?
Solved

Hack attacks - as a home user am I safe?

Posted on 2006-04-20
6
Medium Priority
?
308 Views
Last Modified: 2013-11-16
Hi everyone,

Now that Wifi is being widely adopted, I as many other do have a home router / firewall. Is it the case that it is now not possible for a n attacker to run malicious code (such as buffer overflows) against my machine?

It used to be the case that some script kiddie threatining you across a chat program, could easily retrieve your IP address by typing "netstat -n". Am I right in thinking that if your behind a router / firewall the only address they can retrieve is the IP of your router, hence making your machine invisible to the outside world? This is assuming of course that your port forwarding to the machines services is not setup and the machine is not in the DMZ. Even so, many ISPs now use a proxy which hides even the IP address of my router.

To summarise:
- As long as I don't accept and run malicious files, my machine cannot be accessed?
- If this is not the case, what other threats to I face?
- How can I prevent these threats?

Thank you for your knowledge

Ad
0
Comment
Question by:expert-ad
  • 3
  • 2
6 Comments
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 16501856
True, as long as your router/firewall do not allow incomming connections, by default this is how most are configured. Nonetheless, ZoneAlarm (free) and ZoneAlarm Pro are great additions to have on any windows PC. Your protection is two fold. One, you have the typical firewall that blocks connections inbound bydefault, with Pro you can actaully allow incomming connections with grainular control, the free version is pretty much ON or OFF with respect to incomming connection blocking.

Securing WIFI so that other don't use your Access Point is a concern, as any damage they may do could lead back to your IP and you might catch the blame. Turn off DHCP and statically assign your IP if possible, and above all use MAC address filtering, common to most modern WIFI AP's
http://www1.linksys.com/support/troubleshoot/wireless/wireless_router_config/wireless_mac_filtering.html
http://compnetworking.about.com/cs/wirelessproducts/qt/macaddress.htm 

There are many more things you can do to secure your wifi, like using WPA instead of WEP
http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp
-rich
0
 
LVL 32

Expert Comment

by:r-k
ID: 16501861
It is true. For all practical purposes, you are safe (from outside hacking) if none of your ports are forwarded.

However, most infections are not due to outside hacking, but from user mis-steps, such as clicking on unknown links and attachments, downloading games and music, clicking on untrustworthy web pages,  etc. Firewalls and routers offer little or no protection against these.

You can protect yourself by being alert about what is safe and what is suspicious. Do not rely entirely on firewalls, anti-spyware and AV programs (though each is important).

Keep your system patched.

Finally, do regular backups so you don't lose valuable files in the worst case.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 16501895
Ahh the second fold to ZAP's protection is Program access. If you got a new virus, no one had a definition for, and it wanted to spread, it'd need to acces your NIC to do so, and ZA will see any new programs doing this and pause them and ask you if you want to allow it. ZA can remember the response if you place a check mark to do so. ZA will stop programs like Ad-ware and mal-ware also in the same fashion.

There are always best practices also: http://xinn.org/win_bestpractices.html  http://www.xinn.org/annoyance_spy-ware.html
As mentioned above, backups are also a GREAT idea.
-rich
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 

Author Comment

by:expert-ad
ID: 16502191
Thank you all for the replys. I am happy with the security of my wifi, I have recently achieved qualifications in wifi security testing, but your advice is still appreciated.

The thing thats really throwing me is that a firewall with a rule set, set to talk to a specific port on a server will happily send a remote attack onto the machine. If the machine behind the firewall does not offer any services such as serving web pages on port 80, there is no need to forward any ports onto the machine.

Even if "user mis-steps, such as clicking on unknown links and attachments, downloading games and music, clicking on untrustworthy web pages" are the cause of hack attacks how can the virus, trojan etc that has been planted be accessd from the outside world?

Unless this virus, trojan is able to reconfigure your firewall by opening a specific port to allow the inbound connection and setup port forwarding to the target machine, how is it possible for this to work?

I am not saying its "not possible" really I guess I am asking how can it be done? If the remote exploit is sent to the router IP the exploit has no way to know which machine to hop to next without port forwarding configured to the correct target machine.

Thanks again
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 375 total points
ID: 16502300
Trojan's /Viri, let's say obtained from an Email attachment that you run, the virus, depending on your User privileges, could "own" your PC from that point, until removed. Your pc could then contact an IRC message system (the virus rather, using your PC) get instructions on who to spam, who to scan/infect next.
But the fact remains, that if your not allowing incomming connections,/ports your threats are lessened to things like email, activex controls in IE, image buffer overflows, M$ WMF images...
http://www.microsoft.com/technet/security/advisory/912840.mspx

http://xinn.org/win_bestpractices.html Best practices help, but in the case of M$'s WMF someone malicious could obtain "System" privileges, just higher than admin.
-rich
0
 

Author Comment

by:expert-ad
ID: 16502445
Thank you!
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An overview of cyber security, cyber crime, and personal protection against hackers. Includes a brief summary of the Equifax breach and why everyone should be aware of it. Other subjects include: how cyber security has failed to advance with technol…
Ransomware - Defeated! Client opened the wrong email and was attacked by Ransomware. I was able to use file recovery utilities to find shadow copies of the encrypted files and make a complete recovery.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Suggested Courses

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question