Make your own free website on Tripod.com

This is copied from ZDnet, copyrights to Bruce Stewart and ZDnet. Are you at risk?

Test your home PC security with: HackerWhacker, WebTrends, Steve Gibson's Shields Up, Secure-Me, and Netcop all offer some amount of system evaluation for free. You may be surprised with the results!!

Back to Home Hack

Online Security Services
By Bruce Stewart, Help & How-To
January 18, 2000 2:04 PM PT
URL: http://www.zdnet.com/zdhelp/stories/main/0,5594,2422273,00.html

Are you worried about computer security? Maybe you've installed the latest virus-detection software, and scanned your hard drive for suspicious files, but are wondering if this is really enough? If you are feeling a little paranoid, or just want to make sure your computer is as secure as possible, there is more you can do.

There's a growing sector of the computer-security industry that you should know about online security services.

Once belonging exclusively to the realm of hackers and system administrators, these advanced techniques are now becoming available for the home computer as well. By systematically interrogating your PC, these services will generate a report detailing potential problems, or areas of your system that may be open to nosy hackers.

Traditionally computers destined for network connectivity were configured for higher security than home-use PCs. Now with almost all home computers today getting connected to the Internet, it's a good idea to educate yourself on the possible vulnerabilities of your computer, and what you can do to eliminate them.

Are you really at risk from hackers in the night? To some extent the answers depend on your method for connecting to the Internet, and your surfing habits.

Cable modem and DSL users typically present a much more attractive target to hackers, especially if you leave your computer on and connected all the time. The dedicated IP numbers and persistent connections these type of users have give hackers much more opportunity to explore their systems, plus the ability to return to a hacked system, because it maintains the same IP address.

What you do on the Internet can also have an effect on the likelihood of your system getting targeted. Specifically, if you hang out on IRC chat channels or nefarious newsgroups, and especially if you tend to get into online squabbles or like to flame, your odds of attracting unwanted attention are greatly increased. If you really want to test your luck, or that new firewall you just installed, go to alt.2600 and start hurling insults around. Your security will be tested, I assure you.

The bottom line is if you are a dial-up ISP user, who connects to the Internet for short periods of time to send and receive email and browse mainstream Web sites, your odds of getting hacked are probably not that high. But if your system has open access to file sharing, or other points of entry, you will be advertising yourself to any hacker searching your neighborhood on the net, using the very same techniques as the online security services use to test your system.

In the emerging world of online security services there are several that offer free online evaluations of your Windows-based home system. Companies and sites like HackerWhacker, WebTrends, Steve Gibson's Shields Up, Secure-Me, and Netcop all offer some amount of system evaluation for free.

In some cases, more robust services or products are also for sale, such as WebTrends' Security Analyzer, and specialized business offerings from HackerWhacker. Another service, E-Soft's Web Scan Network Audit is more geared toward network administrators, but also has a free desktop evaluation feature.

In all cases these services perform TCP port scans of the systems they are evaluating, as well as checking for a few well-known vulnerabilities like open file sharing access. The services range from a fairly basic 10 port scan performed by Shields Up, to a very thorough 2,000 port scan including UDP ports, Web and email vulnerabilities from HackerWhacker.

A "port" in this context is any one of 65,535 addresses that a computer running TCP/IP software has. Each address, or port number, is a potential access point to your system from the outside world. While there are no hard and fast rules, there are accepted conventions for running specific applications on specific ports. For example, port 80 is the port that Web server software uses to listen for connection requests. If you're running a Web server on your system then you will need port 80 to be open, but if you're not there is no reason for it to be open and accessible.

A port scan is essentially when a piece of software interrogates the ports of a given system, sending TCP/IP commands that will generate a response if the port is open or "listening." Commonly used by hackers to look for openings in systems connected to the Internet, the technique is becoming more popular for both network administrators and home users to use on their own systems to test their security measures.

Netcop.com recently expanded their services to include several free Web-based tools. Like the others, Netcop provides a free port scan of any machine connected to the Internet, although no explanatory documentation is included. It also offers a handy Whois interface that will quickly and easily obtain the registration information of any host that may be giving you problems. This makes contacting the appropriate folks in times of trouble all the easier.

Important Note: The online scanning services mentioned here are geared toward evaluating a home PC connected to the Internet. If you are using a PC on a corporate LAN, you had better check with your network administrator before instigating any port scans on their system (which will probably get blocked by their firewall anyway).

