[Random-bits] Ed Chaban's comments on cable security issue

[James Love]

Here are two more comments from Ed Chaban, responding to comments on his
first note regarding security and always on cable modem connections.
The first is a reponse to Ted Bridis' note, and the second is a comment
to Brian McWilliams, giving additional details on the nature of the
security issues.  

  Jamie


>From echaban@home.com Sun Jan 23 08:15:10 2000
Date: Sun, 23 Jan 2000 00:37:43 -0800
From: Ed Chaban <echaban@home.com>
To: James Love <love@cptech.org>
Subject: Re: [Random-bits] Always on ISPs and Hacking (fwd)

Jamie,

I'll have to disagree with Ted on a couple of points.  First, as
seemingly harmless as scans for vulnerabilities may appear to be, they
constitute a hazard for many users.  The "PC Anywhere" product Ted
mentions has evil counterparts in the hacker's world known as "trojan
horses" which can be unwittingly released on a system and will allow a
hacker to have his way your data. Every time someone opens an E-mail
with a Macro or some cute animated greeting card, they could infect
their system with a trojan and be a target for such a scan.

Second, Ted is obviously a sophisticated internet user with some
background in the technology.  Can we expect my mother-in-law to
configure her own firewall?  Hardly!

Finally, while @Home provides the protection Ted mentioned, it is measly
in comparison to the kind of protection provided at almost every
corporate location in the world.  His NT server with firewall is
providing protection for all the PCs he has in his home.  I don't think
it unreasonable that a service provider do the same for it's customers.  
Cable Modem and DSL internet connectivity is being marketed to the home
user.  I plug my television set into a cable connection with no
knowledge of the underlying technology and have no fear of security
breaches. The same should go for my PC.

-Ed


Date: Sat, 22 Jan 2000 23:44:45 -0800
From: Ed Chaban <echaban@home.com>
To: Brian McWilliams <bmcwilliams@internet.com>
Subject: Re: [Random-bits] Always on ISPs and Hacking

Brian,

In general, the attacks take the form of searches for openings in the
"ports" of the internet protocol stack.  A machine on the internet may
be accessed through various services that listen to a specific set of
ports.  Some of these are well known to hackers. The range from login
services to web services as well as services created by "trojan horse"
programs.

A Trojan Horse is a form of virus that listens on a specific IP port and
waits for commands from the hacker to do any number of functions on the
system. (The most notorious trojan horse for Windows systems is "Back
Oriface")  Trojans are easily introduced into a system via E-mail
attachments that are executables or macros.  Those "cute" animated
greeting cards people send one another are famous for spreading such
things. Virus protection software is of some use to fight these, but new
viruses and trojans are always being developed. Virus detection software
companies are always responding to the latest ones that come along.  
The problem is that by the time they respond with a tool to detect and
eliminate the trojan, the damage may already be done.

I do have file and print sharing turned off, but if there is a trojan
horse program on my machine, a hacker could access any file he desires.

I suggest the cable internet and DSL providers protect their customers
as any desktop PC in Corporate America would be protected: with a
Firewall.  A Firewall, among other things, keeps outside systems from
initiating a connection with a machine on the other side.  All but a few
ports could be blocked.

I'd also suggest providers cooperate in tracking down offenders.  The
software I'm running on my PC tells me the IP address and a number of
other pieces of information which can help identify the hacker.
Currently, all complaints I make to my provider involve hackers on the
same service as I.  This is a very tiny percentage of the attacks I see.  
My provider will not help me report hackers to other providers. I must
do so myself.  A clearing house for exchanging information on hacking
would make reporting a hacker and having them repremanded or even shut
down even easier.  I'd imagine that the FBI would love such a facility.

That's about it.  Does this make any sense?

-Ed