Outside Intruders and Trojan Horse Takeovers

   A hacker is anyone who spends time poking into computers and operating systems, testing their limits and discovering their vulnerabilities. "White hat" hackers who find and fix vulnerabilities in operating systems, applications, and networks are widely respected for their skills. "Black hat" hackers, or crackers, are more interested in breaking into computers and networks without authorization, either for the sheer fun of it or to steal valuable information, such as credit card numbers. We will use the terms attacker and intruder to refer to anyone who tries to access an unauthorized computer system from outside and they are doing it for fraudulent purposes.

  Most would-be intruders don't bother aiming at a particular computer or network. Instead, they use widely available underground utilities to automate the process of breaking and entering. These tools scan hundreds or thousands of IP addresses in search of specific, known vulnerabilities; they're most effective against always-on Internet connections, such as cable modems and DSL lines, whose IP addresses remain constant for long periods of time. Below is listed the weak points that hackers are looking for.
  • Unprotected shared resources. In theory, shared resources should be accessible only to other users on your network. In practice, poorly secured shares might be accessed from other computers on the same network segment (users connected to the same dial-up modem or cable router, for instance) and in some circumstances by any computer, anywhere on the Internet. A malicious intruder who finds an open share that isn't protected by a password can do anything with the files and folders in that location. More important, the intruder can install one of several remote access programs that provide complete access to the shared computer.
  • Open service ports. An intruder who finds a server running on your computer can probe it for weak passwords or known security holes; if you haven't applied software patches to fix those vulnerabilities, the intruder can exploit the weakness to access your computer. Web servers, FTP servers, remote access programs like pcAnywhere, and messaging clients such as ICQ are especially susceptible to this sort of attack.
  • Trojan horses. Also known as "back door" programs, these pieces of hostile software act as stealth servers that allow intruders to take control of a remote computer without the owner's knowledge. Like the Greek myth after which they're named, Trojan horse programs typically masquerade as benign programs and rely on gullible users to install them. Computers that have been taken over by a Trojan horse program are sometimes referred to as zombies. As we'll see shortly, armies of these zombies can be used to launch crippling attacks against Web sites.

    •   Some of the guidelines to prevent intruders from breaking into your computer from the Internet are listed below.
  • Shut down services you're not using. If you once installed a personal Web server to experiment with Web page design but no longer use it, make sure it's not still running on your computer, inviting intruders to take a crack at it.
  • Use firewall software to block access to your computer and to monitor intrusion attempts. Windows XP includes a serviceable Internet Connection Firewall that is configured automatically when you run the Network Setup Wizard. This firewall can be configured to allow certain types of traffic through, while blocking all others. Third-party firewall software offers additional capabilities, including the capability to block unwanted outbound connections and to restrict Internet access on a per-application basis.
  • Use hardware barriers for an extra layer of protection on networks. A simple router or residential gateway provides basic Network Address Translation, which shields the IP addresses of computers on the network and rebuffs many attempts at intrusion. More sophisticated (and more expensive) firewall devices add the capability to block specific ports and protocols that outside attackers might be able to exploit.
    •  
     
    Best viewed with 1024 x 768 px Resolution
    Developed in association with K K Webtech P Ltd.