When you scan your system for security measures, one of the main things you will be finding out is what TCP ports on your system are open. It will then be your task to determine why a given port is open on your system, and if it can be safely closed. The documentation on all of these sites will aid you in this process. Here's a list of standard TCP port uses, which may help in your investigations.

Unfortunately there is no simple way to just close TCP ports. If a port is open it is because some software is running on your system that is keeping it open, like a Web or FTP server, IRC client, or a malicious Trojan horse. If you have open ports, you should identify which program has opened them, and whether you need it running or not.

One major security concern are Trojan horse servers, like "Back Orifice", which open their own ports to communicate with intruder scanners. The SANS Institute maintains a good list of known Trojan horses, and their associated port numbers. If you see any of these ports open for no apparent reason, you may have a Trojan horse hiding in your system, and should button this hole up right away. A good anti-virus program should be aware of most Trojan horse programs, and be able to remove them.

Another important thing these services will check for you is your file and print sharing access. This is one of the most abused security loopholes, and if you do not need to share files on a LAN over the Internet, you should definitely have these capabilities turned off. Disable them by unbinding File and Printer Sharing from TCP/IP, in your computer's Network Neighborhood.

All of the sites provide technical information and recommendations for how to deal with whatever vulnerabilities they find. Perhaps as important as the actual scans, the documentation is crucial, as understanding all the subtleties of Windows networking and TCP/IP can be quite a challenge. Shields Up stands out as providing excellent and clear explanations of all the necessary concepts, and detailed instructions for making configuration changes.

HackerWhacker is typical of online security services (except ShieldsUp), in that it requires you to register by providing an email address. It will quickly email you a password to use with its Web-based security scan. This is partly to try and insure that you are the owner of the machine you are asking to have scanned. Back at the main page, enter the password below your email address, and click the Go button. Next you must identify your machine and choose some options.

First, HackerWhacker is going to make you work a little bit, because you must tell it the IP number your computer is using for this session. If you are a cable-modem or DSL user, you probably have your own static IP number, as you have a dedicated or "persistent" connection to the Internet. But if you're a dial-up ISP customer, you most likely get assigned a different IP number every time you connect to your ISP.

In any case, you probably can't recite your IP number off the top of your head. No worries though, HackerWhacker provides detailed, easy-to-follow instructions on how to quickly determine your current IP number, based on your operating system. For Windows 95/98 users you simply type winipcfg in the Run menu and you'll get your IP number. Once you have plugged this number in the box labeled Your IP Address, there are just a few options to check and you are on your way.

HackerWhacker's free scan has options for testing for open TCP ports, open UDP ports, NetBIOS access and File Sharing, and common Web Server CGI Vulnerabilities. They all come defaulted on, and you might as well test them all. If you are running a Web server on your machine, and use a non-standard directory for cgi, or use virtual hosts, you will need to specify that here. Even if you don't think you are running a Web server, it's a good idea to still perform these tests. Sometimes MS Personal Web Server can be on and accepting connections without you even knowing it.

Clicking on the Start Scan button is all it takes from here, and a new browser window is launched that displays the results of your scan as it happens. HackerWhacker's Web site claims some of the tests can take up to 2 hours, but in all my tests the results came back in only a matter of minutes.

The results can be a little intimidating. I got back lines like:

134 OPEN tcp ingresnet INGRESNET Service More Information

Luckily, there is a lot of documentation following the report, explaining the different entries. I figured out my TCP port 134 was open, and got several links to information explaining why that might be and what to do about it.

While the information these services provide may seem complex, it is worth the effort to understand their findings. Open TCP ports represent potential access points to your system by hackers, and if you don't need them open, they shouldn't be. Open file-sharing access may grant intruders full control of your system, and must be password protected if it has to be on at all.

A brief word about passwords. Passwords are the first line of defense against most intrusions. Clearly the worst situation to be in is to have your system offering resources to the world, without requiring a password. But only slightly better, is to have these resources available, but protected by a marginal password. Be aware that there are dozens, if not hundreds, of password cracking programs readily available on the net, and if your password can be found in a dictionary, or a list of names, it is barely providing any protection at all.

Many of the vulnerabilities found by these services can be closed for free, simply by understanding how to configure Windows networking optimally. Even Secure-Me refers non-subscribers to the Shields Up site for instructions on how to tighten your security, where Steve Gibson's excellent documentation relates the important concepts and techniques in plain English and without glossing over the serious stuff.

Another interesting site that can tell you quite a bit about your browser and Web capabilities is BrowserSpy. While not a port-scanner, this site will interrogate your browser, and demonstrate all the information available to Web sites about you and your surfing environment. It may surprise you!