630-673-0184

 
FULL SERVICE COMPUTING AND NETWORKING FOR SMALL BUSINESS
Home Services IE7 & Vista Articles Misc. About Us

 

Safe Computing, Part 1

You know that really isn't the widow of an assassinated Nigerian prince and that stock tip really is not going to make you rich. The bad guys keep abreast of advancing technology, but you're not defenseless. Our previous article Scams, Spam, and Evilware described how some of the criminals work. You can take steps to make your computing environment work for you while keeping the bad guys at bay.

Hide.

With angry pirates about to attack in Gilbert and Sullivan's The Pirates of Penzance, the Sergeant of Police sings, "They come in force, with stealthy stride, our obvious course is now – to hide." That's not a bad idea, particularly when the Internet is involved.

The Internet is exactly what its name says it is – many networks all connected together. The local Intranets all connected into the global Internet can be as small as one or two computers in a home to a giant corporation's or government agency's network of hundreds of thousands of computers. Every computer and other networked device has what's called an IP address, a number between 1 and 4,294,967,294, which is normally expressed as a set of four smaller numbers separated by dots, as in 64.233.167.99. Contained in that number is information that identifies the local Intranet and its position on the global Internet, and the specific computer or other networked device on the local Intranet. Countless criminals around the world relentlessly scan ranges of IP addresses looking for vulnerable computers, somewhat akin to scanning every car in a parking lot looking for keys a lazy attendant left in the ignition. Large organizations have complex equipment and procedures for letting their people do what they need to do while keeping the bad guys out, details of which are beyond the scope of this article.

Smaller organizations and home users typically have a DSL, cable, or T1 modem connected to the Internet. That modem can connect a small number of PCs directly to the Internet, or thanks to a trick called Network Address Translation (NAT) that is built into most routers (sometimes called gateways), computers can have full access to the global Internet but be inaccessible from outside. Think of a business with a traditional phone system where outside callers dial a main number for the company, and a receptionist answers and manually transfers to the desired extension. Direct connections to the Internet are accessible from anywhere in the world like direct dial phones, but computers behind a NAT router are like a traditional telephone system, and the receptionist is permanently out to lunch.

Most IP addresses are accessible from the entire global Internet, but in order to support hiding behind a NAT router and other reasons not germane to this discussion, some IP addresses are private, for local use only. A connection to the above example IP address 64.233.167.99 will get the same target computer from anywhere in the world, just as any public phone number can be dialed from anywhere in the world. On the other hand, a few IP addresses have been reserved for local networks. Those private addresses are not accessible from the public Internet; for example 192.168.1.147 at Company A has no relation to 192.168.1.147 at Company B, just as telephone extension 147 at Company A has no relation to extension 147 at Company B, and no computer at any local network's private address 192.168.1.147 is directly accessible from anywhere on the public Internet.

Without a private IP address behind a NAT router, it will be only minutes before crackers around the world discover you and start probing for software vulnerabilities to exploit. How do you know if you have a private IP address? Check it. (Do not use public web sites that tell you your IP address. Most of them tell you your modem's public IP address, not your own computer's address.) On Windows hit Start, All Programs, Accessories, Command Prompt, and then type an "ipconfig" command. On Mac OS X hit Apple, About This Mac, More Info... to get System Profiler, and then hit Network in the left column and select your wired or wireless Ethernet interface on the right. Your IP address will be four numbers separated by dots. It is a private Intranet address if it is within the ranges

  • 10.0.0.0 – 10.255.255.255
  • 172.16.0.0 – 172.31.255.255
  • 169.254.0.0 – 169.254.255.255
  • 192.168.0.0 – 192.168.255.255

If it is not within one of those ranges it is on the global Internet, where criminals around the world are looking for computers to attack. If that is the case, it might be wise to hide behind a NAT router.

Most newer DSL and cable modems have NAT routers built in, but others do not, and some have built in routers that happen to be disabled. If you have an IP address in one of the above ranges, you are hiding behind a NAT router. If not, you probably should be. Your DSL or cable provider should be able to help you enable and configure your modem for NAT routing or tell you the modem does not support it. If not, you need to buy and configure a broadband router, most of which come with an installation CD that asks you a few questions and then configures them properly.

With a properly configured NAT router you can still get yourself in trouble by doing things such as opening an evil E-mail attachment or visiting an evil or compromised web site, but bad guys can't do anything to you on their own initiative, as the router prevents them from even seeing you.

If they knock, don't let them in.

The late City News Bureau of Chicago's watchword was "If your mother tells you she loves you, check it out." Every holiday brings a rash of E-mail greeting cards from spammers, even more than the usual "Classmate has sent you an E-card" junk. Whether that, a stock tip, a Nigerian prince's widow, or any other scam, there are only three purposes for spam – to part you from your money, to recruit you for illegal activity, or to install evil software on your computer. If it's really your birthday and your sister sends you an E-card from her own E-mail address, it's probably safe to open. Any other E-card is most likely to install evil software on your computer if you click its link or open its attachment, and the same goes for a proclaimed compromising photo of some bimbette.

Legitimate commercial E-mail has an unsubscribe link at the bottom, which will be honored within a day or two of clicking it. Criminal spammers, on the other hand, will know your address is valid if you click the unsubscribe link, and they will sell your confirmed valid address to other criminal spammers.

If a window pops up on your PC announcing that you have been infected with spyware, adware, pornography, or some other form of evilware or embarrassing content and you can click here to clean it up, don't. Most of those are opportunities to inundate suckers with lots more of whatever they purport to remove, or at best to pay them for a lousy product.

No Phishing.

Using well-crafted but fraudulent E-mail and web sites that look convincingly like those of eBay, banks, or other businesses you might deal with is called phishing. They hope to con you into clicking the link to a fraudulent web site for the purpose of harvesting bank account numbers and PINs, credit card numbers, or login credentials. Once phishers have your account numbers or login credentials, they will work quickly to rob you before you discover you've been had. No legitimate financial institution or merchant will ever request confirmation of account information by E-mail or by telephone. Period.

If you just bought something from a reputable online merchant and you get a confirmation E-mail with a click here to see your order status and another click here to see your shipment's progress on FedEx's or UPS' web site, go right ahead and click there. Other than that, clicking a link in an E-mail can be very dangerous. What you see in a link is not necessarily where it will go when you click it – if it says accountservices.yourbank.com it could very well actually go to accountservices.yourbank.com.2x9skw87s-e329jsyrjsjs-s9skwjs8sl.russian-mafia.ru, which looks just like your bank's home page, but will clean out your accounts as soon as it gets your login credentials.

And stay off tacky web sites.

Web sites baring naughty pictures are notorious for quietly downloading and installing evil software while their victims are admiring fine artwork. Less notorious but equally evil are celebrity gossip web sites. You're probably safe on People Magazine's web site, but checking out the web sites of the slimeball paparazzi who stalk celebrities could well deliver an attack on your computer while you're reading the latest on the latest pop tart's boozy misadventures while in rehab.

Next...

Our next article will cover keeping your software up to date and defensive software you can use to protect yourself from the bad guys.

 
AES Systems Corp 630-673-0184