Latest Diablo 3 News
DiabloWiki Updates
Support the site! Become a Diablo: IncGamers PAL - Remove ads and more!

FAQ on intrusion detection and prevention.

Discussion in 'Off-Topic' started by Crogon, Jan 30, 2004.

  1. Crogon

    Crogon IncGamers Member

    Joined:
    Jul 13, 2003
    Messages:
    267
    Likes Received:
    0
    Trophy Points:
    57
    FAQ on intrusion detection and prevention.

    First off, I would like to ask if an admin or mod could forward this thread to the appropriate forum. I can think of a couple that it would fit into nicely, but I am posting it here because there has been some discussion about this in this forum recently. Thanks! :)
    -------------------------------------------------------------------------

    Let me pre-qualify this by saying that among other things, I am a systems administrator for various corporations around the Denver metro area. I have never had any system under my care successfully breached. Of course, one of the keys to securing a corporate network is to not draw attention to yourself in the first place. None the less, I believe that I am more than qualified to instruct the general populace on intrusion detection and prevention.

    All right, there is no single solution that is going to catch everything. Let that soak in. You will never be 100% secure. With that in mind, you need to take steps BEFORE you jump off the beaten path and start downloading programs from off the wall places. Chances are, you have already done this without even knowing it, but we'll deal with that later. Note that if you are too lazy, or can't be bothered with following these steps, you have no right whining to anyone about how you got hacked. Also note that this information pertains to intrusion attempts in general, I am not condoning or supporting downloading hacks for battle.net. Most, if not all, of them will get you put on blizzards 'ban this guy in the near future' list, so you won't need to worry about hackers in the first place. ;)
    -------------------------------------------------------------------------

    BEFORE you do anything, update your operating system, and anything else you can think of that might need updating. This next bit may sound ludicrous, but here's a scenario that'll run chills down your spine:

    You see a free porn site or some other site advertised on battle.net. It's 3am and your bored anyway, so you alt + tab out of Diablo, open your browser and go to the site. Unknown to you, the web site has downloaded a tiny little Java or active, or who knows what kind of applet. Harmless enough, even if you knew it was doing it. Web sites do it all the time, no biggie. Now you're on the web site, and smack in the middle of it is a free video for your viewing pleasure, and it's even set up at different speeds, so that you can enjoy it on a modem connection. So you click on it, and it plays the video in windows media player or real player or what ever. But, the video was stupid, so you close the media player and your browser, and go back to diablo. Strangely, you are logged out of battle.net. You try to log back in, but are informed that your cd key is in use by Joe Hacker. WTH???? I'll tell you wth, when you opened the media player, the video you were watching had some code in it to breach some security flaws in the media player and access your system registry. Then it told the tiny applet the web site downloaded earlier to access the information pertaining to your diablo cd key, and forward it to Joe Hackers server, where he has a nice little server side applet set up on his web site to decode your cd-key and store it in a nice little database that only he has access to. Finally, Joe Hacker used a DOS (denial of service) attack to disconnect you from battle.net, so that he could log on using your cd-key. So you cuss out Joe Hacker, smartly delete all of the applets your browser has downloaded, erase everything in your browsers temp directory, and run to the store to fork out 30 bucks for a new set of cd keys. Unfortunately for you, by the time you get back home and uninstall and reinstall Diablo II and the expansion, all of your accounts have been banned due to hacking, because even though Joe Hacker didn't have access to your accounts, he used your cd keys to test out some new hacking methods, which didn't work out so well.

    Why did this happen? Because you my friend have been too busy to be bothered with updating your operating system and programs for about 3 months, and Joe Hacker took advantage of some security breaches that have been documented for a couple of months now.

    Ok, now almost everyone who is reading this right now is thinking 'Is this possible???' The answer to that is yes. Is it probable? No. Nothing even remotely like this will probably ever happen to you or anyone you know. The important bit is that it CAN happen. It CAN be done. And it doesn't need to be a porn site, or use a security flaw in a media player either. Such a scam could be designed to take advantage of security flaws in just about any popular software you can think of, from Microsoft Office to Kazaa. One of the most commonly used programs to breach security are chat programs, that is why you may notice that most of them are updated every week or so. If you have computers where you work, this is why you are probably banned from downloading chat programs. However, most places are relaxing this policy because chat programs can be very useful in the workplace, if they aren't taken advantage of.

    The only exception to the rule of updating everything possible, is the driver downloads on the Windows Update web site. NEVER use those. You can call up a Microsoft technician and they will tell you the same thing. The vendors who submit those drivers do not check them to make sure that they don't update the wrong devices. Updating a device with the wrong driver could potentially cause a fatal error in windows, which could be bad enough that you would need to delete and re-install windows itself. This is not a windows specific problem either. Using the wrong device driver in any operating system, from Windows, to Mac, to Linux, can cause a fatal error in the operating system. When updating device drivers, you need to be 100% sure that the driver was designed for your specific brand, model number and version number of device. The second fastest way to turn a computer into an oversized paper weight is to update the system bios using the wrong bios update. I'll talk about the fastest way later.

    Finally, auto-updating should take place when you're not using the computer. Try to set it up so that all auto-updating takes place when you never use the computer, such as when you are at work, or while you sleep. You should stagger auto-updates for different programs about every half hour or so, so that they don't all try to download updates at the same time. Even if you have the bandwidth to do this, you can still get into serious trouble if two programs are trying to update themselves at the same time. It is preferred to auto-update during the late night, because the general load of traffic on the internet if much lower. Between about 1am-5am local time would be the prime hours to schedule auto-updates, if possible. Most auto-updates default to try to update at midnight, and there are so many of them doing so, that they create a rather measurable surge of traffic on the internet at midnight. With this in mind, the earliest I would schedule an auto-update would be 12:30am. ALL programs should be closed while auto-updates are taking place. Especially e-mail programs. Most auto-update programs are smart enough not to try to update while you are using your computer. E-mail programs generally check for new e-mail every 5 minutes or so, which tricks most auto-update programs into thinking that you are using your computer every 5 minutes. So, if you leave your e-mail program open 24 hours a day, some auto-updates will NEVER take place.

    So, let's start defining some steps to 'attempting' to protect yourself from getting hacked.

