Number 202 - March 2000
System Protection
from Sacramento's January 2000 Sacra Blue Q&A
Is Firewall Protection Needed?
    Q: I have DSL and modem software with firewall protection built in to it. It can even limit the IP addresses. Is that enough protection?

    A: You can go to the Gibson Research Web page (http://www.grc.com ) and click on the Shields Up icon at the top of the page. The program attempts to hack into your computer to tell you how vulnerable your particular system might be.1
    Some of you may remember the BeadleNet presentation we had a couple of months ago on their little device that did the firewall for DSL and for cable modems. I called Olivier, who did the presentation, to order one of his firewall devices ($390) after finding that the five DSL-connected systems in my office were wide open.2
    I called PacBell (California's equivalent to US West-ed) about the problem of being wide open and was told it was not their problem. I was just curious about what they had to say as an ISP. They didn't say much, just that it's your DSL line and that's it. I contacted another company, which shall remain nameless, that offers DSL lines to a number of my business clients. They told me I did not have anything to worry about. I humbly disagree.3
    For those of you who have DSL or cable, I strongly suggest you run the [Gibson site] test yourself and look into software or hardware fixes. There is stuff out there. If you go out to some of the crackers' Web sites, that would just put a good scare into you. Your computer is wide open and they could be into your system the same day you get your DSL line.

    A2: Any time you have a static IP address, a single IP that is assigned to your computer and is the same address every time you connect to the Internet, the crackers are eventually going to find it. [Hackers are the good guys and crackers are the bad guys.] All they have to do is keep trying until they find a box that is wide open, usually a Windows 98 or NT machine.

    A3: It is not just that there are crackers out there, it's that they have computers with automatic scanner programs that scan through thousands of IP addresses, the equivalent of a small country, in a few hours!

    A4: One thing to note about hardware and software solutions for firewalls is that even though they are an implementation, they may not, by default, have blocked all the different port numbers. There are a myriad of port numbers for different things within the Internet and you may find that the software or hardware packages have one or more doors open by default that you need to slam shut. So, be careful! Even some of the operating systems, NT, LINUX, or any else, have certain defaults and certain default passwords assigned to some operations. For example, if you buy LINUX or some Unix, you have a lot of root privileges that are based on some passwords that you need to go out and change. Some of those software packages check to see if those default passwords have been changed.

    A5: I suspect that more and more computers are going to be coming with some kind of firewall built in. I am very disappointed at the number of Internet providers in town who provide high-speed access and do not think any of us have anything to worry about. That concerns me greatly. This time next year I venture to say quite a few of us will have high-speed access lines and hopefully some of those providers will be savvy enough to provide you with the protection you need.3
TOGGLE Editor's Notes:
    1 Because I have a cable modem, I called Gibson's site and downloaded the free test program IPAgent. It probed the following ports: FTP, Telnet, SMTP, Finger, HTTP, POP3, NetBIOS, IMAP, SNMP and reported all of them Closed except the NetBIOS which was OPEN! After I installed firewall software it reported all ports as Stealth! and implied that it could not even detect if there was a computer there.

    2 In January, Gibson stated that he was working with a vendor on development of free firewall software but, until it was ready*, suggested several commercial software firewall programs. On November 11, 1999, I installed BlackICE Defender (http://www.networkice.com). Since then it has reported several attempted intrusions a day on my cable modem system--all unsuccessful. Were these attempts being made before I installed the firewall software? Of course--I just didn't know about them. (*ZoneAlarm is a free download)

    3 Don't depend on your ISP to protect you. They will look out for their own system of servers so they can stay in business, but you should look out for yourself--or at least be aware of the risks if you don't. Go to http://grc.com for free firewall software, ZoneAlarm (It requires specific setup to include some features, like ICQ). Think it'll never happen here? Think again! A "flood" attack overloaded/shut down several Seattle area sites, including ISPs, over the January 14-17, 2000 weekend.


Is Disconnecting the DSL Modem Enough?
    Q: I do not have much in the way of protection on my computer. The system is on when I am not there but I throw a switch and physically disconnect it. The modem is no longer plugged into the wall. Can that be done with DSL or do you lose something at the other end?

    A: That's a good question. Can you simply pull your DSL line away from the DSL modem and therefore not be connected? I would have to say 'yes'. I do not see why not. In an office like mine, with five people, I could come in the morning, connect the line, and we're ready to go. When the computer is not on, no one can get in. My concern would be that the line is so fast and your hard drive is often chuckling away for no apparent reason anyhow, that people could be getting into your system without your knowing it. Someone could even get in and format your drive without your being aware.

    I do not think the home end user has a whole lot to worry about. But small business owners like myself, that retain client lists and credit card numbers and who knows what else, should be concerned. I never had to consider it before, but I have client information that I would never want to share. All of a sudden I have to start worrying about it because I now have an open line to the rest of the world. That's why I did not hesitate to buy a hardware firewall. I considered the software solution, but I didn't feel comfortable with it though it may solve the problem. I'm a hardware sort of guy and hardware always seems to be the ultimate answer.
  Number 202 - March 2000