GottaBeSecure: Still More WiFi and the Rookie (Part 3 of 5)
In Part 1 & Part 2 of this series about mobile security, I discussed the dangers of having your data intercepted while using ““open†wireless networks and public wired networks (like the ones you’ll find in your average hotel room). While the adversary I’ve previously discussed has been a hidden, passive enemy, I’d like to point out that open wireless networks and public wired networks provide numerous opportunities for active attackers as well.
By active attackers, I mean hackers that are actively sending data onto the network, directed at your computer. Maybe they’re only mapping the network using a ping sweep (to see how many people are online on the network). Or perhaps they’re port scanning (to find out what network services are available from your computer). Worse yet, they may be actively probing your computer to check for common security flaws. Finding a gap in your computer’s defenses, they’ll likely try to exploit that flaw to gain unauthorized access to your data and files or they might use your computer for their own malicious purposes.
In any case, almost all of this hacker activity happens invisibly from your point of view. These attacks normally don’t produce any visible indication that they’re being attempted or have been successful. Fortunately nearly all new laptops now include a built-in firewall to filter out unsolicited network traffic. Previously computer users had to purchase a ““personal firewall†application to protect their computers from attack. Looking back on those days, one positive feature that most of these personal firewall applications included was live notification each time the personal firewall thwarted a probe or an attack. The firewalls built-in to most new laptops, which are just as effective, don’t provide any notification that a probe or attack has occurred. In fact, the default settings of the Windows firewall don’t even log attempted probes or attacks. To change the standard settings to log attempted probes or attacks:
1. Go to the Windows Security Center (found under your Control Panel)
2. Choose Manage Security Settings for: Windows Firewall
3. Click on the ““Advanced Tabâ€Â
4. Click the Settings button under Security Logging
5. Only then can you check the box that reads ““Log dropped packets†to get a record of incoming connections that the Windows Firewall has blocked (the log is stored by default under C:\WINDOWS\pfirewall.log)
Maybe now you’re wondering, ““Are all public networks infested with hackers waiting to attack you computer?†Probably not. However, hackers are not imaginary bogeymen that only exist in computer security articles. In my travels to hotels, airports, and security conferences I have been scanned, probed, and outright attacked on many occasions (mostly at security conferences, but that’s another story). Sometimes there was an actual person at the other end of the attack. Many times an automated Internet worm was responsible for the attempted hack. In either case, the only indication that the attack was underway was found by examining my computer’s firewall logs or the notification provided by a personal firewall application. Without that firewall the result of the attack (whether human or automated) would have likely been the same: the breach of my computer’s integrity and potential loss of sensitive data. Remember, the Internet can be a pretty nasty place and mobile users are not immune to attack.
Next week we’re going to return from cyberspace and deal with a real-world threat that particularly affects mobile computing platforms. This threat is just as devastating as any hacker or virus—your tablet PC taking a vacation without you.
