Internet Security


Home Page | Comments | Articles | Faq | Documents | Search | Archive | Tales from the Machine Room | Contribute | Login/Register

This is a "generic" document, its only pourpose is to provide a simple introduction to the concept of "network" or "computer" security. What it is and how it works since is good to know something about it.

You're not going to be Security Experts or Certified Crackers by reading this alone, but it's better than nothing.

Note: I am NOT a security expert myself.

A computer is a machine that is used for a wide range of activities, we use it to surf the web, balance our checkbooks, store our pictures, music, keep in touch with friends and family and so on.

Even if you don't have secret informations (unless you work for CIA or another governamental organization) I guess you wouldn't like if someone start rummaging through your mail, books, bank statements and other similar stuff.

The same goes if somebody is using your machine for his own personal amusement. More or less like somebody taking your car for joyriding.

If an unknown person get into your house without invitation and start snooping around in your books, your drawers and in the refrigirator, my guess is that you're going to grab him and throw him out, even if he isn't doing any damage (yet).

Often when a personal computer is cracked (not hacked) into is not done to get the informations that are inside the machine itself, mostly is just to have access to another "innocent" machine to be used as a vector to attack somebody else.

This has two goals: 1) get more machines and 2) complicate the life of who is trying to stop the cracker.

More or less the same as when a thief steal a car for a robbery: he is not interested in you, the car is just a mean.

The only 100% safe machine is one that is switched off, unconnected to any network and locked inside a cupboard.

It is also a 100% useless machine of course. Unfortunately, the more "safe" is a system, the less usefull it is.

In the following of this document I'll consder a "tipical" system, connected to a local network (house or company-wide) with some shared resources (files, e-mail) and connected to the internet.

Let's begin with some theory before going into the practicality. More often than not we heard technical terms but we have no real idea of what they mean, it's a good starting point to shed some light about those terms.

Bandwidth

Is a generical term that usually gives a rough estimate of the speed at which data are transferred. Most modem (dial-up) connections are about 56Kbps (Kilo bits per second), faster connections (in the order of megabits per second) are usually referred as broadband.

Must be noted that in most cases the "true" speed of the connection is way lower than advertised and is not constant. Most "home" connections are in fact shared between multiple users and the maximum speed available varies wildly during the day.

Broadband

This is a generic term (again) to indicate a connection with an high bandwidth. Usually broadband connections uses digital connections through cables.

Cable connections

A cable connection usually is used by an entire office (or more than a single house network) to connect to the internet using a dedicated cable. The cable is rented from a networking (or telephone) company. Cable connections are usually stipulated per-year and with a bandwidth of abot 5Mbps or higher.

DSL

DSL connections are usually done through the normal phone lines if these are "modern" enough (optic fiber or new copper), in these type of connections the data are transmitted digitally, without the need for a Modem to "translate" the informations from digital to analog and back. DSL connections for home use are usually known as ADSL, where the "A" means Asymmetric, this because the bandwidth available for download operation is usually larger than the one for upload, this because usually a "personal" use is more as consumption of data than production. DSL connection for offices or company are sometimes known as XDSL, or Symmetric DSL where both the bandwidth up/download are the same.

Dial-Up connections (modem)

This type was the most common type 'till few years ago. It is now used only where DSL or broadband connections are not available, but is quickly disappearing by the extensions of other services (Wi-Fi or Wi-max for example).

Basic difference between a dial-up and a broadband connection is that the broadband connection is always enabled. The computer is always connected to the internet, while a dial-up connection is enabled and disabled on-demand.

What's an IP address?

If your computer is connected to the internet it is also identified by a number, that number is unique in the whole world and identify your computer without mistake.

That id number is known as IP address.

There are various way to get such IP address to connect, if you connect using a dial-up connection, or a broadband connection bought by a provider, the provider is also responsible to give you a valid IP address. The Ip could change over time, but as long as you have it it is unique.

If you connect throught a cable connection, you'll have to buy one or more IPs from the company providing the connection.

This is The Question, unfortunately, The Answer is not that easy.

