The other night I was watching
TV, and couldnt help but chuckle at a local phone carriers
commercial that Ive seen a dozen times: A young guy is on the phone
listening to a listing of movie times. We hear the voice message say, Welcome
to Megaplex 36, and then it proceeds to list the movies and times for
each of the 36 theaters. Around the 34th movie listing, that all too
familiar call-waiting tone beeps.
How someone cannot find a good movie to see by the 34th listing is beyond
me. Perhaps this young gentleman has not heard of the Internet to look up
movie listings (moviefone.com, for example)? I thought of one of Bugs
Bunnys favorite sayings, What an imbecile! What an ultra maroon!
But I digress here. Besides, my disparaging thoughts against this
commercial character would come back to haunt me later
You can see the angst on his face as he debates whether he should take
the call, or listen for the last few movies. He checks his caller ID, but
the caller ID box doesnt work with call-waiting. Alas, the temptation
is just too much and he clicks to the other line to see who it is. Its
the friend who is joining him at the movies. In a panic, the man yells,
No, no wait, clicks back over to the Cinema MegaPlex line only to
be greeted by Thank you for calling Cinema MegaPlex 36. Goodbye. The
commercial ends with the narrator saying You want to know who is on the
other line, so get caller ID with call waiting service.
DEJA V
I had a similar experience when my friend called and asked me whats
playing at the movies. Instinctively, I booted up my PC, knowing that I
would need to access the Internet to check which movies were playing. (I
never call the theatre anymore to see what is playing.) After logging on
to my PC, I told my friend Vic that I would call him back, since I only
had one phone line and only dial-up Internet access at the time. He said
(and I quote), You idiot, why the heck dont you have a cable modem
or at least a second phone line? Youre a moron, its only $40 bucks a
month for broadband and they have it in your area. Some friend, eh?
Talk about a turn of events. I went from insulting a character on a
commercial for using the phone to check movie listings to BEING insulted
for having only dial-up Internet access and one phone line in my house. In
any event, I let the comment pass until about a week later. Vic called and
asked me to surf over to expedia.com
to check out flights and hotels for a vacation to Cancun we were planning
with some other friends. I sheepishly replied, I only have one phone
line, remember? After enduring another of his infamous tirades, I
decided it was time. It was time to buy a cable modem, cancel my ISP, and
endure the extra $20 per month that would no longer be going into my
E*trade account!
POWER TOOLS TO INSTALL A MODEM?
I had wanted a cable modem for some time, but I wanted to wait for
cable modem prices to drop. With free PCs and free Internet access all the
rage, I figured the cable companies might jump on the bandwagon and lower
the prices on cable modems to attract Internet subscribers. My theory was
right in some respects. Several companies offered $100 rebates or more on
cable modems to make the price more attractive. I could wait no longer, so
I shelled out the cash at a nearby The Wiz store, which has a deal with
our local cable company.
They sold me a 3Com cable modem along with a minimum 2-year service
agreement. I drove home, picking up a fellow TMC Labs engineer (Evan
Koblentz) along the way, and we proceeded to install the cable modem. The
computer in my house was not located anywhere near a coaxial cable outlet,
so we decided to draw a coaxial wire from the room above, which does have
a cable outlet. Evan proceeded to drill holes in my bedroom floor, leading
down to the computer room. Evan drilled about seven holes in my bedroom
floor with no success and claimed that he was hitting structural struts in
the floor each time. I learned the hard way to keep Evan away from power
tools! After taking control of the drill, I was able to drill a hole
between the two rooms and draw a cable wire.
We connected the coaxial to the cable modem, connected an RJ45 network
wire from the cable modem to my PC, and then turned on my PC. I changed
Internet Explorer 5.0 from Always dial my default connection to Never
dial a connection, which forced it to use the LAN. Instantly, my home
page loaded, and Evan and I shouted, Woo hoo! in our best Homer
Simpson voices.
YOU WILL BE ASSIMILATED
In any event, with my cable modem installed and working, my next concern
was security.
In fact, with the recent crippling of many popular Web sites by an
attack called Distributed Denial of Service (DDOS), security was
certainly on my mind. These DDOS attacks could have serious repercussions
on the CTI and Internet telephony industries. Can you imagine if someone
were to flood a large ITSP with a Distributed Denial of Service attack?
Essentially in this type of attack, a Web site is flooded with massive
amounts of traffic generated by an attacker utilizing numerous computers.
The attackers traffic then overwhelms the victims site, which in
turn denies legitimate users access to the site. In the case of an ITSP,
this means no dial tone or disconnected Internet phone calls! The
attackers boost the bandwidth of their attack by taking over as many
connected computers as possible on compromised computers called drones
or zombies.
An attacker installs software on each of these drone systems and then
later on connects to and instructs the drone systems to launch Denial of
Service attacks against any selected system. It is nearly impossible to
defend against an attack once it has been launched. The targeted site
receives an overwhelming flood of traffic from the drone PCs, and the
owners of the compromised systems are unwitting participants in the
attack. The best defense is to prevent becoming a drone in the first
place.
