Security - Possibly Our Most Important Newsletter Story Yet - A Must Read!!
Posted 14 years ago by Internetrix
4 Minute(s) to read
You are most likely being hacked on a regular basis, and you don't even know it.
Don't believe me? Download and install a program called BlackIce (www.networkice.com), which monitors your computer's incoming traffic and sorts out suspicious traffic, displaying easy to read warnings and advice when people try and do nasty things to you. I installed this little baby and cranked it up, and had something close to 100 hack attempts on my desktop machine in the first day. The same thing happened with my staff, who have mostly installed it at home.
Yes, that is right. Home. For just a few seconds of background, I will explain why this is signifcant, and why you should really install these things as a matter of urgency.
When you connect to an ISP, like Ozemail or Bigpond or one of the other ones out there, you get assigned an IP address for the duration of your connection. This is almost always a dynamic - or temporary - IP address. By that, I mean that it is your unique address on the internet, and next time you connect, the computer will allocate you another one. This happens because people get connected to the server for a while and then disconnect from the phone line. Because IP addresses are pretty valuable (there are only so many in the world), the IP address you are using now will probably be given to someone else when you disconnect.
This makes us people who use dynamic IP addresses pretty boring, particularly when compared to published web addresses and web servers. Hackers can not be sure when they come back to hack a dynamic IP who their target is, and so while you would assume most people hack computer systems to actually DO something (eg, steal files), you would naturally conclude that us boring, anonymous dynamic IP users would get left alone.
I thought this too, and I was wrong.
The two reasons are because most home computers use Windows (which is really prone to security breaches), and because people at home and on dial-up connections are now likely to have information that hackers are interested in, like credit card numbers, passwords to bank accounts and more. This makes it a problem.
So, what can you do about it?
I would suggest you install a program called ZoneAlarm. You can find it at www.zonelabs.com. It is a great program, free for private use, and unless you are using it on a LAN where you happen to be the internet gateway computer (if you don't know what this, you probably are not that person), leaving it at the maximum security setting will ensure that should someone interrogate your computer, their hacks are blocked, and in fact, your computer will simply ignore any requests for version information which hackers generally need to get in.
I do not promise that this will keep you completely safe from all hackers, but it will stop 99.9% of amateurs who wish you harm, from getting into your machine and trading your password and account details like prizes from conquests with their friends.
If you are in business, and you have a static IP connection (ie, you have an in-house email server), you are probably at even greater risk, particularly if you have Windows running the mail server (Unix and Linux are seen as more secure in general). We do not provide security services in this area, but we do have contacts with some people who know how to get in and out of common systems. If you would like your system checked, drop me an email, and I can ask a few people if they are interested in testing your system for common holes.
I have also been made aware of a new service being offered by Jim Edwards from Spidrweb Connections. This service basically involves a security audit and then a process of tightening your systems up to make them more secure. I can not vouch directly for Jim's work in the security area - I have not tested it personally - I would recommend you give him a call (02 4225 8677) if you are concerned and see what he has to say.
As a final comment on this tricky area, security is poised to become a bigger and bigger issue for businesses as internet connections increase in speed and the data shared over the internet becomes more and more valuable/sensitive. It is worth getting a handle on things now before it costs your business time and money.