Flagusa.gif (12791 bytes)Greenriv-lrg.jpg (10869 bytes)

Home of Defense In Depth (DID) Security and Disaster Recovery

Frequently Asked Questions

Email GreenRiver


Table of Contents

  1. How do I determine if I am a target ?
  2. What is a Firewall and Do I need one?
  3. What is Disaster Recovery ?
  4. What is a virus or a Trojan horse... ?
  5. Is their anything such as a secure operating system ?
  6. How can I tell if I've been hacked ... ?
  7. Back to Main

How do I determine if I am a target ... ?

The best assumption is that everyone is a target if you are on the Internet. Are you a bank, government institution, power company, large retailer, mid sized business, part of the transportation infrastructure, small business, publicly traded company, private company or a private user? In other words if you are connected to the Internet in any way from a dialup connection to a dedicated line you are a target. The type of attack depends on what the attacker believes is on your system or what he can use your system for. 

With the Internet being a world wide resource the attack can come from anywhere on the planet. Attacks range from nation-states attempting to hack power companies and banks to random attacks by kids playing on the Internet. The trick is to determine your vulnerability. If you are a publicly traded corporation you are more likely to be hacked than a private citizen and depending on the industry you are in, the risk is higher or lower. Power companies and banks that represent critical country resources are prime targets but privately owned machines may be used to attack these companies via trojan horse programs. This means that even though you may not believe your computer has anything on it a hacker may be interested in it's not the information the hacker needs it's the machine the hacker can use to attack another target.  Protect yourself by using the Defense In Depth (DID) approach. It's cheaper than talking to the FBI or Secret Service.

Back to Top

What is a Firewall and Do I need one ... ?

A firewall is a piece of software or a combination of software and hardware that protects a system or network from direct intrusion at the TCP/IP layer (The Internet). It usually is a separate device that has a connection that looks out toward the Internet and another network interface that faces in to connect to the internal network but not always.  The line between these two interfaces is called the demilitarized zone (DMZ).  It forms a barrier and can provide a range of protective services.

firewall.diagram2.gif (11293 bytes)

  1. Port blocking with monitoring.
  2. Port blocking and Network Address Translation (NAT) to an internal private network with monitoring.
  3. Port blocking and Network Address Translation (NAT) with proxy cache and network monitoring.
  4. Port blocking and Network Address Translation (NAT) with proxy cache and network monitoring and sliding translated ports.

The level of sophistication that a customer can use is based on the size of the network and the risk the user may have using the Internet. Single workstations may only use a software based firewall to protect them from the most common types of  intrusion whereas a company like a bank or power company will have to use the most robust type of firewalls to protect their internal network.

Do I need a firewall,  well Yes and No. If you are running Microsoft anything a firewall is almost mandatory as a beginning step to protect a network from being hacked. Microsoft by its' very design allows programs to run in the core space of the operating system instead of a protected memory space. For a desktop, this is ok provided you don't mind programs having access to the entire machine, but to a hacker this is heaven. Running machines with file and print sharing turned on and no firewall is an open invitation to having someone cruise your network without you knowing. A firewall can help but it is only one part of the solution to stopping systems from being hacked.

Although providing safety to the network to a large extend, a firewall is still not able to protect the company data from Viruses and Trojans, although some firewalls do provide for scanning everything being downloaded, the rate at which new HTML, Java and other viruses are propping up, it is becoming very difficult for firewalls to detect all viruses. Anyway firewalls provide no physical protection to the networks. It also provides no protection from fire, tornadoes etc. Yet another shortcoming is the fact that if the attacker is able to break into a trusted system which is provided access by the firewall, then he can easily gain access to the data at your network, as the firewall will think that he is actually the trusted party.

See Defense In Depth.

For more information on Firewalls see the white paper firewalls demystified.

Back to Top

What is Disaster recovery... ?

Disaster recovery is the plan, equipment and preparation used to recover critical business systems in the event of a disaster. It encompasses everything from physical planning of alternate operating sites for a company should a disaster occur, to a simple backup schedule. Disaster recovery is used as a strategic part of Defense In Depth strategy to help a business recover from a disaster.

Disaster Recovery

Key areas to consider include:

 

Back to Top

What is a Virus or a Trojanhorse ... ?

These programs are sent to people in Email, embedded in HTML, Java, Visual Basic, pictures, and streaming video. They are used to do everything to the target system from erase the disk drive to remotely take the system over and either steal information from it or  to use it to attack other machines. Like a virus in humans it is spread from machine to machine usually through email and in the case of the visual basic virus and trojan horse programs it is specifically targeted at Microsoft Outlook and Exchange as the method by which it is spread.

Back to Top

Is there anything such as a secure Operating System ... ?

Microsoft Windows machines are the most hacked system on the Internet. Macintosh is the least hacked and most secure commercial system on the Internet. Novell Netware ranks second as the most secure commercial server system available. Unix systems may suffer the same number of attacks as Microsoft system but they grew up on the Internet and have more tools and defenses built in to them to ward off attacks by hackers and are therefore more secure and just as productive as Microsoft systems. The most popular and secure webserver system is a version of Apache running on SUN Solaris, Free BSD, BSD, and Linux on Intel and IBM hardware running TurboLinux, Susie, and Redhat Lunix including the 390 mainframe touting an uptime of 99.999% with no reboot. 

The most secure OS in the world against attack today is a secure version of Linux offered free over the Internet by National Institute of Standards and Technology (NIST) and the National Security Agency (NSA).  It is based on the Linux 2.X kernel and has extensive hardening to allow the user to completely control what runs on the system and when it is running. Choosing which to use is going to be based on what you need to do as an individual or business. General operating systems like the above do pretty much the same thing regardless of which group they come from. It is as easy to have say an all Microsoft shop as it is to have a completely Microsoft free shop.

Back to Top

How can I tell if I've been hacked ... ?

Check out your machine. Does it do strange things like open up windows randomly when nothing else is going on or lock up without any reason? Does the disk drive go off constantly and the system slows down even when you may only have only one application running?  Even if your only connected to the Internet via modem, has your machine ever turned itself on and you found it running when you know you shut it off before you left home or your office ? If so you might be the victim of a hacker or virus program acting as a Trojan horse that uses your system to attack other systems on the internet. If you suspect that this is what is going on then get the system checked out by a specialist. There are many good diagnostics available like Norton and Mcafee that can help you determine the extent or nonexistent of the hack or virus. If you have been hacked disconnect the system from the network until you can fix it.

Back to Top

Email GreenRiver
GreenRiver Communications Inc.
Copyright GreenRiver Communications Inc. All rights reserved.
Revised: January 07, 2004.