Defeat the Hacker's Mantra: So Much Data, So Little Time

Every computer connected to the Internet has its own IP address. This access can be exploited to obtain your data and for other criminal mischief. Hackers scan random IP addresses and attack when they find a vulnerable machine — they don't need to know your machine personally to attack it. Such an intrusion could cost you many files and programs.

Don't think you have data in which a hacker would be interested? That may be true. But a hacker can use your computer to gain access to others and cover his or her tracks, leaving you at the end of the electronic trail. Your computer can be the target or a launch site for hacker-related activities such as these:

• Remote login: Someone connects to your computer and controls it in some way — from viewing your files to actually running programs.
• Application backdoors: Although designed for legitimate remote access, a bug could provide hidden access to control the program.
• Operating system bugs: Like applications, some operating systems have backdoors for remote access. Hackers can take advantage of insufficient security controls or bugs.
• SMTP session hijacking: SMTP is the most common method of sending e-mail over the Internet. Hackers can use an unsuspecting host to redirect unsolicited junk e-mail with or without a virus through SMTP. Conversely, SPAM quite often contains links to Web sites that, when clicked, create cookies that provide a backdoor to your computer.
• Denial of service: A hacker sends a connection request to the server. The server responds and tries to establish a session, only it cannot find the system that made the request. A server inundated with such unanswerable session requests slows to a crawl or eventually crashes.
• Viruses: This small program can copy itself to other computers, spreading quickly from system to system. It may be a harmless message or it may destroy all your data.
• Source routing: Hackers use routers to make information appear to come from a trusted source or even from within the network.

A firewall can protect your system from many — not all, but many — of these attacks. Some firewalls offer virus protection, but it's worth the investment to install anti-virus software on every computer. And, as long as you accept e-mail (one of the huge benefits of the Internet) some SPAM will get through the firewall. Users have restricted access to desirable services with a firewall and the potential for backdoor exploitation is great. Kerberos (a network authentication protocol) and other techniques may be more appropriate than firewalls in certain situations. Firewalls also offer little protection from insider attacks.

Despite the disadvantages, the National Institute of Science and Technology (NIST) strongly recommends that sites protect their resources with firewalls and other security tools and techniques. A firewall implements a network access policy by forcing connections to pass through the firewall, where they can be examined and evaluated. They use three different methods to control traffic flowing in and out of the network:

• Packet filtering: Packets (small chunks of data) are analyzed against a set of filters. If they don't meet the criteria, the packets are discarded.
• Proxy service: Information from the Internet is retrieved by the firewall and then sent to the requesting system and vice versa.
• Stateful inspection: This method doesn't examine each packet's content. Instead, it compares certain key parts of the packet to a database of trusted information. Information traveling from inside the firewall to the outside is monitored for specific defining characteristics, and then incoming information is compared to these characteristics. If the comparison yields a reasonable match, the information is allowed through. Otherwise it's discarded.

Because so many companies now have sensitive personal data in their databanks, Congress has become concerned with data security. It mandated privacy acts like the Health Insurance Portability and Accountability Act (HIPPA), the Gramm Leach Bliley Act and 21 CFR Part 11 for certain industries. Companies in health care, insurance, pharmaceuticals and finance may be required to provide premise-to-premise data encryption and other data security measures.

A firewall provides a line of defense between computers that share information. It examines all traffic routed between your computer and the Internet to see if it meets certain criteria and if so, it's allowed in. If it doesn't, it's stopped. Stopping the undesirable traffic also protects your valuable bandwidth from being used by unauthorized Internet traffic. Thwart hackers and protect your system with a firewall.

Click here for a printable version of this page.