Customer Protection Information
Vulnerabilities, susceptibilities, exploits, hackers, Trojan horses, and worms, these are all terms that we see frequently in the computing world.
- What are they?
- Why do they exist?
- What is my role in protecting myself?
- What is the provider's role in helping to protect the customer?
These are all very good questions, and may have surprising answers. With the power of computers exponentially increasing and the proliferation of broadband connections, the world of data security can no longer be an after thought. Providers and end customers alike need to be aware of these threats and the protections available to them.
Viruses, Trojans, and Worms
What is a virus? Why does such a thing exist? According to legend the first virus was called Brain. Two Pakistani computer storeowners were tired of people pirating (stealing) their software so they developed the first virus. The purpose of the virus was to detect whether or not the software had been copied. If yes, then the virus deleted the software. From those humble beginnings, today's viruses and worms were born. A virus is so named because of its similarities to the biological viruses that affect our health. Their purpose is to infect and replicate, and infect again. As with a real virus, a computer virus can have variants that make it perform certain tasks, or make it resilient against certain protections. That's right, some viruses are written to elude virus scanners. There are many different types of viruses with many different purposes. Some are funny such that they display a joke or funny picture. Some are destructive such that they erase your hard drive or flashing your Basic Input Output System (BIOS). Some simply replicate themselves. Some email viruses simply read every address in your address book and email themselves to those addresses, thus spreading themselves to your friends. Generally, viruses need help to spread themselves. You have to receive an infected file (by means of an email, through a web browser, or from a file server) or use an infected disk. One of the services provided is the Postini email scanner. Not only will this service screen out most spam, it will also prevent the spread of many email-borne viruses.
What is a Trojan Horse? These programs are also called/associated with "backdoor" programs. Named after the mythological Trojan Horse which was given as a present and accepted by the Trojans with open arms - little did they know of the deadly secret inside. A computer Trojan Horse works in the same manner. Generally a Trojan Horse is hidden inside of a real program. You may think that you have downloaded a new screensaver, but hidden inside is a Trojan that opens your computer up to outside control. Many Trojans will alert their creator once they are installed, giving them your Internet Protocol (IP) address and an opening into your system. These are usually detected by both anti-virus and firewall software. A properly coded Trojan, however, may allow an attacker to bypass a firewalled router.
What is hacking? Hacking is the art of arriving at an end through unintended means. There are many tools on the Internet to facilitate hacking with point-and-click ease. This is actually good and bad news. It is bad news because it means there are many people out there trying to access your system without your consent. It is good news because the anti-virus and firewall software manufacturers are constantly dissecting those tools, and making sure that their software is able to detect them and prevent them from harming you. Are hackers interested in breaking into user Joe's computer who only browses the web and doesn't have any corporate secrets to hide? Probably not. They may, however, want to use Joe as a pawn by installing a small Trojan onto Joe's computer that turns it into a zombie. This is a new breed of hacker, not interested in your e-mail or destroying the data on your computer. He wants to use your computer as a soldier. Another threat is called a Denial of Service (DOS) attack. This is where a person attempts to stop his target from performing its intended service. Be it a web server, database server, or e-mail server. The attacker may try to bring up a web page on a given server 1,000 times in 10 seconds. Some web servers can not handle this high of a demand, and are unable to service legitimate users. So all users are affected by this kind of attack, although only 1 system was targeted. Other servers are able to handle many connections, and so many attackers may be needed to perform the same DOS. This is called a Distributed Denial of Service (DDOS) attack. This is where Joe comes in. He unknowingly has a Trojan on his system, which allows an outside attacker to send his computer commands. The attacker may only need Joe to hit a mail server 5 times in a minute. Joe wouldn't notice this because his computer would not slow down, he wouldn't see the program doing the work, nor would he notice the few packets going through his network. An anti-virus package may not notice this Trojan. If the hacker created the Trojan himself and didn't give it to other hackers, the people who make the anti-virus software may be unaware that the Trojan exists. A software firewall would notice the traffic entering and leaving the computer and could alert Joe that he has a problem.
