p. 1

compliments of any port in a storm

[close]

p. 2

the author and publisher have taken care in the preparation of this book but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions no liability is assumed for incidental or consequential damages in connection with or arising out of the use of the information or programs contained herein all trademarks are the property of their respective owners publisher linda mccarthy editor in chief denise weldon-siviy managing editor linda mccarthy cover designer alan clements cover artist nina matsumoto interior artist heather dixon web design eric tindall and ngenworks indexer joy dean lee interior design and composition kim scott bumpy design content distribution keith watson the publisher offers printed discounts on this book when ordered in quantity for bulk purchases or special sales which may include electronic versions and/or custom covers and content particular to your business training goals marketing focus and branding interests for more information please contact u.s corporate and education sales 510 220-8865 except where otherwise noted content in this publication is licensed under the creative commons attribution-noncommercial-no derivative works 3.0 united states license available at http creativecommons.org/licenses/by-sa/3.0/us/legalcode isbn 978-0-615-37366-9 library of congress cataloging-in-publication data mccarthy linda own your space keep yourself and your stuff safe online linda mccarthy isbn 978-0-615-37366-9 electronic 1 computer security 2 computers and children 3 internet and teenagers 4 computer networks-security measures i title visit us on the web www.100 pagepress.com download free electronic versions of the book from myspace http www.myspace.com/ownyourspace and facebook http www.facebook.com/ownyourspace.net and from own your space http www.ownyourspace.net rev 2.0

[close]

p. 3

chapter 13 any port in a storm it was friday evening prime time for playing rounds of online games with friends from school douglas a 15-year-old boy from novato california had as usual gone straight from the dinner table to the net douglas is a serious gamer he has every game system on the market he even has two microsoft xbox 360s a sony playstation 3 and a nintendo wii in his bedroom needless to say he also spends time playing his favorite game world of warcraft on the internet in the middle of the game he lost his connection and was dropped from the gaming site the following message flashed across his computer screen connection lost out of bandwidth douglas was annoyed that he couldn t finish his game and had no clue what that message meant he started to wonder if he d been dropped off because of the firewall on his parents network douglas turned off the firewall entered the gaming site and began to play his favorite game again no drop off this time douglas decided to leave the firewall off while he was playing his game on the internet except where otherwise noted content in this publication is licensed under the creative commons attribution-noncommercial-no derivative works 3.0 united states license available at http creative commons.org/licenses/by-sa/3.0/us/legalcode isbn 978-0-615-37366-9

[close]

p. 4

176 chapter 13 while turning off the firewall sounded like a good idea to douglas that wasn t the problem in fact that created a new problem because turning off the firewall opened the door to his parents home network to hackers the bandwidth problem had to do with the network in douglas s house he really didn t have enough bandwidth coming into his house in the first place in this chapter you will see how you can test your bandwidth for free also this chapter talks about some of the basics of networking and why firewalls are a critical component of security 13.1 so what s a network a computer network is a group of computers that are connected sometimes this is a physical connection using wires cables telephone lines or some combination of the three sometimes as with hot spots and wireless networks there is no physical connection in all cases however the computers within a network are connected in a way that allows their users to share resources like files and/or physical devices like printers at school the school s network is what allows you to create your research papers in one computer lab but pick up your printout in another this is also what allows your teacher to enter grades at the computer on her desk and pick up printouts of student progress reports in the teacher s lounge computer networks have been around for a long time and several technologies have been developed to enable computers to communicate one of the most successful is a technology called ethernet invented by bob metcalfe in 1973 ethernet ethernet lets computers on a local area network lan such as in an office building connect to one another and to other network resources such as servers today s computer networks come in many shapes and sizes they can be huge a major university might have a computer network that connects thousands of students faculty and staff a computer network can also be quite small consider the network at douglas s house that network connects just three computers one for douglas one for his mom and one for his dad because they re using network technology the whole family can use the same internet connection and send files to the same printer.

