Defense

* DISCLAIMER * Use this information at your own risk. I will NOT assume ANY responsibility for the use, misuse, or abuse, of the information provided herein. The following information is provided for educational purposes ONLY. The information is NOT to be used for illegal purposes.

This page is aimed primarily at the home user but also stands for any internet enabled PC.

After being on the receiving end of quite a few scans and probes and spending a while learning the in's and out's of NMAP and a few other scanners, it has honed my skills no end, mainly in trying to understand the output from various firewalls logs and what ports these scans are looking for.

What I have seen has made a few simple things apparent to me to stop script kiddies and lamers from accessing your PC.

The more determined attackers will go to further extremes. I have seen spoofed IP packets supposedly from my PC being sent back to me, which was quite entertaining and ingenious, from a client on the same ISP, among other less dramatic attempts to compromise my security.

It is a simple fact of life these days if you have a browser and you are on the web, i.e. connected to it, somebody is going to scan you sooner or later, there are people out there who do nothing else but scan IP address ranges all the time, and as most of it is automated these days, the software will probe and attempt to connect to you.

What people and the automated scripted software are looking for are exploitable weaknesses available on your computer either in a misconfigured firewall or no firewall at all; or looking for Trojans planted on your PC.

This leads on to understanding those weaknesses and what you can do about them.

There are a number of things you can do:

Understand what Ports are used by your applications and if they are configurable

Become familiar with the netstat -an command from a command prompt

Disable or remove Services and Applications you do not need or use

Move all sensitive data off the machine(s) attached to the internet, if that is not possible then encrypt those files

Keep all your relevant Operating Systems patches up to date - get on the mailing lists for updates and ensure you patch as required

Incorporate a good firewall

Ensure that the firewall is configured correctly and test it to ensure that it is doing what you think it is

Ensure you understand how your firewall works and if there are any weaknesses, what they are

Use the tools the opposition will use to test your firewall on a regular basis and after every reconfiguration to ensure it still carries out the tasks given to it

Check your firewall logs regularly and know what is out of the ordinary

Run a Trojan detector - The Cleaner is a good option from Moosoft and scan your hard drive(s) regularly, also ensure you update the software regularly

Keep your Anti-Virus software up-to-date and ensure it is checking your downloaded data properly

Deploy an Intrusion Detection System

DO NOT OPEN suspicious attachments in emails from people you even trust!

Join the BUGTRAQ mailing list and see what exploits are up and coming

LISTSERV@LISTS.SECURITYFOCUS.COM with the following in the body of the message subscribe bugtraq [your name]

Get to know your "enemy", use the tools available to you (SamSpade is just one) to find out where the "attacks" are coming from and if possible identify and then report them to the relevant abuse@...

Be prepared for possible intrusions, and how to cope with them

Go to top of page

This page was last updated on 06-Dec-2000 22:59.