Twin Lakes Telephone is an open network provider. This means that we are contractually bound to intervene as little as possible with the traffic that traverses our network. There are circumstances, however, that allow Twin Lakes to bypass this rule and initiate controls on the network as a whole, or only on certain segments. What does this mean? This means that we shouldn't put a rule in place to block the latest greatest worm from crossing our network before it hits. We shouldn't prevent traffic destined to computers controlled by a Trojan horse from reaching its destination. Why? It's a needle in a haystack. Let's use the latest MS.Blaster worm as an example. This worm uses known protocols and ports for its transactions. As it goes across a network it appears to be normal Microsoft Windows file sharing traffic. In order for us to stop the worm we would have to block port 135, which would block all Windows file sharing traffic, which would violate our open network status. This type of traffic block also would greatly increase the processing load on our core routers because they would have to inspect every piece of information going across our network. This could increase network latency and slow down an end users experience. So, what is an open provider allowed to do? They are allowed to protect themselves. In the event that a network attack hinders the ability of the provider to service its customers, the provider is allowed to take action. Once the attack is over, and/or there are remedies (patches) in place that remove the susceptibility, the traffic hindering protections must be removed. This is the right as well as the liability of the provider.
It is the customer's responsibility to protect themselves. This should be looked on as more of a privilege, than as a responsibility. The customer can choose their own level of protection, instead of having it dictated to them by the provider. Most of Twin Lakes Telephone's end users use the Internet for surfing and e-mail. This kind of user can easily protect themselves with the proper software. Let's discuss the different pieces of software that an end user is responsible for:
Operating System.This is the main piece of software used by your computer. It is the environment in which you do all other things on your computer. Your operating system (OS) could be Microsoft Windows, Macintosh, Linux, Solaris, MS-DOS, etc. Most newer OSs have built-in updating capability. This allows you to painlessly install patches that will fix various bugs and vulnerabilities.
Applications.These are the programs that run on top of your OS. Everything from Solitaire to Netscape are applications. Some applications, like Solitaire, come bundled with your OS. So, keeping your OS updated will insure that these programs are also updated. Other applications, like Netscape, are created by 3rd party software vendors, and must be updated separately from the OS. Many 3rd party applications, most antivirus programs for example, have built-in updating capabilities.
Hardware.This includes routers, switches, and other network capable hardware. These devices are just as susceptible to attacks as a computer. A customer with a broadband connection may have a small router sitting between their computer and the Internet. This device may be acting as a firewall keeping would be intruders out. It is possible that a new exploit is found that disables the protective capabilities of that device, thus giving the customer a false sense of security.
Having updated software isn't the end of security. Now that the software is up-to-date against the latest exploits, it has to be correctly configured. Most of the newer OSs have built in firewall capabilities. In some of these OSs, however, these capabilities are turned off by default, leaving the customer open to attacks. The same holds true for the applications and the hardware. Usually these pieces of software are designed to be user friendly, which, ironically, is usually intruder friendly as well. Finally, two special types of applications should be discussed, antivirus and firewall. Antivirus software, as the name suggests, is used to prevent virus infection. This software monitors every activity on the computer system. It has a list of known viruses that it watches for. It also watches for abnormal/virus-like activity. Once virus-like activity is detected, it will warn the user and give them options on how to handle the situation. Firewall software watches everything that enters and leaves your computer via a network connection. Some firewall software can warn the user of abnormal activity, and give options for handling the situation. Not every OS needs one or the other of these two types of applications, but most do! Now, let's touch a little more on hardware. More specifically, let's talk about Digital Subscriber Line (DSL) and firewalling routers. If you have a broadband connection and are not using a firewall device of some type then you are at risk. Let's argue that your OS has firewalling capabilities and your computer is directly connected to your broadband device. It might be thought that this is a secure setup. It is not. The default setup of the firewall may not be secure. Your own setup may not be secure. Their may be an exploit released that corrupts the Internet Protocol (IP) stack of the system, disabling the firewall. This could be true for any device, including a firewalling router. However, it is much less likely that a firewalling router will be compromised in such a way as to reveal your internal computer. It is also much less likely that your firewalling device will be susceptible to a new worm, or e-mail macro virus. Broadband connections have been mentioned here because they are more susceptible to attack because of their abilities to deliver more data in a given period of time as opposed to a modem connection and because they are an always on connection. This does not mean that modem connections are not susceptible. Moreover, some OSs that have built in firewalling capabilities do not enable these capabilities on dial-up connections. An end user does not need to be a computer expert to prevent their systems from becoming infected or being susceptible.
Is there hope? Yes, always! An informed user with the right set of tools at his/her disposal will not have a problem keeping his computer clean and free of viruses and susceptibilities. This removes the need of the provider to dictate harsh and debilitating network controls, while allowing the end user to choose their own level of protection all the while having access to all possible networking possibilities. Here are some tools that may help prevent problems (these are only suggestions).