[close]

p. 5

any port in a storm 177 regardless of their size all networks work pretty much the same way and provide the same functions that is they all use one protocol or another to allow the computers and other devices in the network to talk to each other and they all provide shared access to network resources it s also possible for some resources in a network to be shared by some users but not others this is why you can t send files to that printer in the teacher s lounge protocol other a protocol is a set of rules that computers use to communicate with each the world is literally filled with computer networks one network can include all or part of another network for example the computer in your mom s home office is obviously part of your home network however it might also be connected to your mom s work network it s also part of a network that includes all the machines that use the same internet service provider isp and all of those machines are also part of the massive world wide web so we have networks inside networks inside other networks isp internet service provider this is the company that provides the network that allows your computer to connect to the internet.

[close]

p. 6

178 chapter 13 13.2 how networks communicate tcp/ip being part of a network is like being part of a community in a community life runs smoothly only when the people who form the community talk to each other to share community resources the members of the community need to communicate in ways that everyone can understand computer networks are much the same for computers to share resources they need to communicate using a common language in computer terms that common language is called a protocol a protocol is just a set of rules that computers use to communicate with each other tcp/ip is the protocol used most often to communicate on the internet tcp stands for transmission control protocol when you transmit something you are sending it somewhere thus a transmission is whatever it is you are sending so tcp is the protocol that controls how things are transmitted on the internet in specifics tcp works by sending data in blocks called packets when data is sent over the internet it is divided up into blocks of data called packets ip stands for internet protocol and describes how computers send those data packets from one computer to another tcp/ip the protocol that most computers use to communicate on the internet 13.2.1 ip addresses for data packets to travel safely from one computer to another the control protocol needs to know where the packets are going it needs an ip address to send the packets to it also needs to know the address the packets are coming from so that it can send a reply back to let the sender know that everything arrived safely just like your house has a mailing address every computer on the internet has an ip address each ip address contains four groups of numbers separated by periods for example 192.168.1.1 is an ip address depending on what kind of internet connection you have and how your isp assigns addresses you may have a static ip address or a dynamic ip address.

[close]

p. 7

any port in a storm 179 a static ip address is always exactly the same like your house address that address is assigned when the house is built and it stays the same as long as the house is there while your house address is assigned by the post office your computer s ip address is assigned by your isp or possibly by indirectly connected machines if you have a private home network the advantage of having a static address for your house is that once a person learns your address that person will always know your address with ip addresses this is a disadvantage once a hacker learns a static ip address he would always know how to get back to that specific computer a dynamic ip address is issued when you connect to the internet on any given day and you keep that address only until you log off the internet or shut down your computer the next time you connect to the internet you get a new and probably different ip address dynamic ip addresses help to protect you from being targeted repeatedly by a hacker trying to break into your computer your isp assigns dynamic addresses from a pool of addresses available to that isp the protocol that manages the assignment of ip addresses is called dhcp dynamic host configuration protocol dhcp dynamic host configuration protocol dhcp is the protocol that an isp uses to assign dynamic ip addresses whether you have a static ip address or a dynamic ip address depends on two things 1 what type of internet connection you have and 2 the policies of your isp if your connection is always on and you have a static ip address attackers have a better chance of being successful at attacking you it s simple to see that if you always have the same ip address you are easier to find that does not mean that dynamic ip addresses are safe however to find your ip address first make sure that your computer is connected to the internet now click start all programs accessories command prompt this will open a command prompt window.

[close]

p. 8

180 chapter 13 enter the ipconfig command at end of the c prompt line the window that displays next lists your ip address.

[close]

p. 9

any port in a storm 181 now shut down your computer and router and restart both of them connect to the internet again and issue the ipconfig command a second time if the address it returns matches the address it gave you the first time you have a static ip address if the two addresses don t match you have a dynamic ip address you can also find the ip addresses for other computer systems by using the ping command for example to find the ip address for google click on start all programs accessories command prompt to again open a command prompt window then enter the command ping www.google.com the dialog box that displays next shows the ip address for www.google.com under reply from as we just pointed out an ip address is similar to your home address once you have an address to a house you can knock on the door and you might get in when you find the ip address to a computer system you ve basically found the front door to protect the front door to your network you need several layers of defense including a firewall 13.2.2 data packets tcp/ip works by splitting messages and files being sent over the internet into chunks called packets each packet contains part of the message or file plus the address of its destination.

