Example
There is no sure-fire cure against hackers. For example,
the following e-mail is a common way that hackers compromise
user accounts:
From: "Your-ISP Security"
To: bob101@your-isp.net
Subject: Account Policy Violation
Dear Customer,
On the date of Nov. 3, we detected a violation of our Acceptable
Use Policy (AUP). The terms and conditions of your service are clearly
spelled out in the document located at:
http://www.your-isp.net/policy/aup.html
However, we understand that somebody could have been spoofing your
account. Please send us your username and password that you used
around the time of Nov. 3 in order to verify if you were on-line
at the time of the incident.
Your-ISP Security
This is an example of a "social engineering" attack. Hackers do
this sort of thing a lot in order to steal people's accounts,
read their e-mail, and so forth. ISPs clearly tell people that
they will never ask for passwords, but messages like this are
carefully designed to fool people into revealing them anyway.
If a user reveals his/her password in this manner, there is
absolutely zero protection that a product could provide. There
is no way to stop this class of attack.
In short, people often expect products to be psychic and to
know the intent of a hacker and automatically block it.
This is impossible.
The different classes of attacks
Following is a general list of the way hackers can attack you. These are
described in more details below.
- social engineeering
- virus/worm
- trojan
- hostile-content
- local
- remote
The above demonstrates the
social engineering
attack. There
is no defense products can provide against this sort of attack; the
only defense is not to trust strangers, no matter how real they
sound. In general, you should believe that any unsolicited e-mail
is false until proven otherwise.
Viruses are one of the most well-known threats,
with an extensive industry designed to protect your machines against them. These are
pieces of computer programs that attach themselves to other programs.
The thing to remember is that viruses are not under control of the hacker;
instead, the hacker has to hope that you "catch" the virus. A variation
of this technique is the Worm, which is a virus
that can sometimes spread itself without human intervention, such
as the Melissa virus that spreads by automatically sending
copies of itself to all your friends.
A trojan is like a virus, except that it is sent to you
by the hacker. A Trojan tries to pretend to be one sort of program,
but in reality may be completely different. Many trojans steal passwords from
your machine, others allow complete remote control
over your machine. Virus scanners can usually find trojans on your
hard-disk, and products like ours can usually block their network
access. However, the best defense is to believe that programs
that people send you are likely trojans or infected by viruses,
and never run them.
A web-site may contain hostile-content
that is designed to attack your web browser. Virtually all web-browsers
ever made have security flaws in them that can be exploited by hackers
in order to compromise your machine. Most of these attacks rely upon
Java, JavaScript, and ActiveX. Therefore, you can usually protect
yourself by turning these features off. The important thing to
remember is that hackers cannot attack you this way if you don't
go to their website.
A local attack is one where the hacker has physical access
to your machine. An example is a coworker that sits down at your
machine to surf porn after you leave for home. These attacks are
impossible to defend against completely. However, they
are easily discouraged through the use of screensavers that lock
your machine when you leave, BIOS boot passwords, and locked
computer cases.
A remote attack is one that a hacker launches against you
from across the Internet. The Internet is a two-way medium, which
means that while you are connected to the net, anybody on the net
can contact you. A common question is: How come when I'm connected
to a website that somebody else can contact me?. The answer is
that it is an illusion that you are connected to a website. The way
the technology works is that you are connected to everything on the
Internet simultaneously. It is like entering a crowded room. While
you may be talking to only a single person in the room, anybody else
can still walk up to you and start talking.
What the product does
Our products protect you against the remote attacks
described above. It puts up a
"firewall" that partially isolates you from the rest of the
Internet. It's designed to allow your outgoing communication
from websites, but block incoming communication from hackers.
Note that this technology is imperfect due to the complex
nature of the problem we are attempting to solve (30% of corporations
with firewalls are still hacked regardless). Sometimes this
firewall will block communication that you want, sometimes it
will allow communication you don't want.
As a backup, the product contains one of the most advanced intrusion
detection systems (IDS) in the world. This system scans the network
traffic in much the same way that a anti-virus program scans your
hard-drive. It scans both the traffic blocked by the firewall in order
to figure out what the hacker is doing, as well as double-checks
the traffic that passes through the firewall.
Note that our products really solve only one portion of security
as outlined above.
Guide to security
To be secure, consumers need to do the following:
- Install a personal firewall system, especially one
like our product that scans network traffic for signs of intrusion.
- Install virus scanning software, which scans files on the hard-drive
for signs of intrusion (both viruses and trojans).
- Never run programs (.exe files) that people send you via e-mail, news, or chat.
- Never give out your password, especially to people who ask for it. Remember
that hackers will try to social engineer you with tricks, such as pretending
to be from your ISP. If someone ever does ask you for your password, no matter
what story they give you, you can be assured that they are trying to hack you.
