacks (including at least one where I didn't patch until a few days after the outbreak, by which time virtually 100% of the "unprotected machines" on the internet were infected), I looked for the "signs of infection" that the anti-virus companies released (to tell if you had been "hacked"). Guess what? The telltale signs of infection were not present!
5) I keep an eye on the traffic lights, on the ethernet switches in my house. If there was a sudden upsurge in traffic (which would likely occur if I had a machine infected with an internet worm) I would see it. Yet the traffic on my LAN is pretty much what would be expected for our family's use (including being totally "dead" sometimes when we are doing next to nothing on the LAN).
said by azndude :
If not, you should.
Being aware of what is "normal behavior" for your computers, and therefore being able to detect something "wrong" is always a "good idea". However, it may be a little much to expect from a "joe sixpack" computer user.
And, when all is said and done, such diligence (to "watching what is going on") mostly just lets you know "after the fact" if/when your "defenses" have failed. If the defenses are good to begin with, they will still be good when you don't monitor them. OTOH since no defense is "perfect", it never hurts to "pay attention", just in case someone happens to "get past your defenses".
said by azndude :
Your information is always at risk, if you have an always-on broadband connection. Remember that.
Your information is always at risk, period!
Unless you disconnect totally from the outside world (no "dial-up", no using floppies for "sharing data", no nothing), there is always some way that someone could "hack" your computer! You may be able to make it "harder" (by installing security software and/or hardware), and you may also be able to make it easier to detect when someone does succeed (firewall logs, anti-virus, "trip-wire", etc), but there is always risk.
In the end, it's simply a matter of "weighing risks", and taking reasonable actions to mitigate those risks. The "average home user" neither needs, nor can they afford, the "top level" of security on the market. What they need, is "reasonable security", at an affordable price. As someone who has actually looked into computer security issues (and has also done some professional work securing computer systems), I am actually much more comfortable with a "always on" connection protected by a "home firewall", than a "dial up" connection not protected by anything!
In the case of the "always on connection"/"firewall" setup, you are vulnerable to someone finding a way to break and/or bypass your firewall. This can be done, but it's very very difficult (and beyond your average "script kiddie" on the net)! In most cases, the "internet worm" will just "bounce off your firewall", only slightly annoying you (as the attack will still use up some of your internet bandwidth, before it's stopped by your firewall).
OTOH the lowly "dial up" user (without a firewall), is a "sitting duck" every time they connect to the internet. Yet how many times have you heard the (IMHO false) claim that someone is "safe" because they only use "dial-up"? This is not just theory either, as I've known multiple people who have been "hacked" just this way (when they thought they were "safe" because they were "just a dial-up user"). In fact, I once put a firewall in for my dad (who is still on dial-up), and (while testing the setup) noticed an attempt to hack his machine less than 1/2 hour after I installed the system! | |
jester121
join:2003-08-09
Lake Zurich, IL
 ·ViaTalk
| Oh... you have ports open for PCAnywhere! Excellent. We'll start working on the PCA listener with known vulnerabilities first.
You did restrict inbound access to only your work IP address, right?  | |
DracoFelis
Premium
join:2003-06-15
| said by jester121 :
You did restrict inbound access to only your work IP address, right?
Of course! That was one of the first things I changed when I opened the PC-Anywhere hole in my firewall! I want to allow me (from the office) to get in, not give anyone on the internet a chance to "knock at my door".
I also have the PC-Anywhere "patched up" (using their "Live Update"), and PC-Anywhere is also setup to require strong encryption and a username/password. And once that is entered, a "hacker" would probably still need to know my desktop password (which isn't easy to guess) to unlock my Win2K desktop (just connecting with PC-Anywhere doesn't give you many rights, until the desktop is also "unlocked"). I'm sure this isn't "fool proof" (given a sophisticated enough "hacker"), but it should stop your average "script kiddie" in their tracks.... | |
|
