Computer protection

Firewalls can reduce the threat of exposed networks.
Author:
Publish date:
Updated on

Security issues have evolved over the years. Early on, security was a simple matter. Access to a central mainframe was only available through dedicated, hardwired terminals. If anything bad happened to your system, it was not hard to track down the culprit. As standalone Mac and PC systems began to appear on desktops, the main security threat was through viruses acquired by downloading tainted software.

Today, many computers, even mobile ones, are connected to the Internet all the time. Almost all corporate networks have multiple connections to the Internet. It is much more likely that a computer system will be affected by tainted e-mail or by a break-in attempt over the Internet rather than from a virus distributed in a computer program.

Broadcasters are particularly sensitive to threats. This is because almost all the systems that create and play out programming are dependent on desktop operating systems and applications.

In many cases, computers are more useful when they are connected together than when they operate separately. But when computers are connected, they are exposed to security risks. To protect against these risks, you must first understand them.

Secure passwords

The first obvious threat is that someone gains access to your computer by guessing your password. You can easily reduce this threat by using the protection provided with your computer. Most computers have power-on passwords. Once activated, you have to enter the correct password before you can boot the system.

You can also use the password protection built into the operating system. Screen savers can be set to blank the screen after a set amount of idle time. Once the screen is blank, a password must be entered to return to normal operation. Many operating systems also require you to enter a username and password to sign-on to the computer.

While the threat of someone using your computer is real, it is a relatively low-grade threat. The reason is that as networking technology has become more pervasive, it is not necessary to gain physical access to a specific piece of hardware. In many cases, the data you are trying to protect is not located on an office computer. Instead, it is stored on a server somewhere on the network.

An attacker's objective may not be to gain access to data at all, but instead to disrupt computer systems at a facility. The attacker does not have to be physically present to stage a successful attack.

A more serious problem is password theft, which offers access to a network containing confidential information. Usually this password can be used from any location whether inside or outside your facility.

How do people get your password? Professionals say that most of the time they get passwords by guessing them. Birthdays are a common choice, and so are the names of the person's children and pets.

To make your password more difficult to break, it should not be obvious, and it should include punctuation or numbers. If possible, you should choose a password that is not in a dictionary. If you have even basic knowledge of a foreign language, a non-English password can be a good choice as well.

Detect viruses

Viruses can cause major problems on your network. Viruses are most commonly passed via e-mail programs or embedded into documents.

One way to defend against viruses is to use antivirus software. When installed, this software patches into the lowest levels of the operating system, detecting incoming e-mail, disk operations and other functions. The scanners look for data patterns or signatures of viruses in files, and most of them also look for system behavior that might indicate that a system has been infected — sending out the same e-mail hundreds of times, for example.

Most scanners also detect potentially malicious activity, shutting down the offending application if it appears to be causing problems. These scanners automatically check files before your programs access them to ensure that they are virus-free.

Viruses mutate quickly, so all popular virus-scanning software comes with an update service. The updates train the program to recognize new viruses that have been identified since you purchased the original program.

Firewalls blocks

While stolen passwords and viruses can be serious internal threats, attacks also originate from outside your facility. Many companies and even home users employ firewalls to provide security from attacks over the Internet.

Firewalls perform several security functions. First, they filter all incoming Internet packets, allowing only authorized traffic to pass through. Second, they conceal the IP addresses of internal machines from the Internet using Network Address Translation (NAT). This makes it difficult to locate and attack a machine inside the firewall (although you should not rely on this exclusively to protect your systems).

NAT changes the source IP address of packets generated inside the firewall so it appears that the message originated from the firewall itself. In Figure 1 on page 26, you can see how any messages coming from the internal desktop PC with an IP address of 192.168.1.3 will be modified so that the PC on the Internet sees them as originating from the firewall with an IP address of 62.123.4.23.

A third way a firewall can protect computers is by concealing ports inside the firewall. It may do this by responding to port requests that come from the Internet in specific ways. For example, if the firewall uses stealth to hide ports, a computer making a request on the stealth port will not receive a response. Computers on the outside of the firewall cannot determine whether a computer associated with that port exists. Or, the firewall may respond to requests on all ports as if they were active, concealing the truly active ports in a sea of false-positive responses.

If you have a desktop system on your local network and you set it to share files with others in your group, without a firewall, that sharing will likely extend to the Internet. A firewall, which is programmed to block the ports associated with filesharing, will block requests from the Internet to that port on your computer, preventing people on the Internet from viewing your files. (See “Well-known port numbers.”)

Firewall test

Are you curious to see how well your company's firewall conceals your desktop computer's identity? Then visit www.grc.com. Scroll down to the “Shields Up” link, and run the tests. These tests will reveal whether your computer is advertising its existence to other computers on the Internet. They will also identify whether the particular ports on your system are visible to the outside world.

The best way to protect broadcast operations networks is to avoid direct connections to the Internet. Unless there is a good reason to do so, on-air systems should not connect to the Internet.

Consider limiting interconnection of this network with any other office networks as well. If you have to connect your on-air network to the Internet, be sure to install a good firewall, and check the performance of the firewall regularly.

Take advantage of support packages that are available with many firewalls. These support packages include maintenance updates that improve the protection of the firewall system.

Well-known port numbers Service Port Description SSH 22 Secure Shell (secure terminal emulation) Telnet 23 Telnet terminal SMTP 25 Simple Mail Transfer Protocol HTTP 80 Hypertext Transfer Protocol (Web) Kerberos 88 Secure communications protocol POP3 110 Post Office Protocol version 3 For a list of port numbers from the Internet Assigned Numbers Authority, visit www.iana.org/assignments/port-numbers.

Brad Gilmer is president of Gilmer & Associates, executive director of the Advanced Media Workflow Association and technical facilitator of the Video Services Forum.

Send questions and comments to:brad.gilmer@penton.com