Security risks



Last revision July 21, 2004

Computers attached to the Earth Sciences network are connected to every single other computer on the Internet. Because they are interconnected, there is the risk that a hacker could connect to your computer and do potentially damaging things or steal sensitive data. That risk exists if any part of your computer is listening for and accepting outside connections. Remote logins, file sharing, web hosting, and FTP serving, among others, all involve listening for connections from the outside.

This risk is reduced by running a "firewall" - a special computer or network router that filters incoming traffic. The School of Earth Sciences network firewall is configured to block incoming traffic to vulnerable services on normal workstations. However, if a hacker is able to penetrate one computer on the network, he can then launch attacks from inside our network and bypass the firewall. This is a particular problem with laptops that connect to multiple networks, many of which are less secure than ours.

Hackers can potentially break into your system in several ways.

Guessing passwords

The first way a hacker can gain access to your computer is by somehow obtaining your password. If you have a very easy to guess password that uses common English or foreign words, you are at risk. Hackers have programs that can sequentially try to connect to services using many possible passwords. Those programs try to guess passwords using various permutations of common English and foreign language words. Or, a hacker may be able to intercept your password when you login to an insecure network service such as "telnet" or "ftp".

Network scans

The second way hackers get in is by exploiting security holes, or bugs, in the software that provides the network service. Hackers generally search for these bugs by "scanning" the network. That is, using a computer of their own, or more likely, a computer belonging to someone else that they have taken control of, the hacker's program will attempt to connect to every possible IP address within a given range (for example, all addresses on the Stanford campus). The connection attempts will be carefully crafted to determine if this computer has a known bug. If so, the scanning software notifies the hacker, who can then exploit that bug to take control of the computer.

On average, a new hacker scan of the Stanford network starts every few minutes! If you put your computer on the network with open accounts or other well-known security bugs, it will be compromised by a hacker within an hour.

Many software companies try to combat this problem by regularly releasing updates to their software whenever a security hole is found.

Eavesdropping

Eavesdropping is another security risk posed to networks. Because of the way some networks are built, anything that gets sent out is broadcast to everyone. Under normal circumstances, only the computer that the data was meant for will process that information. However, hackers can set up programs on their computers called "sniffers" that capture all data being broadcast over the network. By carefully examining the data, hackers can often reconstruct real data that was never meant for them. Some of the most damaging things that get sniffed include passwords and credit card information.

The School of Earth Sciences wired network is constructed as a fully switched network. This means that data packets exchanged by two computers are not broadcast to any other computers on the network. This limits the ability to "eavesdrop" on network traffic within the School. But connections into our computers from home or other institutions may be vulnerable to eavesdropping.

Comments or Questions?