By Mike Hodges, Secretary, Tampa PC Users Group
mphs@aol.com
Bruce Register, our program chairman, introduced our speaker, Edgar Duarte Penaloza. Bruce, a Real Estate Appraisal Instructor, had discovered Edgar as a student in one of his Real Estate Appraisal courses. When Bruce discovered that his home PC had been compromised by a mischievous hacker, Bruce engaged Edgar to resolve the problem. Without Bruce’s permission or knowledge, Bruce’s home PC was being used as a remote server. Having been most impressed by Edgar’s knowledge and rapid solution to his home PC security problems, Bruce requested Edgar to come and speak to all of our members.
The presentation again made us realize the value of our membership to keep each of us not only very well informed but also alert to the mischief that hackers can wrought on the unsuspecting PC user. Edgar’s presentation was dynamic and thought provoking, and our questions were numerous. Edgar, a Tampa resident, is a principal of a local computer network solutions company, called Data Communications and Computers Corporation. Edgar comes from Colombia, and had for eighteen years previously been employed by the U. S. Postal Service as an electronics engineer.
Before commencing his presentation of Zone Alarm, a firewall security program, Edgar connected to his AOL account from his HP laptop, utilizing a 56K modem and the Internet Explorer browser. Edgar had found the Zone Alarm software when he needed to protect a real time satellite data-link to an expensive oil field control system located in a remote mountainous region of Colombia. Edgar’s research for a software protection system led him to a technical seminar being held in Arlington, Texas in 1999. There, Edgar met engineers from Zone Alarm, a small California-based company. Edgar presented a power-point presentation he specifically generated for our meeting.
Zone Alarm is a firewall. A firewall is defined as a system that protects your PC so that nothing can enter your PC from the Internet without your knowledge. A good firewall, however, must distinguish between good and bad traffic. Each PC has its unique IP address. Also, each router has its own IP address. A router is itself a hardware firewall of a limited type. However, a software firewall can provide much greater protection from unwanted traffic than a router alone. An identity search routine can pass through a router to capture a user’s PC IP address. Firewall programs are generally very easy to install. Software firewalls nestle between your network card and your Internet connection. The router firewalls are known as NAT firewalls. Advanced hackers can, however, defeat a NAT firewall. Advanced software firewalls utilize Space Packet Inspection (SPI). All transmitted or received data streams are inspected by the software firewall program such that any spaces are closely inspected to detect any inserted packets within the primary data package. The firewall software also inspects to determine the existence of any imbedded “exe” i.e. executable files within the Internet data stream. Often unscrupulous hackers imbed these files in gaming programs and other popular Internet downloads.
Next, Edgar described Trojans and viruses. A virus was defined as a program that attempts to violate the space within a PC and can also reproduce itself out to other PCs. A Trojan is a user-uninvited program that does not reproduce itself but causes mischief within or from your PC. A recently discovered Trojan called BioNet is a Trojan server that exploits the Windows Terminate Process function. The BioNet server permits anyone using the BioNet "Remote control" client on their end to remotely control the victim's machine.
Internet Explorer 6.0 users have been recently cautioned to upgrade to at least version 6.02 to protect from a weakness inherent in the earlier versions of the browser.
The more recent Windows operating systems are considered more secure than the earlier systems. NT and its derivative 2000 operating systems are classified as “administrative state” operating systems whereas the earlier operating systems such as 95, 98 and ME are classified as “fully privilege”. The difference between the classifications is that for each installed program an administrative state system requires a verification by you, the administrator, permitting the individual software to be installed, whereas in a fully privileged operating system, no such intervention is required.
A Trojan detector scans your hard drive looking for Trojans. A Trojan program once imbedded in your PC seeks to take control of your operating system. A good firewall program will verify that the incoming ISP is who they claim to be and will also verify that your transmitted IP address is yours and yours alone. Protection in the form of a firewall with a good anti-virus program is highly recommended. Once your firewall has detected an intrusion attempt, it is recommended to reboot your PC. Cable and DSL or other broadband systems are considered particularly vulnerable as users are generally continuously connected to the Internet. Port 53 is the domain name connection.
A “sniffer” is either a small but expensive computer or a piece of software that examines network traffic.
Depending on the type of operating system you use, one can identify your own IP address by inspecting the contents of “winipcfg” or “ipconfig”. Use your “accessories” program file to reach DOS Prompt. Type in “ipconfig” or winipcfg” and the IP address will print out for each installed Ethernet adapter.
The Zone Alarm Pro was demonstrated. The firewall software maintains a log of all attempts of Internet data passage. Inspection of the log from Edgar’s PC showed that Windows Explorer made many attempts to transmit data. A visit to the site http://www.grc.com, demonstrated that the Zone Alarm program was protecting the Edgar’s computer.
Zone Alarm retails for approximately $40. u
August presenter Edgar Duarte Penaloza