• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 311
  • Last Modified:

Hack attacks - as a home user am I safe?

Hi everyone,

Now that Wifi is being widely adopted, I as many other do have a home router / firewall. Is it the case that it is now not possible for a n attacker to run malicious code (such as buffer overflows) against my machine?

It used to be the case that some script kiddie threatining you across a chat program, could easily retrieve your IP address by typing "netstat -n". Am I right in thinking that if your behind a router / firewall the only address they can retrieve is the IP of your router, hence making your machine invisible to the outside world? This is assuming of course that your port forwarding to the machines services is not setup and the machine is not in the DMZ. Even so, many ISPs now use a proxy which hides even the IP address of my router.

To summarise:
- As long as I don't accept and run malicious files, my machine cannot be accessed?
- If this is not the case, what other threats to I face?
- How can I prevent these threats?

Thank you for your knowledge

Ad
0
expert-ad
Asked:
expert-ad
  • 3
  • 2
1 Solution
 
Rich RumbleSecurity SamuraiCommented:
True, as long as your router/firewall do not allow incomming connections, by default this is how most are configured. Nonetheless, ZoneAlarm (free) and ZoneAlarm Pro are great additions to have on any windows PC. Your protection is two fold. One, you have the typical firewall that blocks connections inbound bydefault, with Pro you can actaully allow incomming connections with grainular control, the free version is pretty much ON or OFF with respect to incomming connection blocking.

Securing WIFI so that other don't use your Access Point is a concern, as any damage they may do could lead back to your IP and you might catch the blame. Turn off DHCP and statically assign your IP if possible, and above all use MAC address filtering, common to most modern WIFI AP's
http://www1.linksys.com/support/troubleshoot/wireless/wireless_router_config/wireless_mac_filtering.html
http://compnetworking.about.com/cs/wirelessproducts/qt/macaddress.htm 

There are many more things you can do to secure your wifi, like using WPA instead of WEP
http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp
-rich
0
 
r-kCommented:
It is true. For all practical purposes, you are safe (from outside hacking) if none of your ports are forwarded.

However, most infections are not due to outside hacking, but from user mis-steps, such as clicking on unknown links and attachments, downloading games and music, clicking on untrustworthy web pages,  etc. Firewalls and routers offer little or no protection against these.

You can protect yourself by being alert about what is safe and what is suspicious. Do not rely entirely on firewalls, anti-spyware and AV programs (though each is important).

Keep your system patched.

Finally, do regular backups so you don't lose valuable files in the worst case.
0
 
Rich RumbleSecurity SamuraiCommented:
Ahh the second fold to ZAP's protection is Program access. If you got a new virus, no one had a definition for, and it wanted to spread, it'd need to acces your NIC to do so, and ZA will see any new programs doing this and pause them and ask you if you want to allow it. ZA can remember the response if you place a check mark to do so. ZA will stop programs like Ad-ware and mal-ware also in the same fashion.

There are always best practices also: http://xinn.org/win_bestpractices.html  http://www.xinn.org/annoyance_spy-ware.html
As mentioned above, backups are also a GREAT idea.
-rich
0
Increase Security & Decrease Risk with NSPM Tools

Analyst firm, Enterprise Management Associates (EMA) reveals significant benefits to enterprises when using Network Security Policy Management (NSPM) solutions, while organizations without, experienced issues including non standard security policies and failed cloud migrations

 
expert-adAuthor Commented:
Thank you all for the replys. I am happy with the security of my wifi, I have recently achieved qualifications in wifi security testing, but your advice is still appreciated.

The thing thats really throwing me is that a firewall with a rule set, set to talk to a specific port on a server will happily send a remote attack onto the machine. If the machine behind the firewall does not offer any services such as serving web pages on port 80, there is no need to forward any ports onto the machine.

Even if "user mis-steps, such as clicking on unknown links and attachments, downloading games and music, clicking on untrustworthy web pages" are the cause of hack attacks how can the virus, trojan etc that has been planted be accessd from the outside world?

Unless this virus, trojan is able to reconfigure your firewall by opening a specific port to allow the inbound connection and setup port forwarding to the target machine, how is it possible for this to work?

I am not saying its "not possible" really I guess I am asking how can it be done? If the remote exploit is sent to the router IP the exploit has no way to know which machine to hop to next without port forwarding configured to the correct target machine.

Thanks again
0
 
Rich RumbleSecurity SamuraiCommented:
Trojan's /Viri, let's say obtained from an Email attachment that you run, the virus, depending on your User privileges, could "own" your PC from that point, until removed. Your pc could then contact an IRC message system (the virus rather, using your PC) get instructions on who to spam, who to scan/infect next.
But the fact remains, that if your not allowing incomming connections,/ports your threats are lessened to things like email, activex controls in IE, image buffer overflows, M$ WMF images...
http://www.microsoft.com/technet/security/advisory/912840.mspx

http://xinn.org/win_bestpractices.html Best practices help, but in the case of M$'s WMF someone malicious could obtain "System" privileges, just higher than admin.
-rich
0
 
expert-adAuthor Commented:
Thank you!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now