Page One

Campus Computing News

EagleMail Gets a New Face, and More ...

Lab-of-the-Month: The Labs of the College of Arts and Sciences

Winter Break Hours

Renew PRAS Accounts for the Spring

Virus Scanning in GroupWise

Today's Cartoon

RSS Matters

The Network Connection

List of the Month

WWW@UNT.EDU

Short Courses

IRC News

Staff Activities

Subscribe to Benchmarks Online
    

Network Connection

By Dr. Philip Baczewski, Associate Director of Academic Computing

But is it a Hack...

Is your computer safe from the Internet? To be safe, you should have a virus protection program to prevent your personal computer from being affected (or infected) by E-mail born computer viruses. You should also use a backup program to make safe copies of your files (especially data and documents) in the event of a catastrophic happening on your computer, whether it be a virus infection or a hard disk crash. That may not be all that you need. Since many computers now spend much or all of their powered-on time connected to the Internet, you might need to guard your system from Internet hacking activity.

This does not mean that just because your computer is on the Internet, it is vulnerable to being taken over by some netcriminal who will steal your best games, suck all the money out of your Quicken accounts, and erase your hard drive. Any Internet-connected computer can be negatively affected by targeted network activity in the form of a denial of service attack. Most personal computers fall somewhere in between these extremes, and the measures you need to take to safeguard your system depend upon its Internet capabilities, its purpose, and on the time it spends online.

Internet Insecurity?

Internet security is viewed by some as an oxymoron equivalent to military intelligence. It is incorrect, however, to fault the Internet for a lack of security, since it was never designed to be secure. Instead, it was expected that any needed security would be maintained on the client systems that connected to the network. In fact, despite its start as a U.S. Department of Defense project (a.k.a. the ArpaNet), security was among the least of the early Internet design concerns. The problems the Internet was designed to solve included the interconnection of different kinds of computer systems and the development of a network that could still operate when parts of it had been permanently disabled (in other words, in the event of the worst possible cold-war scenario).

For disparate computers to interoperate, they must speak a common language. TCP/IP network protocols provide that language, but also provide remote control and access where previously there had been little or none. Breaking down this barrier to access opened the door to hacking, but at the start of the Internet, hacking as we know it today was not an issue. The network was limited to a small community which participated in military defense research, and was a closed group whose members were familiar to each other. Access to the network required access to a multiuser computer. These multiuser systems required a username and password for access and generally logged the activities of those that used them. Today, personal computers can be easily connected to the Internet, and while the network connection sometimes requires some kind of authentication, there is generally no knowing what individual is using that computer and no detail logging of their activities.

The other design factor of the Internet was its ability to operate with substantial portions of the network out of operation. This made the expansion of the network easy to accomplish, since there is only limited central authority, mostly controlling addressing issues. One thing that was not and still is not required is authentication to a central authority for access to the network. Adding computers to the Internet is just a matter of being sure that there is no addressing conflict. Such a scheme, however, does little to control who can access the network or provide a mechanism for barring those who misuse it.

The History of the Hack

This leads us to the origin of hacking. In ancient days, say about 20 years ago, a hacker was someone who could "hack together" enough programming language to make a computer do what they wanted it to do, usually expanding the capability of computers in the process. This culture of testing one's programming ability had as its goal to demonstrate prowess, without necessarily producing a totally practical outcome.

Also in the days before the AT&T breakup, there were certain people who took great pleasure in "hacking" the long distance network in order to keep "Ma Bell" from taking in more money for the telephone monopoly. While illegal, such activity was at a time almost as common as today's computer hacking and even generated a degree of hero worship of those willing to rebel against the power of the phone company. At some point, these two cultures seemed to influence the origin of the computer hackers of today. Much of Internet hacking was and still is done by people who just need to prove to themselves or others that it can be done.

Today, hacking has a darker side. There are those who take advantage of insecure systems to provide themselves a platform for less than ethical behavior, like sending commercial SPAM, staging denial of service attacks, defacing web sites they don't like, or even stealing commercial or private information. The increasing availability of broadband Internet service, like cable modem and DSL, means that personal home computers are now potentially as vulnerable as all those UNIX systems that originally gave the Internet a reputation as a hacker's haven.