To "hack" into your computer (or anybody else) the cracker has to find a "door". There are a numbers of ways to do so:

  1. Using a Bug in any of the softwares that your computer runs.
  2. Using a virus or a worm installed on your machine.
  3. Just knock...

Software Bugs

Technically speaking, a "bug" is nothing more than an error in a piece of software. Software bugs are nothing special, basically every software has bugs, if you didn't knew that, whenever Word crashes and tells you that "this software has done something bad", is because of a bug in word, and not because of some strange event like the technical support is trying to make you believe.

There can be many different errors in softwares, some makes your software crash (and sometimes the whole computer with it), some are simply silently ignored. Somes allow somebody to do things that the developers didn't intended to do. This last type of bugs can be, sometimes, used to "take over control" of the system.

Most software are "listening" on the network or making and breaking connections all the time. Instant Messaging softwares are the kind of things that always listen.

Viruses, Troyans, Worms and more junk

A Virus is a software that "attach" itself to an existing software and is run when the user run the original software. A Troyan is a sort of virus that pretend to be something else, a Worms is a more sophisticated type of Virus that can "crawl" is way through many computers. These 3 things have only one thing in common: they brings problems.

Nowadays, "real" viruses are rare things, most of the time what we get are simply junk softwares, received by e-mails (spam) or downloaded without knowledge from compromised web server or from web-sites that are set up on pourpose to distribute viruses (set up on compromised machines).

Once installed and running a virus/worm can turn a PC into yet another source for more spam and to spread more viruses, or other things.

Usually these kinds of things require the user's intervention to became actives, by running an program, clicking on a link or visiting a web site, but since most users tends to click on everything that doesn't move is no wonder if they work.

Just knock.

In many cases, to "connect" to a machine the only thing that is needed is to "knock". Most machines are left with not security, no password to access them, all the services available with default configuration. This because the user has no clue about which services are running, what they do and how to configure them. Unfortunately, a lot of "system administrator" are nothing more than user with a powerful machine and no knowledge.

The fact that he got in is already enough, then it depends what kind of system and how did he got into it.

On a Windows system in most cases any software runs with high privileges, he can do anything without restrictions. This seems to be changing now with Vista and new breed of systems, unfortunately in most cases when a software (legitimate or not) needs to do something more he will simply show a request to the user that in most cases simply click on "ok" without noticing what the software is doing. This is insecurity by overloding the user with continous requests.

On a Unix (MacOS) or Linux system, unless the user is running as "root" (and there are users that does that), any software run by the user has low privileges and can't do much damage. However, a software could try to raise his own privileges to root status. This is not impossible, but it require an extra-step.

Anyhow, whenever a cracker gain access to a machine what he does first is to install a rootkit, a collection of tools and software to allow him to re-enter the system later. Like a thief making a copy of your house's key to get in again later. Those rootkits can be a real hassle to find and remove.

Another common cracker activity is to install a "bot", a sort of software that receive instructions from the internet and allow the cracker to "remote control" the machine to use it to (again) send spam or other things.

Let's not ignore then the "normal" activity of searching for bank accounts numbers, credit cards details and the like...

How to keep undesired people out of your house? Well, first of all, you close doors and windows. Lock your door, don't let it open and get an insurance if everything fails.

That means, knows which software are running on your system, knows what they do, disable and/or remove all the softwares you are not using or don't want. Keep the system in check.

Run an antivirus to be sure that no critters are amok on your machine. Install a software to check that all the ports are closed and only the ones that you use are actually in use.

How do you do this? It depends. On Windows there are many softwares that can be used, some are expensive and useless, some are expensive and usefull, some are cheap and useless and some are cheap and usefull. Almost none are for free and usefull. On Unix/Linux all the softwares you need are built-into the system, you only have to use them, read the documentation.

Do not open mail attachments without passing them to an antivirus, especially if you don't know what they are. In this sense Linux/Unix users have an advantage since most of the junk coming from the internet is Windows-oriented and can do nothing on non-Windows systems.

