Keeping Intruders Out of Your System

Previous page
Table of content
Next page

If you access the Internet using a broadband—cable modem or digital subscriber line (DSL)—service, chances are that you have an “always on” connection, which means there’s a much greater chance that a malicious hacker could find your computer and have his or her way with it. You might think that with millions of people connected to the Internet at any given moment, there would be little chance of a “script kiddy” finding you in the herd. Unfortunately, one of the most common weapons in a black-hat hacker’s arsenal is a program that runs through millions of IP addresses automatically, looking for “live” connections. The problem is compounded by the fact that many cable systems and some DSL systems use IP addresses in a narrow range, thus making it easier to find “always on” connections. However, having a cracker locate your system isn’t a big deal as long as he or she can’t get into your system. There are two ways to prevent this:

  • Turn off file and printer sharing on your Internet connection.

  • Turn on Windows XP’s Internet Connection Firewall.

File and printer sharing is used to enable network users to see and work with shared files and printers on your computer. Obviously, you don’t way to share your system with strangers on the Internet! By default, Windows XP turns off file and printer sharing for Internet connections. To make sure of this, however, follow these steps:

  1. Launch Control Panel’s Network Connections icon.

  2. Right-click the icon for the connection that gets you on the Internet and then select Properties.

  3. Select the Networking tab and make sure the File And Printer Sharing For Microsoft Networks check box is cleared.

Although disabling file and printer sharing is a must, it’s not enough. That’s because when a hacker finds your IP address, he or she has many other avenues with which to access your computer. Specifically, your Transmission Control Protocol/Internet Protocol (TCP/IP) connection uses many different “ports” for sending and receiving data. For example, Web data and commands typically use port 80, e-mail uses ports 25 and 110, file transfer protocol (FTP) uses ports 20 and 21, Domain Name System (DNS) uses port 53, and so on. In all, there are dozens of these ports, and every one is an opening through which a clever cracker can gain access to your computer.

As if all this weren’t enough, hackers also can check your system to see if some kind of Trojan horse virus is installed. (Those nasty e-mail virus attachments we discussed earlier in this previous chapter sometimes install these programs on your machine.) If the hacker finds one, he or she can effectively take control of your machine and either wreak havoc on its contents or use your computer to attack other systems (in which case, your machine becomes what’s called a zombie computer).

Again, if you think your computer is too obscure or worthless for someone else to bother with, think again. A typical computer connected to the Internet all day long will get “probed” for vulnerable ports or installed Trojan horses at least a few times a day. If you want to see just how vulnerable your computer is, several good sites on the Web will test your security:

  • Gibson Research (Shields Up): http://grc.com/default.htm

  • DSL Reports: http://www.dslreports.com/secureme_go

  • HackerWhacker: http://www.hackerwhacker.com/

The good news is that Windows XP includes a personal firewall tool called Internet Connection Firewall that can lock down your ports and prevent unauthorized access to your machine. In effect, your computer becomes invisible to the Internet (although you can still surf the Web and work with e-mail normally). Follow these steps to fire up Internet Connection Firewall:

  1. Launch Control Panel’s Network Connections icon.

  2. Right-click the icon for the connection that gets you on the Internet and then select Properties.

  3. Select the Advanced tab and select the Protect My Computer And Network By Limiting Or Preventing Access To This Computer From The Internet check box.

  4. Click OK.

    Insider Secret

    You should also turn off Windows XP’s Messenger Service. This service (which is not to be confused with the Windows Messenger instant messaging program) is used by network administrators to broadcast messages to users. However, some advertisers have figured out how to use this service to have ads pop up on your computer. You can block these ads by turning off the service. To do this, launch Control Panel’s Administrative Tools icon and then launch the Services icon. Double-click the Messenger service and then click Stop to shut it down. To prevent it from starting in future Windows XP sessions, select Manual from the Startup Type list.

start sidebar
Notes from the Real World

Once you have machines connected to the Internet via broadband, other Internet users begin to regularly scan your network to try to gain access to it. This means that a firewall is a necessity for any broadband connection. I use a hardware firewall at the edge of my broadband connection, along with enabling Windows XP’s Internet Connection Firewall on each machine on my network.

I like to have access to files on my home network while I’m away from home but also want to keep the number of open firewall ports (and thus potential entry points to my network) as small as possible. The method I use to accomplish this is Windows XP’s Remote Desktop. I open one port on my firewall to allow Remote Desktop connections to a single machine on my network. From within that Remote Desktop session, I have access to the other machines and files on my home network, as well as the local hard disk of the laptop I’m using to make the connection. This allows me to easily copy files to and from my home network, while not directly allowing file sharing over the Internet. To add another layer of security, I’ve modified the port that Remote Desktop uses to listen for incoming connections. I did that by altering the following registry value:

HKLM\SYSTEM\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\PortNumber

I set this to a decimal number other than 3389, which is the default port number. This makes it difficult for a person using a port scanner against my broadband connection to tell that the purpose of the open port is for a Remote Desktop connection. In turn, this makes it much less likely that he or she will try to make a Remote Desktop connection into my network.

—Austin Wilson

end sidebar



Previous page
Table of content
Next page
Insider Power Techniques for Microsoft Windows XP
Insider Power Techniques for Microsoft Windows XP (Bpg-Other)
ISBN: 0735618968
EAN: 2147483647
Year: 2005
Pages: 126
Authors: Paul McFedries, Geoff Winslow, Scott Andersen, Austin Wilson
BUY ON AMAZON
Crystal Reports 9 on Oracle (Database Professionals)
MySQL Stored Procedure Programming
The CISSP and CAP Prep Guide: Platinum Edition
Snort Cookbook
Making Sense of Change Management: A Complete Guide to the Models, Tools and Techniques of Organizational Change
Special Edition Using FileMaker 8
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy