Wednesday, December 6, 2006

Basic Home Computer Security Question #1 -. Why do I need a firewall or NAT device? Can someone log into my computer from the internet?

So we have two questions here to evaluate and answer. Why do I need a firewall or NAT device? And can someone log into my computer from the Internet?

From a security engineer pointed of view these questions are just a little bit backwards, so let’s answer the second question first. Yes, a hacker can very easily log into your computer from the Internet. The first thing a hacker does is to run a vulnerability scanner, this is commonly called a reconnaissance attack, looking for ports that are open on your computer and being used by an application that has a security weakness or flaw. In most cases the hacker has a favorite set of tools that they will use to try to log onto your system, these tools are often called Kiddie scripts. They tools are named so because they’re so easy to use a child can use it. Probably the most common tool accessible on the Web is a tool called *Metasploit. So when somebody is doing reconnaissance on your system they will be looking for a weakness that can be exploited by their favorite tool. Once they’ve identified your IP address and a vulnerable port/service, with just a few clicks they can gain full command level access with administrative privileges on your PC.

Here's a list of dangerous characteristics of many of these attacks that gain access to your system :
- many of these attacks not require a username or password to log on to your system
- many of these attacks give you full administrative privileges
- once an attacker has this type of access on your system there is no limit to the damage they can do or the information they can steal
- once an attacker has this type of access your system can be used to attack other systems without your knowledge, until of course the FBI comes knocking on your door:)
- the are many other ways your system can be besides someone logging on.

Now let’s address the second part of the question, why do I need a firewall or a NAT device? A firewall can help to ensure, in the case of a personal computer using a Internet service provider, that no ports are open for inbound traffic. This eliminates the possibility that a hacker can do a vulnerability scan and find open ports on your system, if no open ports are found there is no attack vector for an attacker to access your system. There is an ongoing debate in the security engineering world whether NAT is a security feature or not. The main purpose of Nat is to map the IP addresses on the inside of your network to single or multiple addresses that are used when you go out on the Internet. Effectively this cuts down on the amount of money you need to pay for your service provider per Internet address, and also reduces the threat that we will run out of IP addresses in the near future.

Even with the firewall, it’s recommended that you install antivirus from a reputable antivirus company and keep it up-to-date to help protect your home system.

I hope I covered the highlights adequately answering this question. Please feel free to comment or add whatever you think is appropriate to the subject. Thanks.

No comments: