Blocking and Stopping Network Intruders

Data thieves aren't always the black-clad hackers typing away in a dark room a la The Matrix, either: Data center employees with a chip on their shoulders and the technological savvy to put something over on "the man" are often at fault as well. (Compare Data Leak Protection products)

So, what can you do about it? Whether you're responsible for your own computer or manage a fleet of hundreds (or thousands) of PCs, PCs are vulnerable to a variety of threats, including:

* P2P clients

* Insecure wireless networks

* Phishing

* Spyware

* Viruses

* Insecure work at home environment

* Social engineering

Here's how to stop them.

Just Say No to P2P File Sharing

Peer-to-peer file transfer clients such as Gnutella, BitTorrent, Kazaa, LimeWire and others enjoy an almost virus-like popularity as an easy means of sharing music and video files with other media enthusiasts. Unfortunately, they can also share sensitive corporate and personal data with strangers around the block, the country or the world. Recent studies of P2P file sharing at banks and the federal government have demonstrated how easy it is for programs intended for media sharing to gain access to confidential and secret information. In Dartmouth University's Tuck School of Business study of P2P file sharing at America's top thirty banks, P2P file sharing searches for text in song or video filenames found matching information of all types, including company names, addresses and much more. A study by security firm Tiversa found over 200 classified documents in just a couple of hours of searching with P2P client LimeWire.

Why is P2P file sharing so potentially dangerous? Depending on the client, P2P file sharing is usually keyed to file types, not folders. Consequently, a music or video file in the same folder as confidential information can expose the entire folder's contents to a P2P search. What's worse is that some P2P clients make it easy to share an entire drive rather than just specified folders. P2P clients pop up everywhere, including corporate PCs, as well as your children's PCs or other home PCs.

To stop the threat of P2P file sharing at work, corporations should configure security to block P2P clients. If you're telecommuting, use file encryption on work folders and make sure you never, ever set up a P2P client to monitor work folders. Stay on top of the P2P game with resources such as a P2P and file-sharing resources search at TechRepublic.

Securing Insecure Wireless Networks

Wireless networks are easy to set up--especially if they're insecure. Your office may have a wireless network that's locked down with WPA or WPA2 encryption and Radius authentication servers; if you work from home or in a public area on an insecure wireless network, you might expose sensitive information. What kinds of threats are out there? (Compare WLAN Security products)

-- If a restaurant or other retail establishment uses an insecure wireless network for its point-of-sale system, war drivers in the parking lot can grab credit card numbers from business credit cards and sell them, or use them for unauthorized shopping sprees.

-- Free wireless hot spots abound in restaurants and coffee shops. If network shares on a laptop aren't blocked by a firewall, other surfers could get a side of data with their lattes or sandwiches.

-- Home wireless networks provide a double dose of insecurity: They might be insecure (lacking WPA or WPA2 encryption) and might also use standard SSIDs or workgroup names, making it way too easy for an intruder to get access to the network and any shared folders on the system.

The problem is multifaceted, and so are the solutions. It's difficult to determine if a retailer's POS system is secure, but any public hot spot is insecure by definition. Windows Vista's firewall automatically blocks shared resources on public networks such as hot spots. However, Windows XP SP2's firewall requires you to select its "no exceptions" setting to protect shares when you use a public network.

If your e-mail client doesn't offer secure log-in, don't use it in a public hot spot. Instead, create a secure connection for e-mail, file transfer, remote desktop and other applications by setting up secure HTTP (HTTPS) or virtual private network (VPN) connections to your primary computer, or use a secure remote access service such as GoToMyPC. (Compare Messaging Security products)

Anyone who works from home should be required to set up a secure wireless network. If your company has telecommuters who lack network skills, help them to configure their networks for security. If your staff is more comfortable supporting particular routers, put together a list of recommended routers. If you or your employees use VPN connections, consider recommending or requiring routers that include support for multiple VPN connections. With this type of router, multiple VPN connections can run from home at the same time. Remember that a VPN connection has end-to-end security, even on a public network.

Stopping Phishing and Social Engineering

Phishing--the term for tricking users with official-looking e-mails warning of dire consequences to their credit card, bank or PayPal accounts, and directing them to phony websites that perform identity theft--is alive and well, but there have never been more defenses against it. Microsoft's latest browser, Internet Explorer 7, as well as rival Mozilla's latest, Firefox 2.0, contain antiphishing features that compare URLs to known phishing websites and provide reporting tools for flagging suspected phishers. If you're still running older versions of IE or Firefox, it's time to upgrade to the latest version. For additional security, report suspicious websites to antiphishing websites such as PhishTank and PIRT Squad; PIRT Squad also attempts to take down phishing sites.

However, you don't need high technology to help stop phishing--a little common sense works wonders. Don't click on links provided by a bank or other institution; log in manually. If you're wondering about any link in an e-mail or on a website, remember this trick: To find the real destination of a link, hover the mouse over the link.

Phishing is simply the latest way to perform one of the oldest hacking techniques in the book: social engineering. To stop hackers from pretending to be from the "help desk" or "the network provider," verify the identity of people who can access sensitive information, such as calling the employee's supervisor or using challenge questions with predetermined answers. If you must give a password to someone so they can fix your problem, make sure you change it immediately. The Security Focus website is an excellent resource for developing countermeasures against phishing, social engineering and other threats.

Using Your Operating System's Tools

Microsoft Windows XP Service Pack 2 and Vista both offer a variety of tools that can be used to help detect and stop intruders. As mentioned previously, both feature an easy-to-use firewall that can be set up in a "no exceptions" mode for use in public places, while providing access to shared resources on a more secure network. Both also feature support for EFS (the Encrypted File System) in their business editions to provide user-based security for sensitive files.

However, Windows Vista includes several additional intrusion-stopping features. It includes the Windows Defender antispyware tool (available as a download for Windows XP); antiphishing features in Internet Explorer 7 (available as a download for Windows XP) and in its new e-mail client, Windows Mail; a new browser add-on manager; website and activity reporting via Parental Controls; a new internal design featuring address space layout randomization, which changes the address space used by system functions to help prevent successful attacks; and, in Enterprise and Ultimate editions, BitLocker full system disk encryption to prevent data theft through laptop or desktop (or drive) theft.

Sealing the Holes

Although Windows Vista goes a long way toward sealing the security leaks in Windows XP, you can take steps to make your system even more secure. Make sure you install security updates as soon as they're available via Windows Update or Microsoft security bulletins. You can see the latest security headlines for Windows at the TechNet Security Center. Use and update antivirus and antispyware packages on a regular basis to help prevent software-based attacks.

Mark Edward Soper discusses security features in Windows Vista in his latest book, Maximum PC Guide to Microsoft Windows Vista Exposed, available now from Que Publishing. He is also the author of Absolute Beginner's Guide to Home Networking and other books, and blogs on Windows and other tech subjects at Maximum PC's website.

This story, "Blocking and Stopping Network Intruders" was originally published by CIO.

Copyright © 2008 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022