    Step 1) Update everything on your computer that can be updated. Set up everything that you can to auto-update daily, and make a list of those things that you can't. Keep everything up to date.
    -------------------------------------------------------------------------

    Now then, let's briefly discuss the internets first problem child, IRC. You can include Mirc and any other IRC derivative into this. IRC is an incredible tool and can accomplish many many very cool things. It has also been around for many many years and is quite popular. It is also riddled with potential security breaches. With some of the earliest versions of IRC, people could hack into your computer quite easily and do, literally, ANYTHING they wanted to. A smart IRC script writer can still make all sorts of things happen even if you are using a current version. My advise is either gain a working knowledge of IRC and how it works and the basics of scripting in IRC, or don't use it. Ever. You can achieve a certain amount of security if you were to download the newest IRC version (or Mirc or whatever other derivative) from a known safe location, download your scripts from a safe location, and connect to a known safe server / IRC network. However, without a certain amount of research and knowledge of IRC, you don't know for a fact that you have done any of these things, now do you? It is not necessary to learn everything there is to know about IRC. In fact, doing so could probably earn you a Masters degree, there is so much to learn about it.

    This next step may sound a bit harsh, but it is in fact a necessity.

    Step 2) Either gain a working knowledge of IRC, or uninstall and delete everything related to IRC on your computer.
    -------------------------------------------------------------------------

    Now then, this step is about as close to foolproof as you can get, and it's quite simple. If you have two computers with an internet connection, use one to play Diablo on, and the other to 'test' out any web sites, IRC scripts, or downloads. If the site, or script or program has dishonorable intentions, you will more than likely receive an error at some point about 'Diablo II cd-key registry info not found' or some other error telling you that it was trying to do something that it wasn't supposed to be doing in the first place. Also be sure to check any logs that might pertain to this. The program or whatever may keep it's own logs which could give it away. Also, Windows itself keeps quite a few logs all on its own. Search the entire hard drive that your operating system is installed on for 'log' and '*.log', then open up and browse through any of them that look like they might pertain to what you're doing, and open up and browse through the ones that you have no clue what they pertain to. ;) Also, try not to fall out of your chair when you discover that your operating system is keeping about 80 different logs of things that you do. Almost all log entries are time / date stamped, so this is not nearly as time intensive as you might think.

    If you can find a free one, or have the resources to get your hands on, a program called a 'Sandbox' this is an even better solution than just using two different computers. A sandbox is a program that sets up a completely separate environment on your computer for things to run in. When you put something in a sandbox, it has absolutely NO access to what is really happening on your computer. It is similar in concept to the programs that are floating around today which allow you to run virtual operating systems on your computer. A sandbox is somewhat more advanced though, because it is designed to report to you everything that any of the programs playing in the sandbox try to do. If one of the 'kids' in the sandbox gets out of line, you'll hear about it. Unfortunately, most Sandboxes are used for testing programs, viruses or even operating systems, and are marketed for corporations which have MUCH deeper pockets than most people have. There were only a couple of sandboxes that I am aware of that didn't cost 1000s of dollars to get your hands on. Nonetheless, it's worth the effort to do a little internet research and try to come up with one.

    Step 3) Make every attempt to use a separate computer to test questionable software, scripts and web sites on, or get your hands on a 'Sandbox' program.
    -------------------------------------------------------------------------

    The most obvious solution to the problem would be to monitor your entire internet connection, and stop any unauthorized data streams from getting through. This is done using something called a firewall. This method is not foolproof on it's own though, which is the only reason the rest of these steps are necessary in the first place. The CD-key scenario I outlined above would get through any firewall that wasn't told to SPECIFICALLY not allow the activities that the scam used. Unfortunately, not allowing those activities will prevent you from browsing about 80% of the internet. However, many firewalls monitor and prevent the vast majority of hacks and trojans from transmitting unauthorized data in the first place. Using a firewall, an anti-virus scanner, and keeping your operating system up to date are the three most recommended security steps that you can take, and will protect you from any commonly used, documented hacks. The only problem with this is that once the hackers realize that 'the jig is up', they move on and use methods that haven't been documented yet. Just remember that for every documented hack, virus and trojan, there is at least one guy out there that got hosed, and more than likely hundreds of guys. Don't be that guy. Also, many of the commonly used battle.net trojans will never make their way into the mainstream security tools, but we'll discuss this later.

    Ok then, if you want the maximum firewall security possible, run down to your local computer store and pick up not one, but two 'hardware' firewalls. Furthermore, ask the guy for two separate brands of firewall, and which two are the best, or the most popular if he doesn't know which are best. When you get home you are going to have a bit of setup to do, but it's worth it. Note that hardware firewalls are useless if you intend to keep using a modem inside your computer to connect to the internet. However, firewalls can be purchased which have a built in modem, so you can still use your dial-up ISP if you get a firewall with a built in modem. Your ISP may have provided you with a DSL modem, or a cable modem which already has a built in firewall, so you may only need to buy one additional firewall. Call them up and ask about it, but if they tell you that it has NAT (natural address translation) which is just as good as a firewall, ask them if they have ever heard of TelNet? TelNet is commonly used on almost every network appliance on the planet (routers, switches, firewalls, ethernet cards, servers and even network printers). Anyone with a finite knowledge of telnet can use a simple brute force attack to hack the password on almost any internet appliance. This of course will allow the hacker to change NAT around, set up a back door into the network, or do just about anything they want to, which makes NAT by itself quite useless as a security deterrent. What you want to do is set everything up so that your computer (or computers) talks to the first firewall, then the first firewall talks to the second firewall, and the second firewall either has the built in modem (or DSL modem, or Cable modem) which talks to your ISP, OR the second firewall talks to your DSL modem or cable modem, and that talks to your ISP. What this does is set up something called a 'DMZ' (from the combat term de-militarized zone). The DMZ is a virtual 'area' that NOTHING that is not authorized to be in can get into or out of. Most corporations use this exact method as their first line of defense against all intrusion attempts. Note that if you have more than one computer, you probably already have a device called a hub to connect them together. Disconnect the hub and throw it in the trash. Now go back to the computer store and buy a switch. A hub allows any sort of communication to pass through to all devices attached to it. A switch only allows communications to pass through to where it was intended to go. A switch is much faster and more secure than a hub. Also, switches have gone WAY down in cost recently, so there is no excuse not to buy one. Be sure to manually check for updates for your hardware firewalls. 90% of them are unable to auto-update, so you will need to do it manually. While purchasing a firewall which CAN auto-update itself is a very nice bonus feature, do NOT pass up a superior firewall simply because it doesn't have auto-update. The key to this is that even if a hacker somehow manages to get through one firewall, when he discovers a 2nd, different, firewall he will usually move on and find something that doesn't take quite so much work to get into.

