Online security

Rough Notes, Jun 2000 by Anderson, Steve

Protecting yourself from hackers

Access to the Internet provides an agency with many advantages. In our April column, we discussed how high access speed enables agencies to take full advantage of what the Internet has to offer. Using a DSL or cable connection to the Internet introduces security as an issue. You must be aware of this and deal with it in some manner, so we are going to expand on security issues in this month's column.

Several characteristics of both DSL and cable connections make taking additional precautions necessary. Both of these connections allow you to be connected to the Internet all the time. This "always on" connection has advantages, such as being able to check for new e-mail continuously. However, it also provides a way for someone outside of your system to gain access to it at any time.

Another problem is difficulty in detecting large downloads. This makes it easier for an intruder to download large files from your computer without your being aware of it. Your IP address (your unique computer address on the Internet) does not change for long periods of time, if ever. This makes it easier for intruders to reconnect to your system once they have gained access the first time. It also makes it easier for Web sites to track your activities without having to store information on your computer in a file called a "cookie."

Let me share a personal story to illustrate the potential dangers. We have DSL access at home and cable access at the office. While at the office, we wanted to connect with a computer at home using a remote access program called pcAnywhere (www symantec.com). We use the Internet as the means of making the remote connection because an Internet connection is more reliable than a dial-up modem connection. When you start pcAnywhere, it looks for available connections and highlights them. Another computer showed up as being available to connect to. Thinking it was the computer at home, we clicked on the icon to connect. To our surprise, someone else's computer was displayed on our screen. Another subscriber on the cable "network" had left his/her copy of pcAnywhere running without having activated any of the security features. We could have gained unlimited access to programs and data on his/her computer. If the other subscriber had activated the security feature that is built into the pcAnywhere software, I would not have been able to gain access. Because the Internet is based on open standards that anyone can use, having security and using it is extremely important.

Security options

Proxy servers provide a variety of essential functions for your LAN. First, a proxy server offers an effective and secure barrier between your internal network and the Internet. You can block various protocols and IP addresses from coming into your network. At the same time you can control the protocols your users utilize to access the Internet. Another benefit is that proxy servers allow you to share your Internet connection among several or even all users on the network. Finally, many proxy servers offer Web caching capabilities for storing previously visited Web sites and providing local access to users who re-visit the sites.

When an office wants multiple workstations on its internal network to use the same Internet connection (DSL or cable), the NAT (Network Address Translation) or a proxy server will allow this to take place. Every individual computer that is connected to the Internet has a unique address called an IP address. A single DSL or cable connection has one IP address that identifies that connection to the rest of the Internet. The NAT or proxy server "fools" the system by using the DSL IP address and setting up ghost IP addresses for the internal workstations. Hence the "translation" in Network Address Translation. The software intercepts the request for information from the individual workstation, keeps track of the request, sends it out over the Internet and then knows to which individual workstation it should be routed when the information is returned.

Network Address Translation (NAT) or a proxy server does not necessarily imply any security. If the computer with the physical connection to the Internet (called a gateway) is using NAT or a proxy server, it does not necessarily mean that the gateway is any more secure than it would be if those services were not running. It usually does mean that the network behind is harder to get to or attack, but even that is not always true. For more detailed information on your particular situation and setup, you will need to talk with your network administrator.

In general, a NAT is easier to set up and use than a proxy server because it is simply installed on the computer that is directly connected to the cable modem. Proxy servers generally require settings for each client computer on your local network. NAT makes the machines on the local network behind the gateway machine more secure essentially because the client computers on the local network use IP addresses that are reserved for use on internal networks only. Those IP addresses will not show up on the Internet.