Always-on means always vulnerable

19 Mar 2004

As recent price cuts look set to increase the adoption of broadband in Ireland, experts have warned that this always-on internet access option carries serious security risks. Cheaper broadband in the form of new DSL internet access may be good news for everyone, but unfortunately that includes hackers.

Hugh Marron, business development director with the security consultancy IP Options, says that with DSL “you’re handing a loaded gun to home users”. Andrew Harbison, manager with Ernst & Young’s Technology Security Risk Services division, says that the high-speed connection turns inexperienced internet users into “sitting ducks”.

Although the risks are essentially the same in nature as with traditional dial-up internet access, they are greatly amplified because a DSL connection is several degrees faster and crucially it can be left on continuously because there are no call charges — it is a flat-rate service. For example, a DSL user could leave their PC on overnight while they download a 500MB movie. During that time, a mass-mailing worm could be sending messages out in the background, unknown to the user.

The always-on connection means that the machine is “wide open” to being hacked, says Marron. The common threats are these: viruses remain a nuisance with DSL although not much more so than they are with a dial-up connection; they still depend on users activating them by clicking on an executable attachment; and they may damage the user’s machine. Far more insidious are worms such as Blaster that can exploit vulnerabilities in the PC’s operating system and don’t require any user intervention — just that the computer be connected to the internet. As a result, systems can be vulnerable to intruders wishing to inflict damage on your machine, or more likely, other PCs.

Conall Lavery, managing director of security specialist Entropy, says that once hijacked, PCs can be used as a mail relay for sending spam. Compromised machines can also be used to launch distributed denial of service attacks against other websites. A DSL connection is particularly attractive for either purpose because it is much faster than dial-up and therefore ideal for sending out large volumes of data.

According to Harbison, code writers behind such prolific viruses as Blaster and Welchia were specifically targeting the security weaknesses in DSL. With dial-up internet access, connection is intermittent and users are assigned a dynamic IP (internet protocol) address; DSL links, however, are static. “If you have a dynamic IP address that changes every time you connect, you’re a difficult person for the hacker to pin down. If you have a static IP address, you are a sitting duck,” Harbison assesses grimly.

While none of the above need deter anyone from investing in DSL, it should give pause for thought. It’s worth assembling a shopping list of security must-haves that will form an essential part of this investment. The belt-and-braces approach recommended by security experts includes that the PC should have up-to-date antivirus tools, have a personal firewall software installed and the machine should be regularly patched. The fast connection speed DSL offers also means that users have no excuse for not downloading essential software upgrades even when they run to several megabytes.

A personal firewall is well worth having and information on a variety of packages is available online, which will at least give details about what features to look for in a product. A firewall will monitor internet-related activity on a PC, providing basic protection and stopping suspicious data packets getting on to or going from a machine.

Informed is forearmed — it’s wrong to assume that it’s the ISP’s job to protect users from online nasties; although many offer some security products it’s not clear how heavily these are emphasised during the sales process.

For example, only 35pc of Netsource’s direct-sale customers opted to buy the add-on package of a personal firewall; although in mitigation half of that ISP’s business is done through resellers and it’s possible that a higher percentage of these customers may be sold firewall protection via the reseller.

Similarly the frequently asked questions list on Eircom’s broadband site contains no reference to security, although in fact the DSL routers supplied to home broadband customers come with a free standards-based firewall. The firewall is customised to provide an additional layer of security by, for example, disabling access to the router from the internet by default.

For an additional monthly fee, Eircom DSL users can also avail of a service that protects PCs from email viruses and spam. Eircom says its sales staff has been trained in selling the features and benefits of security products and operatives can talk users through the potential threats and how to deal with them.

Esat BT only includes a free security software suite with its enhanced DSL offering, IOL Broadband PLUS — the basic package doesn’t include this option. However, the company claims that customers will be informed about the importance of security during the sales call. The Symantec Norton Security 2004 software is supplied as a CD-Rom with the DSL router when it is shipped to a customer’s home.

This Windows-only software bundle includes a firewall, antivirus, antispam and child protection tools. The package includes 90 days of free software updates, after which time customers must register with Symantec and pay for the security suite. Gary Dempsey, product manager for IOL Broadband, points out that this first ‘hand-holding’ period is important. “We’re setting customers’ expectations that if they’re online they’ll need security,” he says.

By Gordon Smith