Install and configure a firewall, that is a software (or an hardware device) that restrict or block what kind of connections can be established from and to the internet. This allow to keep under control what kind of connections are established and stop dead worms and viruses in their track.

Passwords restrict the access to some resources on the machine, only if you know them you can access the resource. Passwords are very important.

Users hates passwords, they consider them like headaches or a waste of time. Unfortunately a password is all there is between us and a succesfull cracking attempt. Not having or using a password is like to leave the front door of the house wide open.

But also to use an obvious password ain't a good idea.

I've seen way too many users (and administrators) using always the same password "password" in many systems. Not to speak about "admin" used as password or the same name of the company for company-machines.

These kind of passwords are useless, every crackers knows them and he will try them as first resort when trying to access your system. If you use such fake passwords you're only kidding yourself.

In general a password should be difficult enough not to be guessed but easy enough for you to be remembered without writing it down. It shouldn't be a dictionary word and contains a combination of letters and numbers and it should be a minimum of 8 chars long.

Why this dictionary thing (you ask)? Because is way too easy to write a software that try all the words in a dictionary against a system until it runs out of words or succeed in gaining access. That's what computers are good at: automatic processing.

Some systems likes to assign randomly generated passwords, that are composed by many signs. I'm not really happy with such systems, they are "safer" than a stupid password, but they are also impossible to remember for the user that will be forced to write them down somewhere, defeating the pourpose of a password. Like locking the door and leave the key under the doormat.

The best password are (imho) combosed by more than one single word so they compose a small sentence that is easy to remember. It is much better if you use a foreign language. Weird capitalization of the words and replacing some letters with numbers will make the password basically impossible to guess but still easy to remember.

Be sure that your protections are in place and activated. It sounds stupid, but in many cases when some system was penetrated it was through an old bug, because the firewall was simply switched off or because the password hasn't been changed from the default one or there was no password.

Keep your system up to date. Apply security patches, check which versions of the software you run and which versions are available and what kind of bugs have been discovered in those versions.

Periodically change your passwords. Yes, it is a pain in the ass, but is one of the best things you can do to make your system difficult to hack.

Keep you system under control. Is not nice to see that somebody got into it, but is even worse if you notice it after two months and is still in it now!

Insurance = Backup! Make a backup every now and then of your data and keep it in a safe place (not on the same system).

If, despite everything, somebody got into your system, there are only 3 things you can do:

  1. make an image of your system for a post-mortem analysis.
  2. format everything and reinstall from scratch!
  3. change all the passwords, if you have more users, communicate the new password to each one individually, don't use e-mails: is compromised.

Ok, it's bad to say, long and boring to do, but it is the only way to be safe.

How you take an image of the system? There are various way, with Unix/Linux systems you can use DD, with windows you'll have to buy some kind of tools.

Is matter of inspect the image taken after the event and try to figure out what did go wrong. Where is the "hole" that allowed them in.

Is not easy, sometimes is impossible, but is the only way to learn how to avoid it in future.

If you're interested in this argument I strongly suggest you to get a Linux system and play with it for a while. It is for free and has everything you need. After that, you can read some documents:

O'Reilly (www.oreilly.com) has a lot of books about IT security, firewalls and the like.

The Linux documentation project (http://www.tldp.org) has documents on building firewalls and general security.

If you don't want too many technicalities but you like a good book I suggest The cookoo's egg by Cliff Stoll, despite the fact that was written almost 20 years ago, all the techniques are still perfectly valid.

A little outdated, but still actual is also A complete H@cker's handbook, by Dr-K.

And if you write code (for work or for hobby), I strongly suggest you to read Exploiting Software, so you'll know what NOT to do in your code.


Comments are added when and more important if I have the time to review them and after removing Spam, Crap, Phishing and the like. So don't hold your breath. And if your comment doesn't appear, is probably becuase it wasn't worth it.

