ADSL Internet Broadband can leave you open to a broad attack

There are lots of businesses planning to hook into the new high performance broadband Internet services in the next year. The majority are unaware that the advantages of a fast, permanent connection to the Internet can come with some very seriously increased security risks. The ability to get closer to suppliers and customers may not be worth the dangers of a broadband or digital subscriber line link.

ADSL and Cable Broadband links as they are known, are just like any local area network. That means, unless you secure your computers from external intrusion, they may become targets for all sorts of hackers and undesirables.

Having very fast connections at your disposal can also lead to costs spiralling out of control if not carefully managed.

How do hackers exploit vulnerable computer systems?

Broadband users are far more vulnerable to a type of externally mounted attack on the system called a distributed denial of service (DDoS) attacks. In a DdoS type of attack, hackers take control of the computers connected to a broadband network. Then without the owner's knowledge or permission, use them to attack other systems on another part of the Internet.

The unknowing and innocent broadband customer could then find himself or herself involved in litigation if their "zombie" network or computers were found to have been involved in an attack on another system.

What can the "ordinary" user do to increase security?

Given that preventing an attack is always better than trying to cure one after the event, it is always preferable to take preventative measures rather than sweep up the remains afterwards.

Most people are under the impression that home-user grades of the Windows operating system are safe. History has proven that they are not. Businesses especially should be steering away from the 9.x versions of Window and install versions such as 2000 or XP. While certainly not perfect they are far more likely to provide facilities such as encrypted passwords, secure disk storage and authorised users.

Even with these later Windows versions professional setup is critical, because these operating systems make parts of a computers hard drive available to a network users by default. Known as "default shares", closing unauthorised access will prevent unauthorised access to files stored on the hard drive.

Where can information be found on securing systems on the Internet?

There are some good websites available if you are a DIYer. Try starting out with Microsoft's developer website (MSDN), have information on securing Windows from these types of attack.

How do we then prevent illegal access to our systems?

One of the favourite methods of controlling who has external access to a system connected to the Internet is something called a Firewall. They have been around for many years, but unfortunately not all are aimed at small business or are easy to set up.

There are some cheap commercial Firewalls on the market but they usually lack professional features such as the ability to protect virtual private networks and remote reporting capacity. In fact some have also failed to prevent some types of intrusion.

Open-source operating systems like Linux can be a cheaper alternative than Windows based systems for smaller organisations. Although setting up may cost more than with a solution from Microsoft, the low purchase price is often attractive to many small businesses.

Are all the security risks of a "technical" nature alone?

One Australian security survey has shown that changing user attitudes and behaviour toward computer security and the practices surrounding computer systems at large is a very significant concern for most companies.

These studies also found that insider misuse and abuse, especially of e-mail, is more common problem than that of an external hacker gaining access to a system. Employers and system administrators are finding one of the best ways to decrease the risk is by preventing users from visiting sites not related to their jobs.

There is software available which can detail how workers use the Internet. When this is used in conjunction with a firewall and filtering systems, make an good security combination for small and large organisations.

What is this thing called "spyware", is it a cause for concern?

Known as Spyware software such as the KaZa make it easy for computer users to share files with other users on the Internet. These files are more often than not pirated music and videos. These types of files not only make a company vulnerable to copyright infringement litigation they also large and chew up expensive bandwidth in a snap.

KaZaA has been identified as a security risk also because of its complicated user-interface. This encourages users to share everything on their computer’s hard drive, potentially leaving corporate secrets open to anyone on the Internet. Spyware is also known to snoop on a user's actions and then quietly reports them back to unknown third parties.

Anything else to be aware of when bring broadband on-line?

Securing any broadband Internet connection goes far beyond simply attempting to protect systems against hackers. These new high capacity – high performance connections need an entirely new mind set that involves minimising unnecessary access by users to reduce bandwidth costs.

Whereas many "dial-up" Internet connections were charged on a monthly plan and by virtue of their very limited size were almost self policing in download capacity, most broadband Internet Service Providers will charge by the megabyte for data transferred over a set monthly limit. Uncontrolled, unmanaged or unrestricted broadband connections can turn from a great business tool to a very costly exercise all too quickly as downloads grow in size to monstrous proportions

So – what’s the last word?

If securing your system seems all too hard, a final option might be is a Managed Security Service (MSS). Here a specialist in security takes care of firewalls, intrusion detection systems, anti-virus programs, and Web and e-commerce servers. The idea is to leave the business to concentrate on running its own business instead of becoming a technology specialist.

Meanwhile, be suspicious of cut-price providers; deal with a well-known and hopefully local ISP. If you are still not sure, always get references.

Arthur Hissey
Computer Research & Technology
www.crt.net.au