I recently got DSL service at home. This service has something called Network Address Translation (NAT), which keeps outside computers from being able to reach my PC (unless I go out to them first, I guess?). But the NAT didn’t work with my company’s Virtual Private Network (VPN) for that very reason, so I’m getting my connection “upgraded” to a static IP address.
So what security issues do I need to worry about? I understand that there are no-goodnicks out there who try to connect to a socket on my computer using random port numbers, hoping to find one that connects, then I guess they’ll try to figure out what it is and what they can do with it? With PC’s, are there often programs listening on ports that I’m not aware of? I know that there are some “worm” programs, which someone can trick a person into installing, and these worms will monitor a port. But are these common? And without a worm, are there security holes in the OS? It seems like if they had been found, it would quickly make the news.
What’s the straight dope? Is it just hype by people wanting to sell firewalls and gateways?
It’s not just hype. There are people out there who will probe your computer for weaknesses, be it on a dial-up connection with a temporary IP or an DSL connection with fixed IP. You’ll get more probes with your fixed IP. (When I was logging probes, I got 10-20 per day). What happens as a result of those probes depends on a lot of factors. Thre are a lot of possible security holes, and the baddies know all of them. Mostly nothing happens, but if something does happen you’re going to hate it.
There’s a lot of information, most of it well-gounded, at Gibson Research Shields Up. You might also want to look at DSL Reports.
Some people don’t like the Zone Labs firewall, becasue you have to explicitly tell it about every program you use to access the Internet. At least it did last time I checked. It may also cause problems with your VPN.
Basic precautions: either turn off file and printer sharing, or leave it on but install NETBEUI and remove the binding of TCP/IP from file and printer sharing (in the TCP/IP properties for your network card in “Control Panel” “Network”). Run a test scan at Gibson Research.
Back Orifice-type worms are more common than you might think… I was just reading on AltaVista about (yet another) security hole in Microsoft Outlook which lets anyone run any command they want on your computer, without you even having to open the message. According to the article, it works by overflowing the date/timestamp buffer, which ends up writing stuff where the OS thinks it’s a command. Anyone want to take odds that this was deliberate, and they were just hoping that nobody would notice?
JonF is correct that ZoneAlarm does require you to set permissions for every program that you would like to allow to access the internet if you have the security settings for the internet zone set to medium or high. However, when a program tries to access the internet the ZoneAlarm asks you if you want to give it access and gives you a checkbox to always remember the answer.
I’m running it with Checkpoint’s SecuRemote VPN and have had no problems. You do have to add the IP addresses of the machines to which you want to connect via VPN to the “local zone” if you want file and print sharing.
The main reason I like ZoneAlarm is that it is free, easy to set up, and seems to work well.
If you don’t use a firewall you should definitely take JonF’s advice regarding file and print sharing.
I’ve got DSL, and a firewall set up to protect my internal network. I also have a laptop that sits outside the firewall with Black Ice (by Network ICE) installed so that I can see who’s scanning/attacking my IP.
Since 4/22 I’ve had 64 separate instances of someone checking my machine for something. Most common are port probes (FTP, TCP, DNS, Telnet, etc.) but I’ve had a few OS fingerprint, SubSeven/Back Orifice probes, NetBus probes, and PCAnywhere pings as well. You’d be surprised how often it happens, and from where. Several of my “attackers” have been from outside the US.
I actually think that the DSL providers aren’t providing enough information about the actual security risks of setting up your machine for DSL… especially if you have a static IP or your machine rarely needs to reconnect.
But normally a PC will refuse a request to be an FTP server, DNS server, or host a telnet session, and as long as you don’t have BackOrifice or PCAnywhere installed, it will refuse these as well. Don’t know about NetBus - do you mean NetBEUI, which I think does some PC file-sharing stuff? I’m not surprised that you’ve had a bunch of attempts, but I would be surprised if any had broken into your system even without any kind of firewall.
To test this out, I connected with my old dial-up networking, which when I do, gets used instead of through my DSL line. (Remember me, I’m the one whose DSL service is shielded behind NAT, but also disabled from doing the things I need to do). Then I went to the Gibson Research web site and had them pound my PC - they were not able to make any headway into it. So why do I need a firewall?
He probably meant NetBIOS (Network Basic Input-Output System), which isa protocol for transmitting information (like TCP/IP). NETBEUI (NetBIOS Ehanhanced User Interface).is a shell around NetBIOS that makes it easier to use. NETBEUI and NetBIOS are used for file and printer sharing but can be used for other things.
NAT is a pretty effective firewall, but it is vulnerable to some things such as IP spoofing (in which an outside source sends packets that are labeled as ccoming from your internal network).
I don’t see why you think that your test with dial-up networking has any relationship to your DSL connection. Have them shut off NAT on your DSL connection and then try the GRC test.
There are ways into your computer other than the ones the GRC site tries. Passing GRC’s test is no guarantee of security, it’s an indication that some holes are plugged.
Do you need a firewall? It’s hard to evaluate the probability of a problem, and it’s hard to evaluate the seriousness of a problem. So the answer is “maybe”. However, a firewall doesn’t cost much (one is free), so it’s pretty cheap insurance.