DSL and Cable Modems: The Dangers of Having a Static IP Address
Size: px
Start display at page:

Download "DSL and Cable Modems: The Dangers of Having a Static IP Address"

Transcription

1 DSL and Cable Modems: The Dangers of Having a Static IP Address By Joe Edwards ECE 478 Spring 2000

2 1.0 Introduction As computer technology continues to rapidly progress, more and more people are abandoning their traditional modems for much higher speed Internet connections. Currently, the two most popular methods for the average home user to obtain a high speed connection to the Internet are through Digital Subscriber Lines ( DSL ) and Cable Modems. An added advantage of these types of connections is that they are always connected to the Internet, and do not interfere with normal telephone line usage. It is this last fact, however, that is responsible for a number of serious security concerns. The fact that these computers are always connected implies that they are given a fixed Internet Protocol ( IP ) address. Even though cable companies theoretically assign their IP addresses dynamically from a pool of addresses during each connection, in reality, users typically wind up with the same address all of the time [B]. With DSL, users also are normally given a fixed IP address. This effectively gives these users a permanent presence on the Internet, which makes them substantially more visible targets to malicious activity than they would be otherwise. 2.0 The Security Issues 2.1 Open Ports Traditional modem connections to the Internet are almost always assigned a different IP address for each connection, meaning that a given system is difficult to find and track. Automatic port ( ports are the doorways into a computer over a network connection ) scanning devices are currently in wide use on the Internet to find open ports that may be exploited by a remote party. A popular web site, Shields Up! ( http: //grc.com ) has performed over 2.3 million tests on computer systems. Over one-fourth of the systems tested allowed some degree of access to their file systems over the Internet. An astonishing 8 percent allowed any kind of operations ( including deletion ) to files over the Internet using Windows file sharing! [A] This statistic clearly shows that the danger of a persistent Internet connection, particularly when running the ubiquitous Windows 95/98, is very real. The problem is aggravated by the fact that home users are many times completely unaware of these security issues. Traditional users of persistent Internet connections, such as corporations, hire information systems specialists to protect their connection with a variety of sophisticated hardware and software firewall mechanisms. In contrast, many home users run Windows 95/98 and unknowingly share all of their files with everyone on the Internet using the infamous NetBIOS protocol on port The Biggest Targets Naturally, the biggest targets for an attack are software packages that are very widely used. These packages include the Microsoft Windows operating system, Microsoft Internet Explorer, and Microsoft Outlook. As indicated in the previous section, by far the easiest and most common target is the file sharing that is built into Windows. If file sharing is enabled through NetBIOS on a Windows 95/98 computer, then it is very possible that everyone on the Internet will have read, and perhaps even write access to the shared files. Clearly, this is a security problem that could prove to be completely devastating to all confidentiality as well as all aspects of the filesystem.

3 Another huge target involves the use of ActiveX and Java applets in Internet Explorer. It is possible for these entities to gain access to all aspects of a computer system, and even disable existing security. Microsoft Internet Explorer is integrated into the Windows 98 operating system, and therefore, to a large degree, security weaknesses of Internet Explorer many times become security weaknesses for the system as a whole. The last major target is one that has received a large amount of publicity for its wide spread effectiveness. This target is that of malicious attachments and scripts. Scripts and executable files distributed via can be designed to facilitate any number of different possible attacks. One attack that is particularly effective in the context of persistent Internet connections is that of an invisible Trojan horse program, such as the famous Back Orifice. These Trojan horse programs can potentially allow an attacker to have complete and total control of a compromised system remotely over the Internet. 2.3 Why would a hacker want to access a home system? Many people are skeptical as to why a hacker would even have an incentive to hack into their system. [A] At best it might be possible for them to steal a credit card number or two, or maybe some files, but the incentive appears to be small. In fact, there does potentially exist a much more compelling reason for a hacker to want to gain access to a home system. Recently, a very popular type of attack, known as a denial-of-service attack has been shown to be very effective. In order for an attack like this to work well, an attacker needs to be able to gain control over a number of remote systems from which to stage the attack. If this is done correctly, the attack will appear to be coming from individuals that may not even be aware that their system has been compromised. This could allow the real perpetrator to escape without even being suspected. 2.4 The Internet service provider perspective Internet Service Providers ( ISP s ) that provide the connection have an incentive to not emphasize security at all, for obvious financial reasons. If consumers believed that the service is dangerous, then sales of the service might be in jeopardy. In fact, the companies will typically downplay the dangers and emphasize that hackers do not have much financial incentive for attacking average home users. As a result of this thinking, DSL modems do not normally have any kind of built in security. [C] Even the ISP s themselves do not typically provide any type of firewall service. As consumers are starting to become aware of the dangers, they are putting more pressure on the service providers to provide more protection. Some ISP companies have even distributed firewall software to their customers. Another newer approach is emerging in which the ISP itself runs embedded-firewall software, such as software from SofaWare Technologies ( http: // ). This could prove to be an attractive solution to ISP s in the future, because it would reduce the cost of end user support. [A] 3.0 Security Solutions 3.1 Disable the connection while it is not needed Ultimately, complete security can be guaranteed by simply turning off the computer or disconnecting it from the network. A computer that is not connected and/or running cannot be

