NAT

Unpatched PC “0wn3d” in Four Minutes or 16 Hours; Which is it?

I just love stories like this one. On the one hand, Internet Storm Center researchers say an unpatched PC connected to the Internet will be compromised in less than four minutes. On the other hand, a researcher and co-founder of the German Honeypot Project (GHP), Thorsten Holz, claims the survival time is much higher than 4 minutes and in fact is nearer 16 hours. “Compared to the survival time from the Internet Storm Center [ISC] which is currently below five minutes, we measure a higher survival time,” he said in a post to the project’s blog. The blog has some interesting graphs, one of which shows that survival time is just under 1000 minutes, or about 16 hours.

So, which is it? Do we believe ISC or GHP? I can tell you from experience with my own firewall logs that my IP address is probed for common vulnerabilities about every two minutes, sometimes as often as once per minute. Based on this, I’d be inclined to believe ISC’s estimate. The bottom line is it doesn’t really matter who’s right–we all agree that it’s a bad idea to connect an unpatched PC to the Internet. From the ISC diary:

While the survival time measured varies quite a bit across methods used, pretty much all agree that placing an unpatched Windows computer directly onto the Internet in the hope that it downloads the patches faster than it gets exploited are odds that you wouldn’t bet on in Vegas.  Using a NAT router and a correctly configured personal firewall is the way to go - both these measures help a lot to improve the odds in favor or your PC.

Be careful out there.

Ken is a Systems Engineer at Connective Computing, Inc. specializing in network and desktop security for small and medium businesses. Ken helps others through his Ask the Geek blog, is a regular contributor to Dave’s Computer Tips newsletter, and is currently working on his first consumer-oriented book on computer security.

Are You a Hacker Target?

Aside from those unenlightened, naive souls who invite every hacker, phisher and Nigerian scammer on the planet into their computers how many people actually fall victim to hackers? I’m talking about people who take reasonable precautions, like installing a NAT router, running a personal firewall (not Windows’ firewall) and anti-virus software. I ask this question because for some months now, I’ve been running half naked behind my hardware firewall: no anti-virus, no software firewall, just a hosts file to block known bad sites (I do update it frequently). I use both IE and Firefox for web surfing.

I haven’t been hacked, nor have I been infected by any malware. In my entire history of computing (since 1974), I’ve never been plagued by a virus or worm. I guarantee you that my PCs are not part of any botnet. No one has ever tried to run a DDOS attack on me. It’s not that I’m invisible–Google my name and you’ll get several thousand hits (some of those aren’t me; apparently more than one Ken Harthun out there). I have a couple of different web sites in plain view, too.

Am I immune to attack or just lucky? Or is it that by applying the various security tips I give you here (yes, I do the same things I tell you to do) , I’m out smarting the hackers so they can’t figure out how to get me? Food for thought. Your comments are welcome.

Omit This Setup Step and Your Router Can Be Easily Compromised

Last time, I stressed having a NAT router–or router/firewall–between your PC and the Internet as a first line of defense. This is without question the first, most important security step, but it can be useless unless you have it properly configured; in fact, omitting one crucial first step can leave you even more vulnerable to attack that you would be without the device.

All routers come with a default username and password, often as simple as admin/admin (when I’m faced with a router I haven’t seen before, this is the first thing I try–and it often gets me in). Default settings are a good thing because if you ever forget your password, you can reset the router and take it back to square one. However, this is also a dangerous security risk; these defaults are well known and published on the Web. Three of the more widely used consumer routers, Linksys, D-Link, and Netgear, have recently been shown to be vulnerable to a JavaScript web page attack. Go to the wrong site and if you haven’t changed the default password, the attacker can change your router’s settings to send you to malicious websites. For example, you’ll think you’re looking at your bank’s login page, but it will be a fake look-alike that steals your account information as soon as you log in.

So, put this on your list as Security Maxim #3: Always change the default username and password of any configurable device you put on your home network.

Next time: You’ve changed your default router password; you still may be vulnerable.

Cheers!
The Geek

How Not to Invite Attackers into Your PCs or Network - the First Line of Defense

The other day, I gave you what I consider to be the most basic security maxim, one on which I base all of my security practices: The best security measures are completely useless if you invite attackers into your PCs or networks.

Windows users will remember back before Windows XP Service Pack 2 was released that simply plugging your computer into your cable or DSL modem was almost certain to result in your being compromised in short order. (Who can forget the havoc that Sasser and other worms wreaked before Microsoft wised up and finally turned the firewall on by default?) Running naked with all ports open to the world is a gold-gilt invitation to every criminal and mischief maker on the Internet, and while running a software firewall is a good idea, it’s not nearly enough–crackers already know how to take down XP’s firewall.

Consider this: every IP address owned and/or issued by your Internet Service Provider, no matter who that may be, is constantly being targeted by hackers that are scanning the’Net or worms that are infecting the ‘Net. The IP address assigned to me by my cable Internet provider has been scanned or probed 46 times in the last hour; this goes on 24 hours a day, seven days a week. I certainly don’t want my PC’s software firewall subjected to this kind of thing; yet, most people, not knowing any better, plug their computer directly into the broadband modem. Why do this when there is an inexpensive, simple, yet effective first line of defense available at any big box electronics or office supply superstore–a router?

Through the beauty of Network Address Translation (NAT), even the cheapest router becomes an effective hardware firewall, virtually making your PC invisible to the ‘Net. NAT Router Security Solutions by Steve Gibson of “Security Now!” explains NAT in detail. Here’s one of his illustrations from that article:

I must mention that except for one, simple configuration change that is absolutely essential, these simple devices work fine right out of the box. The average user can plug it in and not have to worry about a complicated setup process.

So, here’s Security Maxim #2: A first, important step in securing your PC is to install and configure a NAT router.

(Note: I first posted this maxim nearly a year ago at Ask the Geek, Too. The article was entitled, How to Secure Your Computer: Maxim #2 (or, How Not to Invite Attackers Into Your PCs and Networks). Since then, many routers now contain built-in firewalls, so do double-duty and are even more secure.)

Next time: the one, most overlooked configuration option that can render your router or firewall useless and make you even more vulnerable than you were without it.

Cheers!
The Geek

Your comments are welcome!