One of the most dangerous and least recognized vulnerabilities to home pc users and enterprise lans/wans is unauthorized access via a dedicated Internet connection. Although this problem can exist across a multitude of operating systems and Internet connection types, this document will focus on Windows 9x with a digital subscriber line (DSL) or cable modem based Internet service.
The availability of affordable high speed Internet service to the public has resulted in an exodus from traditional modem connectivity - an environment where dynamic IP addressing provided an often unacknowledged layer of security to unprotected systems. While realizing superior performance, these users are also becoming increasingly aware of security implications associated with static addressing and full time connections. It is becoming disturbingly common to hear of incidents where home ‘Net connected systems have been accessed by neighbors or persons unknown.
Features within Windows 9x were designed to provide ease of use and sharing of information (security was certainly not the priority). One of these features is file and printer sharing - a feature requiring utilization of NetBIOS. Improperly administered shares may present a moderate risk in the user’s local area network, however this risk can escalate quickly when connected to the Internet. DSL and cable modem service can enable other users on a common subnet or segment to access these shared resources as easily as clicking on Network Neighborhood. All too often shares are not password protected. Malicious activity including installation of BackOrifice, Netbus or other such programs can ensue and ultimately breach security of other connected systems - i.e.: secured remote access sessions with enterprise networks.
DSL and cable modem networks can vary in design and configuration. A fundamental difference between the two is that DSL networks are switched and users do not share transport media. It is possible for users to see other systems in their subnet, however the traffic is limited to resource broadcasts.
Cable modem networks, on the other hand, can be viewed as a LAN. Many users may share a common segment and thus may not only see other user’s resource broadcasts, but the actual data streams as well. This may not always be the case, however, if the ISP has implemented enhanced filtering technique such as DOCSIS (Data On Cable Service Interface Specification). The important thing that one must understand is that the access network does not protect a system from attack. The user must take measures to secure their computer.
Protecting a full time Internet connected Windows 9x system does not have to be a daunting task. Key considerations that should be addressed are:
McClure Stuart & Scambray, Joel. "New high-speed Net access services give unwanted snoopers a real opportunity". 25, January 1999
http://www.infoworld.com/cgi-bin/displayArchive.pl?/99/04/o08-04.75.htm (11 Nov. 1999).
Livingston, Brian. "Security appliances offer users protection during 'always on' high-speed access ". 25 October 1999.
http://www.infoworld.com/cgi-bin/displayArchive.pl?/99/42/o10-43.60.htm (11 Nov. 1999).
Security Dogs. "Internet Sharing and Security for Cable Modems and xDSL Products."
http://www.securitydogs.com/secdog_sharing_prod.html (10 Nov. 1999).
CableLabs. "Security in DOCSIS-based Cable Modem Systems." 26 August 1999.
http://cablemodem.com/DOCSIS_Security.html (10 Nov. 1999).