August, 2003

Security

This month's hot skill is also turning out to be this year's hot skill - security. There are many aspects to it. The best way you can learn is by improving the security of your own computer(s) at home. To start with, you need to operate behind a firewall. This blocks worms and others with malicious intent from accessing the open ports on your computer. This firewall can be hardware or software-based. For a definition of a firewall, click here. Once you're set up, you need to go into the configuration of your hardware or software solution and figure out how to set the ports of your machine to "stealth". This way, when people run software that scans hundreds of machines for open ports, yours won't even appear on the list. If they can't find you, it's so much harder for them to mess with you. How do you know if you've effectively made yourself invisible? A good way to test is to visit the Gibson Research Corporation site. They have a very popular testing area called Shields UP!!^TM. You'd be surprised what can be revealed by a scan such as the one they do. Do all the tests at the bottom of the page; file sharing, common ports, all service ports, messenger Spam, and browser headers. They'll show how vulnerable you are to intrusion. You're doing well when all your ports are locked down appropriately and the scan shows you are in "stealth" mode. When you set up a hardware solution, it is in many ways similar to the way you'd configure a software solution. You want to turn off all the ports that you won't be using. You want to make sure that nothing is able to come into your machine and then redirect a result back out. And don't forget to run a program like Ad Aware, that gets rid of spyware. People often let such things inadvertently enter their system.

Once you're talking corporate security, HSOTM can't even begin to address the issue. You could write books on how to configure a web server so that it's sufficiently hardened that you can put it out on the Internet behind a firewall and not fear for its safety. But really, a lot of it is about common sense. The biggest and most damaging intrusions in IT systems come from insider knowledge. They know what information is on what server, who can be bribed, and what is the most valuable. You can't let people wander all over your offices. You can't leave your passwords around where they can be found, on little slips of paper. You can't have passwords that have "John Elway" or anything about the Broncos in them. C'mon - it's Colorado. Crackers know to try those first. It's always easier to get the passwords and other things they'll need for access from unwitting employees than to try to hack in by brute force. Even at work, enable your own personal firewall on your desktop or laptop PC. If you know they're running a particular anti-virus product (I'm not naming names, but it's widely known to be difficult to update on corporate networks), uninstall it if you can and install your preferred brand. Set it to automatically update; you'll be glad you did. This has saved my cheese many a time. If you have more interest on the subject, try a google search on "white hat" and "black hat" hackers. These are people who hack into systems, but for different reasons. White hat hackers are trying to find problems in order to fix them. Black hats are not. Or hang out at DefCon next time around. You'll learn a lot!