Last February, in a series of well-planned attacks, hackers disrupted access to major commercial Web sites at Yahoo, eBay, CNN, Amazon.com, Buy.com, E*Trade, ZDNet and Excite At Home. These highly publicized Denial of Service (DoS) attacks heightened public awareness and concern about the security of electronic commerce and individual computers.
Computer security is a major concern within corporations and government agencies. A recent survey of 273 major corporations and federal agencies by the Computer Security Institute and the San Francisco FBI Computer Intrusion Squad found that 70 percent of respondents reported serious security breaches at a total cost of $266 million in 1999 (www.gocsi.com).
Of course, major corporations and government agencies are popular targets for those interested in gaining star status in the hacker community. But what about small businesses and home computer users. Are they at risk? Yes, especially if they have a dedicated Internet connection such as a T1 line, cable modem or digital subscriber line. Modem connections are also vulnerable, but the risk generally is lower due to shorter connection times.
My own experience provides a vivid example of the high level of suspicious activity and outright attacks. Over a 133-day period, my firewall software logged 213 suspicious attempts to access my computer. Twenty-five were considered nonthreatening PC-Anywhere pings on my local cable subnet, probably a local telecommuter accessing an office computer from home. But 157 were attempts to determine if there were open network ports that might provide hackers access to my computer and probes to find malicious Trojan horse programs possibly planted in my computer. The remaining 46 incidents were logged as critical attacks, including 23 DoS attacks. Fortunately, my firewall foiled all attempts to access my system.
Are You Vulnerable?
To test your computer's vulnerability to Internet hacker attacks, visit Gibson Research Corp. (grc.com/ default.htm) and click on the Shields Up! link. Gibson Research will identify any weaknesses in your system and provide tips on how to secure your system. Expect to flunk the tests if you haven't installed a firewall.
What is a firewall? It's a system designed to restrict access to a computer or a local area network (LAN). The firewall monitors network traffic, blocking any suspicious attempts to access the system. Firewall protection does not have to be expensive. One firewall highly rated by Gibson Research is free: Zone Alarm 2.0 from Zone Labs (www.zonelabs.com). Zone Alarm is easy to install and configure and is probably all the protection most users will need or want.
My firewall of choice is BlackICE Defender by NetworkICE (www.networkice.com). While BlackICE Defender is not freeware, it provides features I find worth the $40 price. I find BlackICE easier to use with my home network as I can establish trusted relationships with all my networked computers, giving them easy access to the Internet through my gateway. BlackICE also logs information about each attack, including tracing the attacker's IP address. This information can be used as evidence in any complaints to the attacker's Internet service provider.
Other Security Issues
While my experience illustrates that hackers are a serious concern, computer security is more than defending against cyber attacks and unauthorized access to information. It includes protecting against the loss of important documents and information. There are many other ways your data can be compromised. The most common: viruses, worms and Trojan horses; operating system and software crashes; power failures and surges; and hard disk failures.
In reality, you are more likely to lose important information for reasons other than a hack attack. Let's examine ways you can protect yourself:
Viruses, worms and Trojan horses: Viruses, worms and Trojan horses are names for small computer programs designed to enter a computer without the knowledge or permission of the user and perform an undesired, useless or malicious function. They differ primarily by the way they propagate from computer to computer.
There are thousands of viruses, worms and Trojan horses in circulation, with new ones released daily. Depending upon their programming, their actions can be benign, such as displaying a cute message, or malicious, destroying data. Some viruses can even destroy hardware by overwriting the critical BIOS program contained on the computer's motherboard.
Trojan horses deserve special note as they may be distributed as e-mail attachments and have been used to steal log-in names and passwords, or plant remote access software in a computer, giving control of the computer to Internet bad boys. While anti-virus software and firewalls help block these attempts, it is good practice to open e-mail attachments only from trusted correspondents.
Installing anti-virus software on your computer is the best defense against these rotten little critters. The anti-virus software monitors your system, detecting and eliminating viruses before they can cause harm. There are several anti-virus programs available on the market, but my favorite for personal use is InoculateIT Personal Edition, free for the download from Computer Associates (antivirus.cai.com). Whatever anti-virus software you use, be sure to update the virus definitions regularly.
Additional information on viruses, worms and Trojan horses is available from the major anti-virus software vendors: Computer Associates (www.cai.com/virusinfo/), McAfee (vil.mcafee.com/) and Symantec (www.symantec.com/avcenter ).
Operating system and software crashes: Computer operating system and software crashes generally result in a loss of all data entered since the document was last saved. Protection here is simple -- save your documents early and often. Many application programs come with automatic save functions that will save open documents at preset time intervals. My autosave timer is set to 5 minutes, meaning I can only lose up to 5 minutes of work in the event of a crash.
Power failure and surges: Everyone with electric service has experienced a power failure. Lightning strikes a substation, a falling tree takes out a utility pole, a circuit breaker trips -- whatever the cause, a loss of power to your computer can range from a minor inconvenience to a serious loss of data. Lightning strikes are especially troublesome because the enormous energy released may create power line surges that can literally fry your computer's innards.
To protect against damage from power failures and surges, install an uninterruptible power supply (UPS) with surge protection. The UPS contains a backup battery that is continually charged, providing instant backup power to your computer in the event of a power loss. The battery generally provides five to 20 minutes of power, enough time to save any open documents and safely shut down the computer. The built-in surge protection protects against damaging power surges in electric and telephone lines.
Hard disk failures: Regardless of all the precautions you take, stuff happens, and stuff happening to your hard disk can have catastrophic consequences. If you have a hard disk failure, be it a mechanical failure or loss of data from a virus, your best line of defense is backup copies of critical files and information.
There are a number of reasonably priced file backup options available. Zip drives, CD writers, digital tape drives and other removable storage devices are a great way to back up important documents. It's important to keep a backup at a location remote from your computer so that your backup will not be lost in a fire or flood.
A fast Internet connection makes backing up documents to the Internet a viable option. The nice feature of Internet backup is that data is automatically backed up to a remote location. On the other hand, you pay for the service. Online backup service providers include Backup Online (www.backuponline. com), BBM Online(www.somtel.com/bbm/ ), @Backup (), FilesAnywhere(www.filesanywhere.com/) and Back-It-Up Dot Com(www.back-it-up.com/).
An excellent way to back up entire hard drives is to create an "image" of the drive using Powerquest Drive Image (www.powerquest.com) or Norton Ghost (www.norton.com), saving the image to a CD, network server or other media for safe storage.
To be effective, files must be backed up on a regular schedule. Unfortunately, this is a chore that is easy to put off or forget. Using well-designed backup software can make the task easier by automatically scheduling backup operations. Several excellent backup utilities, as well as firewall and other security software, are available to try before you buy at TUCOWS ( www.tucows.com).
Every endeavor has risk. Fortunately, a few simple measures -- anti-virus software, firewall, UPS and regular file backups -- will minimize computer security risks.
Contributing Editor Michael Blotzer, MS, CIH, CSP, is an occupational hygiene and safety professional, writer and computer enthusiast.