[close]

p. 10

182 chapter 13 in this type of communication the computers sending data back and forth are called hosts the computer sending the packet is the source host the computer receiving the packet is the destination host both hosts use the same protocol to make sure that the packets arrive safely and in the right order imagine that you were sending a book that you d written from your computer to your teacher s computer when you send the file containing the book the controlling protocol would first split the book into smaller sections packets while actual data packets are considerably smaller to make this simple let s imagine that each chapter becomes a packet if there are six chapters in your book there would be six data packets each packet would contain a separate chapter plus the ip address of your teacher s computer the control protocol would also add sequence information say the chapter number to make sure that when the packets are assembled back into a single file at your teacher s computer the chapters are still in the correct order this makes sure that chapter 1 comes first chapter 2 second etc to make things even more reliable the control protocol on your teacher s computer would send a confirmation back to your computer letting it know that the packets arrived safely 13.2.3 confirmation there are actually a number of protocols that computers could use to communicate tcp/ip is simply the most common some communications use a different protocol called udp instead most internet connections however use tcp/ip because it s considered to be more reliable tcp is considered more reliable because with tcp the computer sending the data receives confirmation that the data was actually received udp doesn t send confirmations this makes udp faster than tcp but not quite as reliable in some cases that s ok knowing that something actually made it to the destination is important for some programs and not for others 13.3 port of call where an ip address identifies the general location of your computer the specific locations through which data actually gets into your computer are called ports you can think of a port as a door into your computer unlike your house which

[close]

p. 11

any port in a storm 183 probably has only two or three external doors your computer has 65,535 ports some of these ports are allocated to specific applications for example aol instant messenger uses port 5190 http the protocol used to communicate on web pages runs on port 80 and port 8080 when we say that an application runs on a specific port what we really mean is that the application uses a service program to monitor that port thus im runs a service that hangs out at port 5190 it listens at that port for communications to arrive and responds when it detects those communications you can think of these services as doormen they wait at the door to see who knocks when someone does knock that is data arrives at that port the doormen services follow the rules protocol they ve been given to decide whether or not to let the knockers in attackers routinely scan the internet looking for computers with open unprotected ports this is called port knocking to protect your computer and its data you need to make sure that your ports are protected port knocking scanning the internet looking for computers with open ports as you learned earlier some applications run on specific ports of course there are 65,535 available ports you can specify access for services on specific ports through your firewall your firewall functions as a bouncer at an exclusive club it has a guest list of exactly who is allowed in at which port thus firewalls block access to ports that are not being used for specific applications a firewall that is configured correctly won t accept connections to ports unless it s specifically told to do so to protect your computer and its data you need to make sure that your ports are protected the list of ports and services is too extensive to cover here you should visit your firewall vendor s site to see what ports and services are recommended and which ones are considered risky another good place to learn about ports and services is www.grc.com while you re still learning about firewalls a simple step that you can take to protect your computer is to simply turn off your computer and router when you re not using them think about it hackers know that many home users leave their systems turned on and connected to the internet for convenience therefore it makes sense to turn off your computer and router when you are not connected to the internet.

[close]

p. 12

184 chapter 13 13.4 a bit more about bandwidth bandwidth is the speed at which data is sent over a communication line bandwidth measures how quickly your pc communicates with the internet our gamer douglas was dropped from the game he was playing over the internet when the message you are out of bandwidth flashed across the screen like most users douglas never wondered how much bandwidth he had until he ran out do you know how much bandwidth you have after douglas ran into the bandwidth error his mom checked her cable bill and the website for her cable internet service she was paying for a bandwidth of 3 megabits per second but when she checked the actual bandwidth she was getting it turned out that only 1.7 megabits was available she was paying for more than she was getting when she complained to her isp they immediately coughed up the extra bandwidth if you re worried about a similar problem there are a number of places on the internet where you can run a bandwidth test on your system for free one safe site is www.bandwidthplace.com your potential bandwidth will depend on the type of internet connection that you have 13.5 rings of fire when you started reading this book you probably had no idea you had 65,535 available ports on your computer watching and blocking all those doors to your computer is one of the most important security jobs you need to fill we ve already

