On Tue, 12 Mar 1996, Vinci Chou wrote:
> Though it is possible for the unprotected node to be attacked, can any one
> give any specific examples in a Windows environment ? E.g. if the user
> did not have any file sharing, is there any known bug in Windows/Workgroup/
> Win95 that allow another person over the Internet to place anything into
> the hard disk of the dial-up user ?
Have a look through http://www.c2.org/hackmsoft/ but be aware this only
includes security holes that are PUBLICLY known. There may be more....
> Also, the IP address of the dial-up
> user is allocated by the ISP and change from time to time, how can it be
> possible for a hacker to leave a back door and come back again ?
Hackers now make wide use of software tools to help them in their work
such as scanners that will scan a range of IP addresses probing for
vulnerabilities or preinstalled back doors.
> > If someone can log in from the outside while you are connected or
> > happens to find your modem's phone number, you've been breached.
> If I have the auto-answer of my modem turned-off, is this still true ?
Yes, but then *YOU* can't dial in either. That's why this is a problem.
> I've been trying for a long time looking for the details of how break in can
> be achieved through this kind of dial-up connection but to my disappointment,
> almost all discussions were TOO GENERAL. I think I need more information to
> convince TOP management and myself that this kind of dial-out internet
> connection is in fact dangerous before we can lay down some guidelines
> and enforce it.
Stop thinking of it as a dial-out Internet connection. It makes no
difference who does the dialling, once you are connected, you are
CONNECTED. At that point anybody can attempt anything they want with your
machine because it is DIRECTLY connected to the Internet with absolutely
no firewall protection whatsoever. ISP's do not use firewalls because
they are PUBLIC-ACCESS systems. If you have a weakness it is fully
exposed at this point.
Better to throw out all modems; give them to charity. Install a LAN if you
don't have one, set up a firewall and get a leased connection to the
Internet. Now all the potentially vulnerable machines are hiding behind a
firewall and you carefully control which services they can offer (NONE
hopefully) and which they can access. Now you *DO* have control
separately over outgoing and incoming connections. If people need
Compuserve access, they can do this over the net. Same with AOL.
Everybody shares one centrally controlled and administered Internet
connection.
> (Mind this ! The advertising pamphet is advertising this feature of
> pcANYWHERE ! Also, for Win95, MS Plus includes a Dial-Up Networking
> Server which can also do that ! How to control these without going
> physically there to inspect !!!
You really need to get some good books or tech reports on network
security or else hire a good consultant. These are fundamentall security
issues and really go beyond firewalls.
Michael Dillon Voice: +1-604-546-8022
Memra Software Inc. Fax: +1-604-546-3049
http://www.memra.com E-mail: michael @
memra .
com
Follow-Ups:
References:
|
|