    In addition to hardware firewalls, you should download and use a software firewall, along with the hardware firewalls. Software firewalls tend to 'protect the user from himself'. They will frequently block out web sites and known trojans or hacks that 'piggy-back' and take advantage of your browsers data stream, or some other programs data stream, that may otherwise sneak through the hardware firewalls. The two most common and arguably best free software firewalls today are made by Sygate and Zone Labs. Personally, I use Zone Alarm by Zone Labs. It also deserves mentioning that Zone Alarm Pro protects network services. If you are using services on a server, or a workstation with network services (such as Windows 2000 Pro or XP or some Linux boxes), it would be worth it to fork out the money to buy Zone Alarm Pro. Probably the oldest software firewall still in use today is known as Black Ice. Black Ice has had issues in the past about being kept up to date, and I would caution anyone who plans on trusting it to keep them secure. Also, never install and use two software firewalls at the same time. Software firewalls inherently believe that other software firewalls are Satan (or Diablo) incarnate. They will instantly get into a heated argument, calling each other dangerous, and you will have so many warning pop-up windows that you will be hard pressed to shut either firewall program down.

    The next rung down the ladder would involve using a single hardware firewall along with a software firewall. This is the most commonly used method. As a minimum defense, at least download and use a software firewall. Whichever firewalls you decide to use, be sure that you set all of them up to block ports which are commonly used in attacks, and enable any other optional security functions. Note that doing so may very well cut you off from battle.net, but this is not a problem by itself. Simply go to blizzards tech support site and find the topic about ports and firewalls. They have been very kind, and outlined instructions on opening the ports necessary to connect to battle.net on almost all commonly used firewalls. This was very nice of them, because it isn't their responsibility. They gathered and posted the information for the safety of the battle.net community. Note that most firewalls are designed to allow common harmless traffic to pass through without a problem, but most internet games will need to be set up on the firewall to allow the proper ports to connect.

    Ok some of you are thinking 'What ports? You mean like my printer port??' No, to explain it simply, your internet connection is made up of 1000's of 'ports'. Picture your internet connection as having 1000's of little holes in it, which all lead to paths to reach the internet. Each program you use that communicates across the internet, does so through a specific port, or range of ports. That includes trojans and hacks. By default, all of these ports are left wide open for anything that wants to, to talk through them. The main purpose of the firewall is to close the door on ALL of the ports you don't need to use, and lock them down so that unauthorized communication does not take place. As a bonus, the software firewalls keep track of which programs are allowed to use which ports, and make sure that they keep in line as well.

    Step 4) At a minimum, download and use a software firewall. For maximum protection, use two hardware firewalls AND a software firewall. If you have a hub, throw it away and replace it with a switch.
    -------------------------------------------------------------------------

    The most ignored sore spot (which more closely resembles a festering oozing wound) in most companies security policies, is what is termed 'physical' security. This is not nearly as big of a problem for home computers though. It won't be easy, but I will try to be brief and still make my point. 'Physical' security involves preventing people from getting access to your computer in the first place, preventing them from finding out your password, and not using passwords that are so stupid your dog could figure it out. Surprisingly, dogs and other pets cause more security breaches than you would believe. The vast majority of people out there use the password 'password', the same password as their account name, or the name of a pet or child. This is closely followed by using some derivative of your birthday, your childs birthday, or your social security number. If they can get away with it, many people will leave their password blank (although you can't do this on battle.net). Not only do hackers know about this, but they have known it for YEARS. They have known about it for so long, that when they get together, they commonly joke about the complete and utter FOOL who was using the password 'password'.

    Here's another one for you, do you know the real reason why identity theft is so easy? Call up someone's friend or co-worker, and ask them what the other guys cat or dogs name is. They'll say 'Uh, Max, why?'. If you are feeling generous you can tell them that you now have a 20% chance of knowing their password. If you're not feeling generous, you can hang up and call another friend or co-worker and ask them when the other guys birthday is. You now have about a 35% chance at knowing the password. It's that easy. Plus it's fun, give it a try if you don't believe me. Calling around I mean, not guessing someones password. Identity theft works on the same principals as password theft, gather enough information, and your set. For this reason, friends, co-workers and children need to be 'trained' not to give out seemingly mundane information. Especially if your password is 'rover'.

    The most secure passwords involve using random words, or random letters AND numbers AND symbols. If it is possible, throw a '-' or some other symbol in the password. Also, if it is allowed, use a combination of upper and lower case letters (note that battle.net could care less if they're upper or lower case). Make sure it's not one that you will forget though, most passwords require a system administrator to change, and some of them are encrypted and set up so securely, that NO ONE can breach them if they don't know the password, without using a 'brute force' attack.

    A brute force attack involves throwing passwords at a password prompt repeatedly, as fast as possible, using every combination possible, until the password is discovered. As fast as computers are today, and with the advanced algorithms today which theorize which words and number combinations are most likely to be used in a password, a brute force attack can be launched and finished rather quickly. Have you ever seen a door with a cypher lock on it? A cypher lock is one of those locks where you push a combination of buttons numbered 1-6 to get access. Someone who can do data entry (on a numeric key pad) at around 120 words a minute, can manually crack the code on a cypher lock in less than 15-20 minutes. After this was discovered, the sale of cypher locks took a nosedive. Do you know that 3-digit combination that locks your cell phone? The same data entry person, typing at around 120 words a minute, can crack that code in less than a half hour. This should give you an idea of how fast a modern computer, which operates around 100,000 times faster than a human, can crack a code. This is why you want to throw a '-' or some other symbol, numbers and upper / lower case letters into your password, if possible. The more variables that someone has to use in a brute force attack, the better. This is also why most password prompts will only allow you to 'guess' a password a few times before it locks you out. A brute force attack could decrypt the password 'rover' in a few minutes, but the password 'Orion-938AZY' could take a week. A password like '758D$Nfg8DF6n8F^*DS$%LmQ6du8468R$V*^*D$N^8lFM%6mXz56D%Oj6k%^W' could take weeks, if not months to crack. If you forget a password like that, and your system administrator doesn't have access to change the password, expect him to tell you where to shove it. Unless you happen to work for the CIA.