My main PC at home is a Windows 98 machine, which certainly would be
vulnerable to attack. My first priority was to ensure the security of this
PC to prevent this machine from being assimilated into the collective
of other (Borg?) drones which have been compromised. The advantage of
dial-up Internet access is that you have a dynamic IP address. The IP
address changes every time you connect to the Internet. Another security
advantage is that dial-up is very slow, making this an unattractive target
for hackers.
Broadband on the other hand is very fast, making it a prime target for
hackers. Also, the IP address is usually static on broadband, which means
you have the same IP address each time you turn on your PC. This means
hackers can find you again even if you turn off your PC and turn it back
on later.
RAISING THE FIREWALL
I did some research on personal firewall software and found several good
shareware and freeware programs. Many of the firewall software programs I
found double as proxy servers as well, which is fortunate since I have two
PCs at home. I should point out that cable Internet service providers
often charge extra to have a second PC connected to the Internet; using a
proxy server is one method of circumventing this restriction. For a short
list of some good proxy and firewall utilities, see Table 1.
I havent tested all of these above programs in-depth, and the list
is but a few of several I have found and tested. However, I did install
@Home BrowseGate Proxy Server and ZoneAlarm 2.0 and liked both of these
programs, especially ZoneAlarm 2.0. Although ZoneAlarm 2.0 is currently
only a firewall solution with no Internet sharing/proxying capabilities,
it was very impressive for two reasons. Number one, its very easy to
use and configure. It was designed for the home user who doesnt know
the difference between an IP address and a subnet mask. The user doesnt
need to know anything about IP protocols the program guides you along
the way to ensure that security is tight. Number two, the program is free!
This is actually one of the few freeware programs I actually wish was
shareware or at least cost me something. I feel guilty that I am using
such a wonderful program on my home PC and I didnt have to pay a dime
for it.
ZoneAlarm 2.0 In A Nutshell
ZoneAlarm 2.0 starts off with everything locked out. When I launched
Internet Explorer for the first time, ZoneAlarm prompted me Do you want
to allow Internet Explorer to access the Internet? I could pick yes or
no, and there was also a check box for Remember the answer next time I
use this program. I was prompted this message each time I loaded a new
program that required Internet access, including the ping command,
RealAudio, ICQ, and others. Once I clicked on yes and checked the
box to remember the setting, the program is automatically trusted in
the future.
Now, if somehow I went to a Web site that surreptitiously installed a
drone or zombie on my PC, ZoneAlarm 2.0 would let me know about it. It
traps all outbound Internet requests and lets me know about each and every
new type of Internet request that I havent added to its trusted
list yet. In many ways, this approach of trapping outbound requests is
more powerful than your traditional firewall, which only blocks inbound
requests! I should point out that Norton Internet Security 2000 and
Conseal Desktop also have this feature according to their product
literature.
THINGS GET INTERESTING
Just after installing ZoneAlarm 2.0 and rebooting my PC, I immediately
received a warning that IP Address 167.206.112.80 was attempting access to
my PC. This was a bit disconcerting to say the least, but I thought it
could be a false alarm, as is often is the case with intrusion detection
systems. The IP address did not look familiar and wasnt at all similar
to my IP address, indicating that it probably didnt come from my ISP. I
went to SpamCop to do a reverse
lookup on this IP address and see if its a known spammer. The only
useful information I was able to get was that the machine was actually a
Web server with the URL fear.cv.net. Fear? Was this a hidden message
by the hacker? As in, fear me? I typed in this URL, but the Web server
only contained Apache manuals.
When I dropped the fear part and replaced it with www I was
redirected to Cablevisions Web site. Phew! Maybe Cablevision (my ISP)
sends out packets to verify that Im supposed to have access to their
broadband network. In any event, Im still suspicious, since I have
rebooted my PC and have yet to see that error message again. Its still
possible a hacker was running a port scanner utility from the fear.cv.net
machine and happened to hit my IP address just as I booted up my PC.
On the other hand, it is possible that the hacker has been happily
accessing my files for the weeks since I have had this cable modem. I
never did disable NetBios by disabling File and Print Sharing in the
Network properties, which certainly is a security risk. The reason I never
disabled it was because I needed access to files on this PC from my second
home PC. I kept putting off setting up a Linux firewall or a Windows
equivalent in my home, since I had other pressing matters and other
priorities (like using spackle on the drilled holes created in my
ceiling). Now Ive learned my lesson Whether I was or wasnt
hacked, it was certainly a wakeup call. When it comes to security, make it
your priority.
Table 1. Some good proxy
and firewall utilities
Name |
Price |
Web
Site |
Conseal
Private Desktop
(acquired by McAfee) |
Firewall
only -- $49.95 |
signal9.com |
SySheild |
Firewall
only -- $29.95 |
sygate.com |
Norton
Internet Security 2000 |
Firewall
only -- $53.95 |
symantec.com |
ZoneAlarm
2.0 |
Firewall
Only -- Free |
zonelabs.com |
Wingate
3.0 Home |
Proxy
& Firewall -- $29.95 |
wingate.com |
@
Home BrowserGate Proxy Server |
Proxy
& Firewall -- $99 |
netcplus.com |
|