VIRUSES, TROJANS, SCRIPT kiddies, Denial-of-service Attacks

The Internet can be a dangerous place for the unwary. Even big companies aren't immune, with regular embarrassing stories about how credit card numbers lor other personal information) they've collected have been accessed by hackers. So, is there any way to keep your system secure when you go online?

One piece of advice you'll hear again and again, is that you must get a firewall, This is certainly a good idea, but there are so many myths in this area, that it can be difficult to figure out why. Who is most at risk online? Is going online via an ADSL connection more insecure than using a modem? Once you've installed a firewall, does this mean you're safe? And what exactly does a firewall do, anyway?

Port to port
Before you can understand how to restrict your PC's access to the Internet, you first need to know how It works normally, so let's begin with a little theory

The Internet is normally associated with Web pages, but it offers plenty of other services: POPS and SMTP email, Usenet, FTP and Telnet are well-known examples
www.net workice.com/advice/Exploits/Ports/ for a full list,
and there's nothing to stop a single computer providing all of these features.

To help keep things organised, each service is normally allocated to a different port on the server This isn't a physical feature of the computer, like a serial port - it's just a number contained within every packet of data the server receives. Each service looks for its own port identifier and handles any incoming information that belongs to it.

Such flexibility is useful, but not something the average user cares about - they just want to run their FTP or news program, and see it work correctly To make this happen, most services use standard port numbers: FTP is 21, HTTP uses 80, NNTP news servers default to 119, and so on. Your browser and other Internet applications know which ports to use, and so everything works automatically.

Still, some servers do use alternative ports. You may have seen when this happens on a site, as the URL has a colon, followed by the new port number at the end of the address: www.bigsite.com:8080/downloads/ The chances are you don't have a Web server at home, of course, but that doesn't matter. Your PC makes use of ports, too, and whenever you go online they're accessible to everyone else on the Internet. This could make your PC and data available to any passing hacker, but what are the actual risks?

Port scans
Despite the constant scare stories, it's really very difficult for someone else on the Internet to hack into your PC.

Their first challenge is just to find you. When you go online, your ISP will almost certainly allocate you a different IP address [your unique location on the Internet] every time. Any hacker then only has the duration of that single Internet session to penetrate your defences, or see all their work go to waste.

You'll almost certainly have read dire warnings about how this doesn't apply to broadband connections. Get ADSL, you're told, and its 'always-on' connection means that hackers can be hammering at your PC 24 hours a day Fortunately this simply isn't true. While you can pay extra for a static IP address, the standard BT ADSL connection provides a dynamic address, giving you similar protection to a normal modem user.

Good news? Yes, but you're still potentially at risk for the time you're online. A hacker will typically use an automated port-scanning tool to check a wide range of IP addresses, sending a message to the key ports on each system, and examining the responses (if any) for potential vulnerabilities.

The best way to protect yourself is to see the type of information your PC is currently giving out, and there are plenty of Web sites that offer to do just that. We particularly like Sygates free online scanning service scan.sygatetech.com for its detailed reports, and HackerWatch www.hackerwatch. org/probe for its in-depth tests, while BlackCode www.blackcode.com allows more experienced users to scan a particular range of ports. Interpreting the results can be difficult, though, unless you know what to look for.

Who's at risk?
One problem with most online port-scanning sites is they tend to over-dramatise their result Typically you'll be told that having port 139 (Windows NetBIOS file and printer sharing) open leaves your entire hard disk open to other Internet users, for example.

However, if your PC isn't connected to a network, then you probably won't have file and printer sharing installed (select Network in Control Panel, to check). In this case, there's nothing listening at port 139, and it's not possible for an external hacker to use it to access your hard drive.

Networked PC's are at more risk, but even here hackers can only access folders you've chosen lo share [which is why it's a good idea lo share Individual folders like 'My Documents', rather than your entire PC|. And they'll only be able to do this if you've forgotten to password-protect each share, or used a password that's very easy to guess. For lots more helpful information on NetBIOS, see the Navas Group page at cable-dsl.home.att.net/netbios.htm|
Although scanning sites target lots of other ports on your PC, the risks arc very limited. Hackers can send all the messages they like, but unless you have an application running that's listening to the targeted ports - a Web or FTP server say - they can't get any kind of access to your system.

So, a standard Windows 98 system Is likely to be very safe when online, and even a networked PC can be strongly protected, simply by making use of security features that already exist in the operating system. Adding a firewall is still advisable, though, as a look at one of the more popular examples will make clear.       

Look here for more info www.netmag.co.uk

 Personal Firewalls -Free for personal use

http://www.tinysoftware.com

http://www.zonelabs.com/