Is it possible for a hacker to intrude into your network and/or PC even with high security?
Jan.31, 2009 in
Data Security
yahootech asked:
Is it possible to hack a network instead of a computer so that all the data’s transfered thru a sniffer (for example)? I have a secured (WPA-PSK) wireless network with 4 other computers using that wireless netwrok. I have a firewall (ZoneAlarm) on the highest settings (stealth mode) on each computer as well. I use firefox, don’t open any email attachments and am very specific about whose email I choose to open. How else can any hacker intrude? Would it still be possible to install a prog remotely (without a popular trojan perhaps). Wouldn’t I be able to see if some sort of notification if that were to happen? I’m paranoid because I know some people that always end up doing the same things as me because of the activity on my computer (& they’re shameless to copy what I do and then tell me about it instead). I think they are tracking what sites I visit, what I type (including forms on an internet browser, what I view, etc. I’d like expert advice from a network security analyst possibly.
So those open ports vulnerable even with a firewall? Would they be outgoing or incoming ports? and are they UDP or TCP? Because I can list ports I want to block on Zone Alarm. But is it even effective blocking through ZA? What’s the best way to scan and block those ports?
And what are the following ports for (listed in ZA firewall settings)?
-outgoing NetBIOS (ports 135, 137-139, 445)
-incoming ping (ICMP Echo)
-outgoing ping (ICMP Echo)
-other incoming ICMP
-other outgoing ICMP
-incoming IGMP
-outgoing IGMP
-incoming UDP
-outgoing UDP
-incoming TCP
-outgoing TCP
Is it possible to hack a network instead of a computer so that all the data’s transfered thru a sniffer (for example)? I have a secured (WPA-PSK) wireless network with 4 other computers using that wireless netwrok. I have a firewall (ZoneAlarm) on the highest settings (stealth mode) on each computer as well. I use firefox, don’t open any email attachments and am very specific about whose email I choose to open. How else can any hacker intrude? Would it still be possible to install a prog remotely (without a popular trojan perhaps). Wouldn’t I be able to see if some sort of notification if that were to happen? I’m paranoid because I know some people that always end up doing the same things as me because of the activity on my computer (& they’re shameless to copy what I do and then tell me about it instead). I think they are tracking what sites I visit, what I type (including forms on an internet browser, what I view, etc. I’d like expert advice from a network security analyst possibly.
So those open ports vulnerable even with a firewall? Would they be outgoing or incoming ports? and are they UDP or TCP? Because I can list ports I want to block on Zone Alarm. But is it even effective blocking through ZA? What’s the best way to scan and block those ports?
And what are the following ports for (listed in ZA firewall settings)?
-outgoing NetBIOS (ports 135, 137-139, 445)
-incoming ping (ICMP Echo)
-outgoing ping (ICMP Echo)
-other incoming ICMP
-other outgoing ICMP
-incoming IGMP
-outgoing IGMP
-incoming UDP
-outgoing UDP
-incoming TCP
-outgoing TCP
And which ones should I block without completely comprising functionality?
ACELINE
Tags: restore deleted files, recover data, partition recovery, database, recover data
February 1st, 2009 at 12:31 am
ROB
Do you have you scanned your network for ports that is still open?
Only let essential ports open like
Port 80 for HTML
port 110 for Pop3
Port 25 for SMTP
Open ports are door for hackers to enter your network
February 2nd, 2009 at 2:56 am
THWAITE
To answer your additional info questions first…. the NetBIOS ports are for Windows file sharing. A very popular way for people to hack into Windows too, I might add. (This is one of those “just be careful with it” things… it’s a big drastic to cut down on all file sharing, but at the same time it’s traditionally been one of Windows’ biggest weaknesses.)
ICMP packets are generally your “ping” packets to see if hosts are alive. You generally don’t want to respond to pings to the outside world, it just shows that you can be a target.
UDP and TCP are part of the TCP/IP suite and how pretty much everything works. HTTP works over TCP, for instance. If you are simply allowing all TCP and all UDP traffic in, you’re allowing everything in from the Internet, more or less. Now, if you’re allowing TCP port 80 traffic, then you’re allowing web pages. TCP ports 110 and 25 are for mail, etc. It gets really specific.
Rule of thumb with zone alarm; tell it to block everything except what you approve, and then spend a day just doing whatever and accepting the “Do you want this to go through?” type messages. It’s definitely a good start.
To the wireless, however…. to be blunt, there’s no such thing as a perfectly secure wireless connection. Just doesn’t exist. In the case of WPA-PSK, you get much better security than you do with WEP because it changes the passcodes periodically and automatically, so it only uses the passcode that you have to put in the system on wireless configuration once.
Thing is, a hacker only needs to get it once. What a hacker can do is sniff enough traffic to figure out what MAC addresses and such are being used, then use a program like air jack to knock one of the connections off the network. The legitimate computer will have to reconnect and, guess what, will have to use that original pass code. Bump a connection off a few times, see the same pattern come across, you have just gotten the WPA-PSK pass phrase. Or, rather, the hacker does.
Realize, of course, that it takes quite a bit of packet sniffing and knowing what to do in order to get that far, and no, I’m not going into any more detail with anyone about how to do it, so don’t message me and ask me to. I use WPA-PSK wireless at home too; on top of that, I make sure my SSID is not broadcasted, I restrict access to MAC address, and have IPSEC configured between my local PCs. I still don’t consider it perfectly safe, but I’m comfortable with the slim risk that I still have with that configuration.
To the last point of what you’re saying however in your first question… the tightest of security on your personal PCs won’t stop websites from remembering what you tell them. Also, if someone has physical access to your PC, they’ll be able to look at any autocompleted forms you had filled out, etc. You make want to consider a browser like HeatSeek; it’s actually a “skin” for IE that’s designed to “keep porn surfing hidden”, but regardless of what you use it for it does a good job of not keeping easy records for people to get if they can get to your computer.