next up previous
Next: Getting Help, and Beyond Up: Networking Basics Previous: Addresses

Network Security

While you are logged on, every computer on the Internet can initiate connections with your computer using your IP address. Consequently, you need to make sure no one can read or write data or run programs on your computer while you're connected. There are easily available programs for scanning whole domains (such as all computers whose address is 192.80.xxx.xxx), so you are not exactly a needle in a haystack, but more like one fish in a school, trying to avoid a driftnet. These scanning programs do not break into your machine directly, but rather return data on possible vulnerabilities to the person running the scan, for possible use in a break-in. If you are connected to the Internet for more than an hour, you may assume you've been scanned.

Networked computers communicate via ports, which are analogous to ``apartment numbers'' on the IP address. The medium of communication is called a network packet. A machine that wants to view a web page at the Holy Cross math department sends an appropriate packet to 192.80.94.133:80, port 80 on the Holy Cross Math/CS web server.20 The web server runs a program (a network daemon called httpd) that does nothing but wait for requests on port 80, and respond when requests come in. Your new GNU/Linux box is no different; it has perhaps a dozen daemons running constantly, waiting for network requests on as many ports.

If sent the proper data, these daemons will send data to the computer that initiated the query,21 or will offer a login or file-transfer prompt. If the machine that sent the request is owned by a computer vandal, they can attempt to log on to your machine by guessing a username/password combination, which may not be difficult if your user password is not well-chosen.

Protecting your computer begins with finding unnecessary services and open ports, and closing them. You can also configure your computer not to reply to requests for connections, and indeed to ignore all network packets except those you have specifically requested (from a web site you're visiting, or from your ISP). None of this is foolproof, but these safeguards are more than enough for a home user. Linux 2.2.x uses a program called ipchains to handle network packets; the 2.4.x kernels use the more powerful utility iptables. There are several How-to documents on networking and security.

The bright side of network security is that most crackers and vandals are interested in high-profile commercial, educational, and government sites, and in computers that are permanently connected to the Internet. The reason is not hard to fathom; only if your computer has a permanent address can the cracker reliably locate it from day to day. Crackers are typically not interested in your personal files (which is no reason to make files carelessly available for worldwide viewing), but are instead trying to find systems on which they can store pirated programs (``warez''), install malicious software, such as daemons used in ``denial of service'' attacks on prominent sites, or from which they can conduct further break-ins (which causes investigators to come looking for your machine when the cracker's activity is discovered).


next up previous
Next: Getting Help, and Beyond Up: Networking Basics Previous: Addresses
hwang
2001-10-31