The Internet provides the best and most efficient means to
communicate globally; however, attaching a single computer or group of
networked computers to the Internet presents security risks ranging
from simple access to personal/company files to total destruction of
critical information stored on hard drives. We have read about hackers
gaining access into government websites or viruses being spread through
e-mails. Any individual, company or government is vulnerable to a
security breach. Countermeasures are constantly under development, but
hackers continue to find vulnerabilities in PC software and network
The definition of computer security is “the process of
preventing and detecting unauthorized use of a computer workstation or
server.” As a general rule, security issues are most prevalent in
computers attached to the Internet with dedicated, full-time
connections, but can also become a problem with simple dial-in
Use a firewall to protect your network and data from unwanted
A government-funded organization called the Computer Emergency
Response Team Coordination Center (CERT/CC) tracks intruder activity.
It has published Overview of Attack Trends, which documents six
trends that intruders have used to gain access to PCs since 1988.
According to the CERT report (available at www.cert.org), those
1. An increase in the use of software that permits automated attacks
to computer software and hardware systems. The automated attacks
involve four phases:
a. Tools that scan for potential victims are more efficient and are
b. The same tools used to find potential victims can also identify
vulnerabilities as part of the scanning activity.
c. Tools can self-initiate new attack cycles rather than requiring a
person to start the process, such as “Code-Red” and
“Nimda,” which hit global saturation in less than 18
d. Using distributed attack tools, hackers can manage and coordinate
attacks across multiple Internet systems, which permit the efficient
launching of “denial of service” type attacks.
2. The tools used for attacks are becoming increasingly
sophisticated. These tools are more difficult to detect using antivirus
software or intrusion detection systems. These tools possess three
a. Techniques are available that make it difficult to determine the
nature of the attack.
b. Instead of defined sequences, new tools can vary the pattern and
behavior of the attack either randomly, pre-defined or controlled
directly by the intruder.
c. Attack tools are now modular in nature, allowing portions of the
tool to be easily replaced or upgraded in order to quickly evolve and
stay ahead of detection technologies.
3. The time to find and exploit the vulnerabilities of software by
attackers is decreasing. According to CERT, the number of newly
discovered vulnerabilities reported continues to double each year.
Software developers are addressing the problem through able patches to
their software. It is critical that system administrators understand
the vulnerabilities of the specific software used on their network,
regularly download and install software updates, etc.
4. Some protocols designed to work with firewalls are designed
specifically for the purpose of bypassing most firewall settings.
detect and protect systems from malicious software.
5. Through the use of distributed attack tools, it is possible for
an attacker to launch a series of multiple attacks on a single
6. The threat from infrastructure attacks is on the rise. These
a. Distributed denial of service attacks where the intruder uses
multiple systems to tie-up the victim's network, thus preventing use by
b. The use of worms, or specially written code that is
intended to self-propagate, typically without user interaction. Viruses
are similar to worms but require a user to take some type of action in
order to propagate.
c. Attacks on the Internet Domain Name System (DNS). These potential
threats may permit an attacker to gain control of a Web domain for the
purposes of redirecting traffic to another site or modifying data on
d. Routers form the basis for moving data across the Internet.
Attackers have been able to successfully identify poorly secured
routers and use them as a means to generate attacks to other sites or
for gathering information.
Another good source for security information can be found at the
SANS Institute website, www.sans.org, that, in conjunction with the
National Infrastructure Protection Center, has published a top 20 list
of potential threats to computers.
In simple terms, firewalls are designed to prevent unauthorized
access by casual and malicious users on the public network (Internet)
into a private network. The devices fall into three primary types:
packet filter, stateful inspection and the application proxy.
The packet filter is the simplest of the three types. Most common,
low-cost broadband routers, such as those for cable or DSL modems,
generally posses the ability to filter packets based on the user's
An enhancement to the basic packet filter is called stateful
inspection, which permits the evaluation of multipacket flow. An
individual connection table is created for each packet stream and then
comparisons can be performed across a series of packet streams based on
policy established by the firewall administrator.
Firewalls based on application proxy are perhaps the most secure,
making servers appear normal to users authenticated on the trusted
network, while users outside the trusted network will only see the
firewall. The specific IP addresses of networks located behind
application proxy firewalls are hidden to the casual user.
The major flaw with firewalls is that they can only protect traffic
moving through them. If a user on the private network connects to the
Internet in an alternate way, such as a dial-up connection, then
security can be compromised.
McNamara, BE Radio's consultant on computer
technology, is president of Applied Wireless Inc., New Market,
All of the Networks articles have been approved by the SBE
Certification Committee as suitable study material that may assist your
preparation for the SBE Certified Broadcast Networking Technologist
exam. Contact the SBE at (317) 846-9000 or go to www.sbe.org for more
information on SBE Certification.