4 attacked. Most of the new DSL modems can be simply turned on and off. Security of a system could likely be raised substantially by disabling the Internet connection while it is not needed. 3.2 Turn off file sharing and close the ports The single biggest target in Windows 95/98, as mentioned previously, is port 139. This is the port that Windows uses for file sharing and Network Neighborhood type activities. It is through this port that Windows is able to see other systems and find out some basic information about them, even if file sharing is disabled. If a cable modem is used, then all of the users that are using cable modem access nearby will likely show up as being in the same Network Neighborhood. if this port is left open. The easiest and most effective way to remove this security danger and intrusion of privacy is to remove the Client for Microsoft Networking from the networking components on the system. This should not cause any problems as long as file sharing or network based printing services are not needed. If it is absolutely necessary to be able to share files and/or printers on the network, then NetBEUI should be used instead of NetBIOS. NetBEUI connections are not visible over the Internet. Another major way to keep ports closed is to close programs that access the network when they are not needed. These programs ( such as chat programs, etc.. ) can run quietly in the background and accept connections on their ports, introducing potential vulnerability to a system. 3.3 Protect important files To ultimately insure the integrity and secrecy of important files, even in the event that an intruder intercepts them, encryption of the files should be used. If important files are securely encrypted, then it will not be possible for an attacker to gain anything by simply capturing the files without the appropriate decryption key. Of course, this secret key itself must be kept absolutely secure by some means. 3.4 Keep the operating system up to date Operating systems, particularly from Microsoft, are updated constantly to attempt to fix newly found security holes. In order to gain protection from the latest attacks, it is important to keep an operating system completely up to date. This is usually easily done by referring to the update page of the software producer ( such as http: // ). 3.5 Use a Virus Scanner As mentioned earlier, some types of viruses, especially Trojan horses, attempt to maintain hidden from the user on a system. These viruses may wait quietly and listen on a port until an intruder makes a connection. Perhaps the best way to discover this type of scenario is to run an updated virus scanner. The virus scanner will work to ensure that such an attack is not possible by attempting to locate Trojan horses and activity of this kind. 3.6 Install a firewall

5 Using a firewall is probably the most effective defensive strategy available. A good firewall, if configured correctly, is capable of protecting all of the ports on a system. As companies recognize the increasing number of home users with persistent Internet connections, more and more appropriate and reasonably priced products are becoming available for this purpose. 4.0 Conclusion The number of computers with persistent Internet computers is projected to continue its current explosive growth. An estimate by Jupiter Communications predicts that 15.3 million households in the United States will have broadband ( always on ) Internet connections by [A] Clearly, the risk of security problems will be tremendous with this many potential targets online. It is important that the users of these connections are aware of the potential security issues. With the appropriate precautions it will be possible for many more people than ever before to safely enjoy a broadband presence on the Internet. References [A] T Spangler, Home Is Where The Hack Is, in Inter@ctive Week, April 13, 2000 [B] R Pacciano, Risk-Free Broadband Access, in Computer Shopper, July 22, 1999 [C] J Aspinwall, Prying Eyes, in Computer User, January 25, 2000

Similar documents
2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback | Do Not Sell My Personal Information