8 messages this document does not accept new posts
marcomarco By marco - posted 22/04/2008 08:47
domanda semplice.....kaspersky suite e un sistema di protezione valido??
in che percentuale? grazie


mai provato in vita mia


PaoloPaolo By Paolo - posted 26/05/2008 09:01

Se netstat non riporta collegamenti aperti verso l'esterno si dovrebbe stare tranquilli, no ?


che una macchina non abbia nessun collegamento verso l'esterno e' quasi impossibile se e' collegata, come minimo hai connessioni ARP. A meno che non sia disconnessa dalla rete, allora si' che sei tranquillo...


Anonymous coward@ Paolo By Anonymous coward - posted 25/09/2009 08:57

> Se netstat non riporta collegamenti aperti verso l'esterno si dovrebbe stare tranquilli, no ?
> che una macchina non abbia nessun collegamento verso l'esterno e' quasi impossibile se e' collegata, come minimo hai connessioni ARP. A meno che non sia disconnessa dalla rete, allora si' che sei tranquillo...
Scusa ma ... le connesioni ARP cosa sarebbero?

--
Anonymous coward


Davide Bianchi@ Anonymous coward By Davide Bianchi - posted 25/09/2009 11:26

> Scusa ma ... le connesioni ARP cosa sarebbero?

Sono quelle che servono ai vari dispositivi di rete (Switch, routers et similia) per sapere quale computer sta' su quale pezzo di rete. Vedere
http://en.wikipedia.org/wiki/Address_Resolution_Protocol
E detto cosi' senza malizia... ma una ricerchina con google costa cosi' tanto?

--
Davide Bianchi


Francesco PaoliniFrancesco Paolini By Francesco Paolini - posted 22/09/2008 19:02

>A meno che non sia disconnessa dalla rete, allora si' che sei tranquillo...
finch il luser di turno non ci bazzica intorno, si incuriosisce e ci mette le mani sopra|intorno|dentro

Michele P.LinuxDoc By Michele P. - posted 14/01/2009 21:26

www.linuxdoc.org mi porta ad un sito pubblicitario, magari intendevi tldp.org?

--
Michele P.


Luca Bertoncello By Luca Bertoncello - posted 20/07/2012 12:50

Vorrei aggiungere solo una cosa sul discorso "password".
La password e' personale e non va data a nessuno, neanche al datore di lavoro!
Due anni fa, quando le liti con il mio allora capo presero una svolta drastica, mi impose di rivelargli la mia password. Ho temporeggiato e chiesto all'avvocato che mi ha confermato la cosa.
Devo dare al mio capo (ed agli altri eventuali colleghi coinvolti nella cosa) un accesso, anche amministrativo ai Servers, ma non sono assolutamente obbligato a fornire la mia password.
La cosa e' piuttosto importante, sopratutto in caso di liti: se io do al mio capo la mia password, lui puo' loggarsi sui Servers a mio nome, fare danni ed incolpare me. E per me non c'e' modo di dimostrare la mia innocenza.

Giusto i miei due centesimi...

--
Luca Bertoncello


Anonymous coward By Anonymous coward - posted 18/10/2012 15:46

In Windows 7 è presente un programma di backup che permette di creare anche immagini del sistema, è un po' lento ma fa il suo lavoro in maniera decente. Il problema è che non so come accidenti andare a leggerle senza fare un restore!

Sempre in Windows, su gran parte dei siti dei produttori di dischi rigidi (esterni o no), sono scaricabili grauitamente delle versioni "limitate" di vari tool di backup e simili.

Su Mac invece c'è Utility Disco (o se preferite potete usare dd, visto che c'è smiley

--
Anonymous coward


8 messages this document does not accept new posts

Previous


Davide Bianchi, works as Unix/Linux administrator for an hosting provider in The Netherlands.

Do you want to contribute? read how.  
 


This site is made by me with blood, sweat and gunpowder, if you want to republish or redistribute any part of it, please drop me (or the author of the article if is not me) a mail.


This site was composed with VIM, now is composed with VIM and the (in)famous CMS FdT.

This site isn't optimized for vision with any specific browser, nor it requires special fonts or resolution.
You're free to see it as you wish.

Web Interoperability Pleadge Support This Project
Powered By Gojira