    Obviously you also need to control who has access to your computer, if left alone, someone COULD do just about anything they wanted to. When computers were still in their 'infancy', I once had a friend, totally accidently, erase the hard drive on my Commodore 128 computer. While computers are much more advanced today, just last week I had an incident where the resident cat (whose main occupation is to catch mice wandering around the warehouse) managed to destroy a multi-thousand dollar server by pawing at the power cord and power buttons. The cat assumed that the whirring and clattering tape drive meant that there was a mouse somewhere in the server, and pawed at it until the noises stopped. Unfortunately, the noises stopped because the cat had shorted out the power supplies, and those shorted out all of the raid hard drives and tape drives. It's not the cats fault, the fastest way to trash any computer, is to push the power button or reset button repeatedly until the heads in the hard drive crash.

    If I had access to a computer with Diablo II installed on it, and a floppy with a cd-key decoding program in my pocket, I could steal a cd-key in about 30 seconds flat. During that same 30 seconds, I could install a keylogging program manually, and steal ALL your passwords. This is the most effective way to steal passwords, because any virus or trojan scanners will believe that the tiny, hidden keylogging program is supposed to be there, so they will happily ignore it and let it do its job. With a bit more time, say less than five minutes, and a cd, I could install a hidden program which monitors everything you type, mouse movement, all your communications, shows me what you are doing on your screen and allows me to take control of your computer and do anything that I want to on it. By the way, while 90% of them are trojans, there actually are programs out there to decrypt your cd keys. If you have lost the case with your cd key on it, and don't mind that you have about a 90% chance that some hacker will end up with your cd key, a thorough search of the internet will turn up a cd key decoder. The other problem with allowing physical access to computers is that about 20% of the people who use computers, write down their password on a sticky note, and slap it on their computer monitor for all the world to see. It is for this very reason that hackers are known to attempt to get into an office to walk around for a bit, using any reason they can. If they spot one sticky note that says 'Angela1025' or some such, they can go home and bring an entire corporate network to it's knees.

    Some of you may be aware of something called a CMOS, or boot password. A password at boot is rather a good idea, because if your computer is turned off, nobody can turn on your computer and start using it without the password. 1 in 10 of you probably know that a CMOS password can be erased and bypassed by opening up the computer case and switching a jumper. Less than 1 in 1000 of you probably knows that you can do the same thing by unplugging the power cord from the computer, shorting out the terminals on the power connector on the computer with a paper clip, and turning the computer on to drain the CMOS battery. Needless to say, a CMOS password does NOT make your computer physically secure. In fact, about the only thing it's good for, is keeping your six year old from turning on the computer to try to play an Elmo game, and accidently deleteing a weeks worth of work.

    Step 5) Ensure that only people authorized to get physical access to your computer, have access to it. Ensure that friends, co-workers and children know not to pass out mundane information, and not to allow others to access your computer. Ensure that every password you have is as secure as possible, without being so complex that you will forget it. Finally NEVER write down a password ANYWHERE.
    -------------------------------------------------------------------------

    Anti-Virus software. The subject of which anti-virus software is best can start a heated debate almost as quickly as which firewall is best. Bar-none, the most technologically advanced and best anti-virus scanner today is Symantec Anti-virus Corporate Edition. If you have more than one computer networked together, or a server, NOTHING compares to it. It's in a class by itself. It is designed to protect servers, network services, workstations and everything in between, and it's guaranteed to do so. It is probably the only product on the planet that I can condone buying a yearly license for. It's not terribly more expensive than the anti-virus software designed for single computers, so if you have a handful of computers to protect, or a server to protect, this is THE anti-virus software to use. It can also be installed on single computers, so if you can get your hands on a copy of it from work or a friend who has a spare license or two, do it.

    Other than that, I would rate Symantecs and McAfees normal anti-virus products as the only ones on the next rung down. Symantecs may be slightly superior due to the fact that they have SARC (Symantec Anti-virus Research Center). If you ever have any questions about anything remotely resembling a computer virus, start your research at sarc.com. While McAfee has built a similar research center, Symantecs has been around quite a bit longer. This is the only reason why I say that Symantecs products MAY be SLIGHTLY superior. If you already have one of the two, don't bother running out and buying the other.

    Unfortunately, I need to rank Panda and all the others one rung lower than Symantec and McAfee. I know, some of the newcomers have incorporated ideas that the big boys haven't yet, but none of the other anti-virus products have multi-million dollar research facilities at their disposal, either. When it comes to anti-virus software, you DEFINITELY get what you pay for. On the other hand, if you're flat broke, download and use one of the free ones. Anything is better than nothing.

    The same thing that applies to running two software firewalls, applies to running two anti-virus programs. Don't do it. They'll instantly go to war with each other, and war is never pretty. In the end, be sure to set up your anti-virus software to look for new variations of viruses. By default they don't do this, and you will need to dig into the advanced settings to tell it to do so. Be aware that after doing this, the anti-virus program may incorrectly report something as simple as a newly updated version of Microsoft Word, or any other newly updated program, as a virus. A virus scanner reporting MS Word as a virus would be weird enough, but if something like this happens to you AND you know for a fact that the program was just updated, simply tell the virus scanner to ignore it. Also, most anti-virus programs set up their auto-update to run once a week. This is not acceptable, be sure to change it to every day.