[close]

p. 13

any port in a storm 185 talked about a number of products and techniques you can use to protect your computer a firewall is one more important layer of defense while you absolutely need a firewall it is only one piece of the security protection puzzle using a firewall does not eliminate your need for other security products such as antivirus and anti-spyware programs unless your firewall comes as part of a bundled security solution some security products aim to provide a total or near-total solution to security problems by bundling a whole bunch of different types of protective software into a single product firewalls do protect against hackers an intrusion occurs when an attacker takes over your computer system many difwhat firewalls ferent techniques are used to hijack systems can and can t do this way hackers might break into your firewalls can protect against hacksystem to leisurely poke around your files ers and enforce security policies but they can t make you behave and read personal data they might use your and they don t protect against resources launch a denial of service dos embedded attacks attack or steal your personal or financial information firewalls can help to protect you against many of these attacks by keeping you aware of when an outside program tries to access your computer through its ports or a when program running on your computer tries to access the internet firewalls do enforce security policies firewalls also enforce security policies to provide protection from inside out the library has a firewall your school has a firewall even corporations have firewalls in each case the firewall has probably been set to block access to certain sites your school doesn t want you to visit sites with inappropriate or obscene material that your parents might object to your library has probably blocked access to free email accounts many libraries do this so that the computers intended to allow patrons to complete internet research aren t always filled with people checking their email in all these cases the firewall s actions represent a policy that was established for a reason if you re behind a firewall and decide to try to figure out a way around

[close]

p. 14

186 chapter 13 it you know that you really shouldn t be doing that what you might not know is that what you are doing might be logged by the firewall firewalls don t make you behave you already know that just because a babysitter comes over doesn t mean kids will behave they may not jump out the windows but that s not to say they won t play guitar hero til the wee morning hours like a babysitter a firewall only has so much control a good firewall will enforce the security policies it s been set to enforce firewalls are not in place to make usually that means that it might block ceryou behave tain sites or prevent certain programs from marcus ranum inventor of accessing the internet what it won t and the first firewall and the security can t do is make you behave online your expert who connected the white firewall has no say over what you type when house to the internet iming your friends which sites you visit unless they re specifically blocked or what kinds of email you send those things along with the rest of your online behavior are the products of your choices not your firewall firewalls don t protect against embedded attacks firewalls also don t protect you against data-driven attacks these types of attacks are initiated by an attack tool or malware that you inadvertently download or receive as an unwanted email attachment when these attacks come in the form of malware that s downloaded without your knowledge or permission they are sometimes called drive-by downloads for more details on avoiding drive-by downloads please read chapter 3 nasty ware 13.5.1 so what s a firewall a firewall is a piece of software that protects your computer or your entire home network by controlling the type of traffic that s allowed to pass between networks in many ways your firewall is like the lock on the front door to your house your front door lock keeps thieves potential attackers and nosy neighbors out of your house by monitoring traffic to and from your computer and watching programs that communicate with your computer your firewall performs much the same functions it functions as the lock on your computer s front door to the

[close]

p. 15

any port in a storm 187 internet either permitting or denying program requests to send data into or out of your computer or network firewall a piece of software that controls the type of traffic that is allowed to pass between networks amazingly many people don t know whether they re using a firewall some users actually have a firewall and don t even know it if your home computer is networked you may already have a firewall included in your router a router is the physical device that routes information between devices within a network the major function of a firewall is to control traffic coming from or going to the internet let s go back to douglas s house on his network a comcast cable modem is connected to a linksys router the family computers then connect to the internet through that linksys router from the internet the only device that can be seen is the router the family computers are hiding behind that router the router passes along i.e routes all information going to and from the internet in no way can information get to or from any computer in douglas s house without passing through the router because a router protects the machines it routes data to the router functions like a grand entrance way that makes it a logical position for a firewall router the physical device that routes information between devices within a network of course the router is not the only place you ll want a firewall you should also have a personal firewall on the pc itself the personal firewall will allow you to monitor the applications running on your computer and restrict when and if those programs are allowed to send data to or from your computer using a personal firewall also provides a second layer of protection just in case a hacker compromises the firewall on your router with only the router firewall a hacker who compromises the router firewall can easily access any computers connected to that router add a personal firewall and that hacker has only made his way through your first line of defense.

[close]