Assessing your Vulnerability

The extent to which your computer is vulnerable to hacking activity is a combination of several factors. The first is how many hours a day your computer is on the Internet without any intervening security measures. Another is how useful is your computer to hackers. Multiuser systems with support for standard Internet protocols are the most attractive targets, since they can be controlled by hackers and used to support continued activity. In case you didn't know, Windows NT and Windows 2000 both fall into this category. Windows 95/98 and Macintosh systems currently are less vulnerable, but not completely free from peril (when Macintosh OSX is released, it will have as its foundation essentially a UNIX system, making it much more vulnerable to hacking activity).

The next factor which affects vulnerability is the visibility of your computer on the Internet. If you connect via a dialup service and only remain connected when you are engaged in online activities, then your exposure is minimal, but not nonexistent. Each time you dial up, you are assigned a different Internet address, so the window of time in which a hacker could attempt to access and control or harm your system is limited. On the other hand, if you have a direct connection to the Internet which is always on, then your vulnerability increases because you usually have one assigned address which identifies your computer.

If you run any Internet services like a web server, then your visibility and thus vulnerability increases. If you run LINUX or Windows NT/2000 and receive e-mail on those computers and run your own web server, you are definitely at the high end of the vulnerability index.

Protecting Your Virtual Turf

Just because your system may be vulnerable doesn't mean that you have to sit up nights worrying about being hacked. In fact, there are a number of software tools available, freeware, shareware and commercial, that give you a certain degree of control over what kind of network connections can be made to your personal computer. Most of these are in the category of personal firewalls. A firewall is software which only allows selected network communication to be processed by your computer. Using a firewall lets you screen out any Internet services which might pose a security hazard to your computer and will usually notify you of any unusual Internet activity which occurs. Concepts of Internet security are not simple, but personal firewall software simplifies security management. This can be a good thing and a bad thing, since you are putting a lot of your trust in a program written by someone you don't know. It is up to you to read that program's documentation and understand as much as possible how it works.

There are some places you can look for security advice and software. The SANS (System and Network Security) Institute (http://www.sans.org/) publishes security-related information including hacking vulnerabilities found in software and operating systems for most types of computers. There are also other sites where you can find software tools and information about network security. There is a useful Internet Security page at http://security.webattack.com/ which provides links to various kinds of security software and provides overviews on issues of network security. Most of the software referenced, however, seems to be for Windows computers. Macintosh users might want to visit the "tucows" software download site (http://mac.tucows.com/macintosh.html) which includes sections for network tools and security. LINUX users can get security information from their particular LINUX distribution site, or from the LINUXLINKS security page: http://www.linuxlinks.com/Security/

But is it a Hack?

It's a good idea to make use of firewall or other utilities if your computer is possibly vulnerable to attack. Certainly you should do so if you have a fixed Internet address and you leave your computer turned on for hours or days at a time. You should also make use of common sense in evaluating threats to your system. In my role as administrative contact for the UNT network, I've gotten several e-mail messages lately along the lines of "your network is hacking my PC!" These have generally turned out to be one single attempt to access one Internet port as reported by their personal firewall software. While it is certainly good to report activity that you suspect as hacking, you would probably not call the police because someone accidentally came to the wrong address and knocked on your door. You might if they tried the knob. You should if they try the knob and every window and keep trying. One access to one Internet port is the equivalent of an accidental knock on the door.

The security of your personal computer should be your personal concern. There isn't an "Internet Police Force" which will guard your security for you (and I'm pretty sure I don't want one). With some common sense and a few key tools you can greatly increase your computer's security. It's your computer. It's your responsibility.


  • For a interesting view into the early culture of computer hacking, read "Cyberpunk, Outlaw and Hackers on the Computer Frontier" by Katie Hafner and John Markoff, Simon and Schuster, 1991, ISBN 0-671-68322-5.