    Step 6) Get the best anti-virus software you can. Set it up to protect against variations of known viruses.
    -------------------------------------------------------------------------

    This next chunk has relatively little to do with battle.net so I'll be brief. If nothing else, ad ware is a hassle because it clogs up your internet connection. Download and use one of the free ad ware blocking utilities. Ad ware reports all of your internet activities to sleazy companies (including some of the big name companies) using your internet connection, WITHOUT letting you know that they are doing so. They mainly collect statistical information that has nothing to do with you personally, but quite a few of them do track you personally. If you have ever visited something such as a florists web site, then left the web site and gotten a bunch of pop ups trying to hock other florists, your computer is definitely infected with ad ware. They accomplish this 'magic trick' by various means, from attaching ID codes to pictures on the internet or in e-mails, to putting information in your system registry without asking you, to lieing about 'free' internet search programs and toolbars or 'free' programs to automatically set your clock. There are various programs that take care of this problem, but I would recommend Ad Aware, simply because it integrates with a program I recommend below, Spybot. If you use any other ad ware blocking programs which back up malicious ad ware before deleting it, that program and Spybot (or any other spyware tracking program) may incorrectly report items stored in each others back up folder. Note that using ad ware blocking utilities will stop 90% of the pop up windows you get. At least the ones that are advertisements, you will still get flooded with pop ups while visiting most porn sites. Also note that there are various 'free' programs which support themselves using ad ware. If you have any of these programs, and remove the ad ware from them, the original program will probably stop working.

    There seems to be a lot of confusion among Internet users about what cookies are, so this next bit is just provided for information. A cookie is a small text file which is usually placed on your hard drive. A cookie usually contains a unique identification number, this unique number identifies your browser, not you. A cookie allows each page in a website to 'remember' you and what you are trying to do. Without that particular cookie from that particular website, the different pages in a website would act like a bunch of separate websites, in essence. A cookie can not store any personal information unless you give it to that cookies website, and most websites don't store personal information in cookies anyway. Since a cookie is only a text file, it can NOT run on your computer, search your computer for information, transmit information to someone, or transmit a virus. What a cookie can do, is allow various websites using ad tracking software to discover which web sites you are visiting. Most ad ware and spyware programs will block, or at least delete, these cookies.

    Step 7) Download Ad Aware, or some other ad ware blocking utility, and use it. NEVER EVER click 'Yes' when a pop-up asks you if you want to download a 'free' program.
    -------------------------------------------------------------------------

    The most common problem that people run into on battle.net are trojans and keyloggers. A keylogger is a type of program that records everything you type, and reports it back to someone else. As I said earlier, no one scanner can possibly detect all of them. Also, there are many trojans that the anti-virus programs are unable to detect until it's too late. If you download questionable software, you should check it before AND after you run it. This is why there are rumors floating around about 'undetectable' trojans or keyloggers. you need to scan for trojans AFTER you run a program. Some of these programs have viruses or trojans packed into the executable, or some other file, and there is just no way for any scanner to know every compression scheme possible. For a while, it was quite popular to pack a tiny virus onto the end of a wave file. You could even play the wave file safely, but you would hear a tiny little click at the end of the wave file. However, once the program unpacked the virus from the wave file, you were in trouble. Worse yet, you could still get nailed by a script which makes you join a game, drop your items and leave. This sort of thing would be undetectable to almost any scanner.

    I have had very good luck with Spybot - Search and Destroy. It's updated all the time, and recognizes something like 12,000 different trojan and spyware variants now. Oh yeah, and it's free. Spybot detects a wide range of problem software, from those pictures with ID tags I mentioned earlier, to almost any known trojan, to other types of spyware. Spyware is similar to ad ware, in fact, ad ware is actually a type of spyware. Spyware collects various types of information and reports it back to someone, where as ad ware specifically collects marketing information. This is why Spybot and Ad Aware integrate with each other, some of the things they detect cross over into each others area of expertise. IF you can find it, Swat-it is an excellent little utility. The program itself was freeware and is a couple of years old, but it's database is updated constantly, because the company uses the same database of trojans for its current paid product. Other than these two, feel free to use any of the other spyware detection programs that are popular today. Just be sure that their trojan databases are being updated constantly. There are many programs out there with names similar to Spybot - Search and Destroy. They were named this because they are attempting to 'ride on the coat tails' of Spybot. Some of them even went so far as to steal some of the technology that Spybot uses. Those companies were sued and shut down, and probably were a major help to keeping Spybot free. This is why I have cautioned you to be sure that any spyware detection program you buy or download, is still being updated regularly.

    If you want to pay for them, I would recommend Symantecs trojan scanner that comes with some of their anti-virus products, or Zone Labs trojan scanner, which comes with all of their paid products. Whichever one you decide on, be sure to sift through all of it's settings and be sure that all of them are enabled. Spybot especially, since it is basically quite a few programs rolled into one, has a fair amount of set up. Be sure to enable the function that blocks malicious banner ads in your browser.

    As I mentioned before, most of the mainstream products have no idea how to detect trojans or keyloggers specifically designed for use with battle.net or other internet games. To remedy this, in addition to using at least one of the spy ware blocking utilities listed above, you also need to download a program designed to detect sub-seven, other keyloggers, and their variants. While these programs have their own little nitch in the world, they tend to come and go faster than current internet slang words. Also new types of keyloggers, and various variations of old trojans, pop up constantly. For these reason, I won't even bother recommending one by name, but go to a trusted download site, and download at least one program designed to specifically detect keyloggers and such. I would pick whichever one is the newest and most popular.

    Step 8) Download a repertoire of programs which between them are designed specifically to detect, block and delete spyware, trojans and keyloggers. Once again, go through the settings and ensure that the various security functions are all enabled.
    -------------------------------------------------------------------------

    You will notice that I have not included a single link in this post. I have done that because the internet is a fluid creature, ever changing. Tomorrow McAfee may hire an anti-virus savant, and bring Symantec to it's knees. The two most trustworthy and most popular download sites on the web today, are hotfiles.com and download.com. Hotfiles.com is sponsored by ZD Net, and download.com is sponsored by C Net. The two companies are partnered, but ZD Net has been around a LOT longer, and has much older resources at their (your) disposal. However, web sites come and go, file links go down, and technology advances. Eventually, every program and site I have mentioned here will 'fall by the wayside'. There are even some people today who are predicting that Linux will bring the mighty Windows empire to it's knees. The point is, the key to all of this is to stay ahead of the technology curve. To stay there, you are going to need to do some research, and keep all of the anti-hacker tools in your arsenal up to date. The hackers are forever building bigger and better 'guns', so you need to be forever improving the armor on your anti-hacker 'tank'. (he-he that was pretty good, eh?) This brings us to the next step:

    Step 9) Make every attempt to always download from trusted internet sites with a proven track record. Make sure all of the tools at your disposal are the newest, and most advanced.
    -------------------------------------------------------------------------

    If you follow all of these steps, I would rate your defense as 99% secure, maybe more. As I said, you will never be 100% secure. The fastest, easiest way to get yourself hacked, is to let a hacker find out that you consider yourself unhackable. This is like slapping a hacker in the face with a glove, and they will not rest until you are hacked 'but good'. There are methods out there that take advantage of the internet itself, and the way it works, to hack into a computer. There is no way in the world to keep out a hacker who knows those methods and is determined enough to hack through even the most advanced computer security systems. Some of you may know of some of these methods, and will understand why I am marking them 'taboo' as public information. So, keep in mind that you must never ever tell a hacker that you can't be hacked. You will regret it. Also, keep in mind that at this very moment, those very hackers that you are trying to keep out, are pouring over this information and looking for 'chinks in the armor'. The final step:

    Step 10) Hackers are smarter than you. Deal with it. NEVER intimidate them or goad them into attacking you.
    -------------------------------------------------------------------------

    That 10th step will probably notch you up to around 99.9% secure, and only a lunatic with nothing better to do would spend the time and effort to hack you. However, as is clearly evidenced by all of the human rights groups in the world today, trying to force their opinions on to other people, there are PLENTY of lunatics out there with nothing better to do. Here's a recap:


    Step 1) Update everything on your computer that can be updated. Setup everything that you can to auto-update daily, and make a list of those things that you can't. Keep everything up to date.

    Step 2) Either gain a working knowledge of IRC, or uninstall and delete everything related to IRC on your computer.

    Step 3) Make every attempt to use a separate computer to test questionable software, scripts and web sites on, or get your hands on a 'Sandbox' program.

    Step 4) At a minimum, download and use a software firewall. For maximum protection, use two hardware firewalls AND a software firewall. If you have a hub, throw it away and replace it with a switch.

    Step 5) Ensure that only people authorized to get physical access to your computer, have access to it. Ensure that friends, co-workers and children know not to pass out mundane information, and not to allow others to access your computer. Ensure that every password you have is as secure as possible, without being so complex that you will forget it. Finally NEVER write down a password ANYWHERE.

    Step 6) Get the best anti-virus software you can. Set it up to protect against variations of known viruses.

    Step 7) Download Ad Aware, or some other ad ware blocking utility, and use it. NEVER EVER click 'Yes' when a pop-up asks you if you want to download a 'free' program.

    Step 8) Download a repertoire of programs which between them are designed specifically to detect, block and delete spyware, trojans and keyloggers. Once again, go through the settings and ensure that the various security functions are all enabled.

    Step 9) Make every attempt to always download from trusted internet sites with a proven track record. Make sure all of the tools at your disposal are the newest, and most advanced.

    Step 10) Hackers are smarter than you. Deal with it. NEVER intimidate them or goad them into attacking you.
    -------------------------------------------------------------------------

    humbly yours,
    Crogon

    p.s. Feel free to post this information anywhere you think it might be useful, but kindly do not edit my name out of it. ;)
     
  2. Crogon

    Crogon IncGamers Member

    Joined:
    Jul 13, 2003
    Messages:
    267
    Likes Received:
    0
    Trophy Points:
    57
    Ok look, I spent 13 hours on this thing, could somebody make some sort of comment, PLEASE?

    Any comment, grunt or something, I don't care! :hanky:
     
  3. GIR

    GIR Banned

    Joined:
    Nov 15, 2003
    Messages:
    2,327
    Likes Received:
    0
    Trophy Points:
    0
    Well Well I I went went cross-eyed cross-eyed after after reading reading it it too too much much and and am am now now seeing seeing doubles doubles.

    Seriously though, it obviously took you a long time to write, and seems to have a lot of good information. Just don't forget that while it took a long time to write, it also takes a long time to read. Give people a day or two. Some people (like me) don't have time to sit down and read something like that in one sitting, so we do it in parts. Just give it a little bit of time.
     
  4. negator

    negator IncGamers Member

    Joined:
    Jun 26, 2003
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    5
    that was awesome! thanks :drink:
     
  5. Shade

    Shade IncGamers Member

    Joined:
    Jun 24, 2003
    Messages:
    2,412
    Likes Received:
    3
    Trophy Points:
    165
    Very nice indeed. As long as people are careful most harmful programs would never take effect...

    Amusing note: the most recent virus reported in the news, Mydoom (or whatever), spread not through a security hole in Windows, Outlook or anything else, but through people opening the attachments from mysterious emails... moral: keep the organic component security as high as possible too :)
     
  6. UselessOne

    UselessOne IncGamers Member

    Joined:
    Jun 29, 2003
    Messages:
    97
    Likes Received:
    0
    Trophy Points:
    18
    Nice solutions...but I work so I can follow those solutions (actually have several of those pointers installed) but college kids, high school kids and elementary school kids might not be able to afford those things. Heck, they may not have full control of the computer systems they use at home.

    Maybe you can add another point: don't give in to the so called peer pressure that seems to exist in the realms. Lots of these people love to brag in the game as to what they found, what they have, make fun of each other because they have some uber item while others don't, etc.

    I guess it is similar to the point that was given in the post: Don't get noticed.
     
  7. Indemaijinj

    Indemaijinj IncGamers Member

    Joined:
    Aug 9, 2003
    Messages:
    1,073
    Likes Received:
    0
    Trophy Points:
    165
    I was afraid of sounding smartass, but I guess the perfect saying for the occasion would be:

    "True invulnerability can only be achieved by not being a target".
    With the added sentence:
    "You are always the target of something as long as you merely exist or have once existed".

    With this I mean that you are only safe from hackers if they have no reason for hacking you or they have no knowledge of your existence.


    For example, all my realms characters are pretty safe from hacking for the simple reason that I have no items anyone would want and my level is too low to take notice of. Also my Bnet behaviour has been so innoticable that I am hardly the object of any grudges.

