Home users facing security fears

In the last few months, as cable and DSL modems have spread, I've been hearing from increasing numbers of readers who are concerned about the security of their computers.

The problem: Since their PCs are attached permanently to a network, they're sitting ducks for hackers. This is a sharp contrast to dial-up connections, which are rarely connected long enough for problems to develop. The fast lane of information superhighway, it turns out, runs through some rough network neighborhoods.

Alas, I'm one of the unlucky ones who can't get broadband (well, maybe not that unlucky: I live on the beach). So I had to go out out and find myself some expert consultants on this one. That turned out to be a lot easier than I expected -- there are a lot of real sharp computer people who hang out on the mailing list for Cablevision's cable modem users at egroups.com.

Here's the deal: No reports of doom and destruction, but there's been a high level of testing. Metaphorically speaking, hackers are rattling the doorknobs, checking the cellar windows, prying at the skylights and inspecting the locks.

According to Bob Menak, ''Between Feb. 6 and yesterday, there were more than 80 scans of my home computer.'' Person or persons unknown were running software that systematically rummaged through the Cablevision Optimum Online network. DSL users have similar problems.

Detection software determined that some were looking at whether he had enabled his computer to share its files over network so they could snoop at his disk drive.

Others hoped to find a copy of PC Anywhere, a remote-control program that would, if it were incorrectly installed, allow them to completely take over his computer. Still others sought a hacker tool known as Back Orifice -- a virus-like program that can be spread inadvertently by e-mail. As with PC Anywhere, it too gives the hacker total control. Fortunately, none of these vulnerabilities existed.

''Any time you allow your computer to be always on a network ... you'd have the same problem.'' says Wilt Hildenbrand, senior Cablevision vice president for technology and engineering. Adds his opposite number at rival Bell Atlantic, Jeff Walvhuter, ''What's happening in the mass market is what happened to business going back 15 years ago.''

Back then, only a phone company, a bank, or maybe a government agency with three letters in its name would receive this kind of attention. But now there are about 2 million ordinary home computer users facing the same kinds of problems with their cable modem and DSL (digital subscriber line) connections. Both Bell Atlantic and Cablevision have begun recommending that users pay more attention to who's fooling with their computers.

Who are these intruders? According to Neil Maglothling, a computer professional on Optimum Online, paranoia isn't necessarily in order. ''Cablevision regularly scans for ftp servers, http servers, etc.,'' all of which are banned because they potentially use too much scarce bandwidth.

''But there are still plenty of scans from the general Internet. I have also logged scans from other Cablevision users. Kids? Sure. There were some scans from former Eastern Bloc European addresses that did have me concerned. I suspect they were not from kids, but who knows?'' College students -- as evidenced by the large number of suspects coming from .edu addresses -- are another big problem, he said.

Not too surprisingly, home users are turning to precisely the same techniques that have been used in business, government and academia to hold hackers at bay. The hottest subject on broadband newsgroups today is home computer security -- war stories as well as hardware and software products to keep the bad guys out.

While actual damage or theft appears rare, Menak's experience with repeated probing is common. Does it ever get any worse?

''I don't know of a lot of people who have been penetrated,'' said Hildenbrand, ''But then, you don't always know if you've been penetrated.''

Computer security professionals and experienced users say there are a few steps you can take to protect your broadband connection, ranging from no-cost, no software, to elaborate hardware-based firewalls. You can even become an amateur sleuth and track down anyone who scans your computer.

First, vandalism is more common than theft, so keep backups of all important documents; when you're not using your computer, turn it off.

Second, get a quick preview of the holes in your computer's security by linking to a Web site that performs security scans and simulates what a hacker would do if he had a chance. This is usually an eye-opener, because even if you think you know what you're doing, you may have goofed.

Broadband users give good marks to Gibson Research Corp.'s ''Shields Up'' site www.grc.com/default.htm. To use it, you download a little utility called IP agent that gives you the current address of your computer as the rest of the Internet sees it. This is probably a good idea, since even experienced users can get confused by the dynamic addressing schemes some broadband providers use; some users rescan regularly in case they've inadvertently alternated network setting.

Other scanner systems are available at www.hackerwhacker.com and www.dslreports.com.

The next step: manually close the holes. Gibson gives detailed advice on how to do this for the specific problem found. ''I picked up a lot of really good stuff on GRC,'' says Menak.

The two most common, and readily exploited issues, are file sharing and printer sharing. Basically, if you log onto a broadband network with file sharing enabled, you may well end up being visible via the ''Network Neighborhood'' icon on the Windows desktop. Any time you see a little hand underneath the icon for a disk drive or folder, it means that object is potentially available to hackers.

The trouble with turning off file sharing (in the Control Panel, click on the network icon and remove the ''File and Printer Sharing'' line) is that you can't share files if you have additional computers connected via a home network. Even if you're not connected to anything else at home, figuring out the setting isn't the simplest thing for a novice.

Enter the so-called ''personal firewall,'' a genre of software that automatically locks up all the common holes Windows leaves in your security. The two products most favored on the newsgroups are Black Ice Defender, ($49, www.networkice.com) and ZoneAlarm (free for personal use; www.zonelabs.com). A newer product that has less of a track record, but good review is: Norton Norton Internet Security 2000 (www.norton.com)

''I run Black Ice on my machine,'' said David W. Pfister, an information systems director and Cablevision subscriber. ''It's probably the best $49 I spent in a long time. It gives me the warm fuzzys during the day when I leave my machine on so I can get to it from work.''

ZoneAlarm is another product frequently mentioned. Some users, like Menak, run both products: The consensus is that Black Ice is better at monitoring what the hackers are trying, and that Zone Alarm does a better job of closing holes.

Still, there are potential problems with software security products: They can be misconfigured by an inexperienced user and may slow down the host computer. Professionals often turn over firewall duties to a dedicated computers -- a possibility for home users, but not the simplest thing to set up.

The alternative: specialized hardware, the price of which has been falling rapidly in recent months.

Neil Mayglothling, another IS pro, hooks into Cablevision with the Linksys Instant Broadband Etherfast Cable/DSL router (www.linksys.com, $199 mail order). The modem-sized box has one connection for a DSL or cable modem, and four more ports into which individual PCs with network cards can be plugged. ''It sits between the cable or DSL modem and the PC and it has the IP address that is visible from the Internet. My PCs sit behind this router using private IP addresses and can't be seen.''

Some users are even fighting back -- resorting, as it were, to vigilantism. ''Get www.neotrace.com,'' said one subscriber to Bell Atlantic's DSL services who didn't want to be identified. ''It tells you exactly where the ... (scanner) is at. You punch in the IP address and it traces every node and hub and then gives you an exact location. I mean address, city, state etc. I then used 411, got his number and called him.

''At first the phone was busy ... When I finally got through he answered and I cursed him out. It felt great.''

Distributed by the Los Angeles Times-Washington Post News Service