Knowing What Your Firewall Is Up Against
Hackers have a number of ways (beyond insecure passwords and software bugs) to get into computers and networks. Most operating systems and other programs have vulnerabilities, and it is only a matter of time before someone discovers them. This article explores just some of the common techniques hackers use to attack computer systems.
It's a zoo: Viruses, worms, and Trojan horses
It seems that not a day goes by that we don't hear about a new computer virus. It sounds scary — and indeed it is. Before you explore the dangers of viruses, worms, and Trojan horses, take a closer look at what exactly these animals are.
- Viruses: A virus is a computer program that is designed to spread itself from one file to another. The effect can range from benign to catastrophic. A virus may just spread itself and never have any other effect. More likely, a virus makes itself noticed in a variety of ways, ranging from displaying a message from the virus's creator to destroying data on your disk. Viruses have a variety of ways to spread from file to file. A few years ago, the most common method of spreading a virus was by sharing floppy disks. With the advent of the Internet and the popularity of e-mail, floppy disks are no longer the most common means of virus transmission. Files can be exchanged much more easily and sent to a much larger number of people in e-mail or via file downloads.
- Worms: Worms are similar to viruses. They also spread, but instead of spreading from file to file, they spread from computer to computer. Worms also have a method of copying themselves to other computers, either by connecting to other computers over a network or by e-mail. Sometimes worms even do so without any human intervention, and sometimes the main purpose of a worm is actually to infect as many computers as possible and to spread as rapidly as possible, rather than to destroy data.
- Trojan horses: A Trojan horse, just like the wooden creature in the old Greek saga, comes as a gift that contains something unexpected. Just as the Trojans were too excited about their gift horse to look it in the mouth, all of us tend to be trusting — too trusting at times. Someone who designs a Trojan horse program preys on this trust by packaging a nasty surprise inside a program that looks interesting to someone who receives it. Suppose that someone sends you a program that plays a funny cartoon on your computer. After you get a good laugh out of it, you forward this program to your friends, who forward it even further. However, while you were laughing at the cartoon, the program also modified your computer. Not only did it install a back-door program that allows others to access and control your computer over the Internet, it also announced the availability of your computer to the author of the program by sending a message to him.
Viruses, worms, and Trojan horses have one thing in common: Someone created them by writing a computer program. Although users can spread these critters inadvertently, they are created on purpose. The purpose may be to prove programming prowess, vandalism, or a number of other things.
Do you have an antivirus program installed on your computer? How about your mail server or your firewall? You should screen for viruses in all of these locations. A number of programs are available to do this. You can find information about these programs on the Web sites of vendors that provide these solutions, such as Symantec, McAfee, or Trend Micro. No matter what antivirus software you use, make sure that you regularly update the virus definitions. If the definitions on your computer are outdated, the antivirus program can't detect the newest viruses.
One type of network attack, referred to as a man-in-the-middle attack, involves intercepting a legitimate connection between two computers and then hijacking this connection. Often, after a user has established a connection to a server, the server assumes that all network traffic that arrives over this connection originates from the user who established the connection. When a file or other resource is accessed, access is granted based on that user's privileges. Some network attacks involve listening in on the connection and then sending network packets to the server. In these network packets, the hacker's computer impersonates the original computer. If such an attack is successful, the intruder gets all the access that the original user was granted.
Impersonation involves a computer or a Web site that is run by a hacker but that appears to be another Web site. For example, a hacker may create a Web site that looks like a popular shopping Web site that collects users' names and payment information as users are entering them on the Web site. Other impersonation attacks may involve the collection of usernames and passwords. Redirecting a user to a different Web site can be accomplished by changing information on DNS servers, by getting someone to click an innocent-looking link on a Web site, or by a number of other methods.
One technique that intruders use to attack you involves eavesdropping on network traffic. Network protocols that use cleartext transmission to send a password, such as the File Transfer Protocol (FTP), are most susceptible to eavesdropping. Most networks rely on shared media, in which any computer connected to the network cable can potentially listen in on all network traffic that goes across the network cable. Unless this network traffic is encrypted, anyone with sinister intentions can record the network packets that are exchanged between other computers. This allows anyone with physical access to a network segment to eavesdrop on the network traffic that flows across this segment. This may include users inside your organization or someone who can plug a computer into a network connection that's located in unattended locations, such as a lobby or an unoccupied conference room.
Outside intruders may also get access to your network in order to eavesdrop. Often, outside access occurs by getting a legitimate user to inadvertently run a program that sends recorded network traffic to the hacker. In many cases, the employee is not even aware that this is happening. A virus or a Trojan horse program installed the listening program.
Even out on the Internet, someone may be listening in on network traffic between your computer and a computer on the Internet. Because of the distributed nature of the Internet, you have no guarantee that someone else does not intercept an e-mail message or an interaction with a Web server. The only way to guarantee that no one is eavesdropping is to encrypt the conversation. Encryption techniques depend on the technology used, such as a Web server or e-mail. If you ever send confidential information, it's worth investigating the encryption solutions that are available.
Eavesdropping becomes even more of a risk when wireless networks are involved. Companies have found hackers parked in cars in the company's parking lot eavesdropping on wireless network traffic. Companies that install wireless networks without implementing encryption and access control lose valuable data every day.