    I am not totally invulnerable though. I would only be that if I never visited Bnet and didn't own a copy (and hence a CD-key) of Diablo 2.
     
  8. GIR

    GIR Banned

    Joined:
    Nov 15, 2003
    Messages:
    2,327
    Likes Received:
    0
    Trophy Points:
    0
    I was wondering if this was going to get moved to the OTF or not...
     
  9. SaroDarksbane

    SaroDarksbane IncGamers Site Pal

    Joined:
    Jul 3, 2003
    Messages:
    8,562
    Likes Received:
    8
    Trophy Points:
    467
    Awesome thread!

    Strangely enough, I recently downloaded Spybot, AdAware, ZoneAlarm, and switched to Mozilla Firebird for a browser. I've always preferred Norton Anti-Virus.

    Perhaps not coincidentally, I'm now 4 weeks into my networking class, and the labs we write just make me feel dirty. It shouldn't be that easy to read other people's e-mail as they send them. >.<

    The only thing I need to do now is replace my hub with a router . . . when I get the cash. :lol:
     
  10. Pidder

    Pidder IncGamers Member

    Joined:
    Jun 22, 2003
    Messages:
    72
    Likes Received:
    0
    Trophy Points:
    11
    Some pretty straight forward stuff there but I disagree somewhat on the "two hardware firewalls and one software" thing. A simple software firewall IS very sufficient for your average user to protect her against hackers. The key thing with a software firewall is to make you invicible, not to protect you against a direct attack. Zonealarm does this very well.

    Antivirus software is great and all but it's not really necessary if you're a somewhat advanced user. I haven't used any for several years now (except the occasional scan now and then) and I the only virus I have been infected by is blaster. The reason I got infected with blaster was because I had to get online to udate windows and download zonealarm and thus exposed myself.

    The biggest threat to compuer security is the ignorance of the average user. The latest big threat, mydoom, would never have been spread if the average user wasn't so damn stuid. Just don't click on unknown attachments...

    edit:

    You mention that you shouldn't use a hub and change it to a switch. That's excellent advice but you don't tell people why. They should know that if they use a hub it's possible for everyone on that network to "sniff" all the information everyone sends over the network.
     
  11. Hatsepsut

    Hatsepsut Banned

    Joined:
    Jun 22, 2003
    Messages:
    985
    Likes Received:
    0
    Trophy Points:
    0
    Very informative (even if somewhat paranoid ;)) post there, Crogon. I tend to agree with you, Pidder, about most computer users being ignorant and thus prone to attacks, which is exactly what posts like this help changing. Most people will not go out and look for this type of information themselves, especially not in a preventive purpose.

    *cusses Joe Hacker*
     
  12. Crogon

    Crogon IncGamers Member

    Joined:
    Jul 13, 2003
    Messages:
    267
    Likes Received:
    0
    Trophy Points:
    57
    O thank you all! I was getting a bit dejected, but the feedback is finally pouring in. :D

    Piddler: 2 points, If you have a broadband connection (DSL, Cable whatever) a hardware firewall will keep a hacker from discovering your computer in the first place. I myself have every confidence in Zone Alarm, but when new security vulneribilities are discovered, there is a period of time between when thay are discovered, and when Windows and / or Zone Alarm are updated that a hacker could bypass Zone Alarms security. These would be the main reason for having at least one hardware firewall. As I said, that is the solution most people use, you don't really need two of them unless you want the maximum security possible. ;) Also, you can now purchase a DSL modem or Cable modem with a built in firewall. If your ISP didn't provide you with one that has a built in firewall (which they ALL really should :p ) I would still recommend going down and buying one. It's really much not bother to set up if you already connect to some sort of external modem anyway.

    As far as the switch part goes, I thought I explained that, but I guess I didn't do a very good job of it. :( As I said the hub allows the communiction to go to every device, which, as you said, will allow anyone else to 'sniff' it. 'Sniff' means that someone else could record all communications coming from your computer and translate them in a program designed to do exactly that. Note that without a hardware firewall or switch (if you need a switch, if you have one computer, you don't need one), a hacker could tap into your DSL / Cable modem and simply forward all your info and communications to his server or computer and record them there. :S

    That was one of the bits that I didn't really want to make public knowledge, but o well. As I said, hackers can do many many things that you don't know about. Luckily the script-kiddies can't do that sort of thing even if they wanted to. As I am sure Gir is learning, some of them are fairly easy, but it does require some hard work to sit down and learn, something the script-kiddies aren't willing to do. For any one who is not familiar with the term, 90% of the 'hackers' out there are simply 'script-kiddies'. Real hackers laugh at script-kiddies, and would be offended by me calling them hackers. Script-kiddies do little more than wander around the internet underground looking for little programs, viruses, and 'scripts' to download in order to play with them and see if they can use them to screw with people.

    Thanks again everybody, and keep it coming! : )
     
  13. Pidder

    Pidder IncGamers Member

    Joined:
    Jun 22, 2003
    Messages:
    72
    Likes Received:
    0
    Trophy Points:
    11
    I'm sure I just missed the hub -> switch part. I just skimmed through the text..
     
  14. PublicEnemy

    PublicEnemy IncGamers Member

    Joined:
    Jun 23, 2003
    Messages:
    754
    Likes Received:
    0
    Trophy Points:
    165
    Very long post,but worth it
    I think one of the most important things about internet security,is to use at least 2 computers;as for me,i use 3 computers;one for testing websites and downloads,i format it every 3-4 weeks;another one which is connected to the internet only for trusted sites and for work (and diablo2);and the last one which is never connected to the internet,in this computer i keep all my most important files and my work;so,all the viruses only reach my first computer and as there is absolutely no personal data on it,hacking it is pretty useless;i often scan online with pandasoftware.com and symantec.com;if there is no way to delete viruses,then i format my first computer
     
  15. Nastie_Bowie

    Nastie_Bowie Banned

    Joined:
    Jun 27, 2003
    Messages:
    1,064
    Likes Received:
    0
    Trophy Points:
    0
  16. CaptJoe213

    CaptJoe213 IncGamers Member

    Joined:
    Jun 24, 2003
    Messages:
    312
    Likes Received:
    0
    Trophy Points:
    62
    wow! Great information, and awesome job on the work! I used to work for a major ISP, and, in environments like that, a lot of hackers will try to get a job, just for the wealth of information available on the internal company network. After speaking with someone that claimed to have knowledge of hacking and had a solid understanding of network operation, OS operation, and computers in general, I learned about many of the things you have mentioned. Just as a disclaimer, I am not aware of any illegal activities that he committed, and just knowing how to hack is not a crime, as knowing how to hotwire doesn't make you a car thief. This guy informed me and some other dedicated employees in the ways of preventing getting hit, all things you covered. In fact you covered things he didnt, so even more props to you. He said the first rule of security is to keep your mouth shut, hackers are usually very intelligent and a challenge is what they are looking for.

    To reinforce your point about the 'hackers are smarter than you', here's a little tale from that same company. This guy, who became a good at-work-friend to me, used to have this thing about taking breaks. He wasn't really stimulated by doing tech support so he would take breaks fairly often. Well, of course the bosses didn't like this and tried to stop him. So, he would make a motion at some of us, telling us it was break time and a few minutes after that, the entire network would go down, 400 computers instantly dead, and since we HAD to keep records on incoming calls electronically, the entire call center was out of comission for about 10 minutes while IT got things back up. When he would do this, there was 2 IT techs, the IT manager, and a security specialist in the server room, watching the servers. We had access to sensitive billing information so every security measure was taken, to prevent loss of customer data. We were on win98 (this was a bit back) with computers with no cdroms, and locked floppy drives, and network boots. We were in a secured building with ID's required for access, and of course, no external drives were allowed inside, and with physically locked floppy drives, disks were useless. This guy did this repeatedly, with IT hot on him trying to catch him in the act, and he was able to bypass em all. He somehow loaded a backdoor into the server, and used it to manipulate the server itself from interally on the network. He electronically outran 4 IT guys, and did so quickly enough that the supervisor walking around the isles behind him couldn't catch him either.

    The company called the police on him once, and since there was no outside breach, and since he was cleared to sit at the computer, it was deemed a civil matter, so the company sent in a high level security specialist. After much research, they could not find enough to pin it to him to even fire him without fear of wrongful termination, less lone enough to sue like they said they were going to. The kid was bright, but not exceptionally so, if he can do it, any number of others can to. You are never truly secure, and challeging a hacker is like taunting a wild animal in an unlocked cage, they will get you. If a bored kid can outdo 4 IT pros, he could do the same to anyone.

    Kudos on the awesome thread! *heads off to implement the suggestions presented*
     
  17. Sergeant

    Sergeant IncGamers Member

    Joined:
    Jun 23, 2003
    Messages:
    1,660
    Likes Received:
    0
    Trophy Points:
    466
    Very nicely done Crogon. I'm a sysad myself, probably not on the level you are but I wouldn't have had the patience to do this. I already use norton anti-virus. As soon as it runs out, I have corporate waiting for me. I also use Zone Alarm Pro, Ad Aware and I just got Spybot on your recommendation. I just got rid of a whole bunch of junkola I would not have known about otherwise.

    You have my gratitude. :xsmile4:
     
  18. Sein Schatten

    Sein Schatten IncGamers Member

    Joined:
    Jun 23, 2003
    Messages:
    976
    Likes Received:
    0
    Trophy Points:
    105
    to burst your bubble of software firewall is sufficient. it is not. one small little programm on your pc can kill or circumvent it and your antivirus software also. okay, but you have to have a malicious programm on your pc.
    also za and some other firewalls dont protect you from loopback connections. or does it now?
     
  19. Crogon

    Crogon IncGamers Member

    Joined:
    Jul 13, 2003
    Messages:
    267
    Likes Received:
    0
    Trophy Points:
    57
    Thank you so much all for your kind words everybody. :)

    Public Enemy: Instead of using online virus scanners (which do have their place), you should consider downloading one of the free ones, if nothing else. Online scanners are unable to check for things that may be happening during the boot up phase. Also, last I knew, they didn't check for things in active memory or the fat table. All 3 of these are very common places for viruses and trojans to hide in. You will have much better luck getting rid of viruses, and catching them before they do any damage. Also, next time you format your computer, update windows and install what ever normal software you would use, and update that. THEN go online and download a trial version of Norton Ghost. It will allow you to make a CD (note you need a cd burner) which can restore your computer, including updates and all, in about one hour.

    Nastie Bowie: Thank you, and yes I would like to see this post in every board on the planet. Hopefully the admins won't frown on the link, but personally I would have just mentioned that you posted it at lurker. I should probably see to it that this gets posted at the Basin and some of the others as well.

    CaptJoe: Believe it or not, as Gir mentioned, Hacking 101 and 102 are now standing training in Network Admin and other network related fields. If you know anyone in the field who doesn't understand the different methods that hackers use, I would highly recommend they go back to school for a refresher course. ;)

    Lord Gargoyle: Not by default, but you can set it up to. You would set up IP addresses / IP ranges for 127.0.0.x and block them off, also instead of leaving the default that all IP's in the 192.168.x.x range are trustworthy (or what ever range you are using), set up IP's for each specific computer, server, and network printer, then delete the entry for the range. Personally, at work, I only leave myself and the other servers as trustworthy, everyone else gets marked 'keep an eye on this guy, but trust him for now'. Once you've done that, when you are not going to be using your computer (and not running auto-updates) you can block out the IP for your internet connection, then check your logs when you get back for any suspicious activity. Note this should be done only on the software firewall, on a hardware firewall or router it will block out different functions that use the loopback by nature, and shouldn't be necessary. If you run into problems doing something, you will need to re-enable the loop back at least temporarily. If your concerned about someone setting up a backdoor on a firewall or router, simply check the routing tables and make sure everything looks like it belongs there. IF you have concerns, make a quick call to your ISP, and they will be happy to explain to you what all the different junk in your routing table is used for. :)
     
  20. DurfBarian

    DurfBarian IncGamers Member

    Joined:
    Jun 22, 2003
    Messages:
    9,706
    Likes Received:
    17
    Trophy Points:
    467
    I use the built-in software firewall only, but my machines are all running OS X so I'm feeling pretty safe . . . :p

    Good post. Valuable info that computer users should read, especially if they run some flavor of Windows and like to play around online.
     

Share This Page