Remote Access

[Harmon]

I just went through a whole “fix a problem” with one of my software providers, during which I relinquished control of my computer to one of their techie dudes. I kept an eye on what I could- afterwards I went in and deleted .EXE s that I could find that he had installed to allow him to take command.

Being as I am far from a techie I need to know what else I can do to insure my security with regards to the “take over.” ?

 

[Bront]

Firewall software is very useful, and having a Router with NAT helps a lot too.

 

[Harmon]

Firewall software is very useful, and having a Router with NAT helps a lot too.

Got the Firewall covered- should I be concerned at someone coming through. . . say Explorer or something like that?

Router? NAT? Please, explain.

Thank you

 

[Rodrigo Istalindir]

Routers are like traffic cops that direct data between different networks (eg your home network and the Internet).

NAT is a function on a router that lets PCs inside your network talk to the internet without having a unique IP address. In the olden days, every device connected to the internet had to have a unique address so that data destined for it could end up at the right place. As the Internet grew, it became problematic for every device to have a unique IP due to how routers work. For most desktop PCs (and printers, etc) there was no need for them to have a unique address in most instances since people wouldn't be (or shouldn't be) trying to access them from somewhere else.

Enter NAT. What NAT (Network Address Translation) does is let you assign generic IP addresses (10.x.x.x, 192.168.x.x, 172.16.x.x) to devices on your network, and then the router translates those generic (referred to as 'private') addresses to a unique (known as a 'public') address. The routers that actually run the Internet are programmed to ignore anything with a private address.

So, your PC has a private IP of 192.168.1.10. Your router has a public IP of 67.106.168.200 (assigned by your ISP). When you try to open a web page, the router substitutes your private IP address for its public one, and creates an entry in a table it keeps in its memory. The web server at Yahoo or wherever sends the data back to the public IP address, and the router reverses the translation by looking in the table it created and sends the data on to the computer at it's private IP.

Because the internet routers ignore the private IP addresses, someone can't access your PC directly (in most cases) because all they can know is your public address, and if they dug out the private IP, the internet routers would ignore the request. Even if they somehow created fake traffic with your public IP address, your router would ignore it because there was no record of you requesting the data in the table it maintains.

Most likely, you had to run some program on your PC before the remote tech could connect. That establishes the initial translation table so that traffic could pass back and forth.

NAT is a good defense, but its not foolproof. It still should be used in conjunction with a decent firewall that actually looks at the traffic that is trying to come in. Your typical Linksys/Netgear/etc home router has basic firewall capability built in along with NAT/routing functions.

 

[Nareau]

Wow, that's an excellent description of NAT, RI. Very well said.

I can only add a generic disclaimer about viruses and the like. While you ran some program to let the tech in this time, a virus could do the same thing. Most exploits these days are designed to trick you (or your computer) into running some program/command that will call back to home base and thereby bypass your firewall/NAT. So make sure you're running an up-to-date antivirus program. And don't open those unknown attachments!

Spider

 

[Harmon]

Rodrigo, thank you.

I am pretty helpless when it comes to understanding anything out of the area of using a typical program, so I know about IP (though I have no idea how or why they work). Problem is I have no idea what to do with the information you gave me.

To reply to a thought I think you might have, I do have a Firewall, and its pretty tightly locked down as far as I can and function, also I have anti virus (updated every time I sit down at my system), and I use Ad Aware to keep the bugs down (usually every day or two)- I understand all of those and the need for them.

Well as I said thank you. Bront & Spider too- thanks.

 

[Rodrigo Istalindir]

Rodrigo, thank you.

I am pretty helpless when it comes to understanding anything out of the area of using a typical program, so I know about IP (though I have no idea how or why they work). Problem is I have no idea what to do with the information you gave me.

To reply to a thought I think you might have, I do have a Firewall, and its pretty tightly locked down as far as I can and function, also I have anti virus (updated every time I sit down at my system), and I use Ad Aware to keep the bugs down (usually every day or two)- I understand all of those and the need for them.

Well as I said thank you. Bront & Spider too- thanks.

Heh...not really much you *can* do. NAT is pretty much automatic for any home user if you have a Linksys/Netgear, etc firewall/router. It does it for you. Where you have to be concerned is if you are directly connecting to the Internet. Quick way to check: open up a command prompt, type 'ipconfig' and press <Enter>. If you IP address is looks like 10.x.y.z, 192.168.x.y, or 172.16.x.y, then you're using a private IP address and your firewall is doing NAT.

Another thing you can do: Go to www.grc.com and dig down to find the 'Shields UP' page. It will do a port-scan of your system from outside and tell you if there is anything accessible through your firewall that shouldn't be.

 

[Harmon]

Snmp

Okay, now today I get a couple hits on my Firewall regarding SNMP (denied all)- which I Googled, and to my understanding its the attempts of someone to use my computer in a Network or as though my computer is networked or something like that?

Any ideas on that?

(Man, I am gonna have to go take come serious computer classes so I can understand this stuff. )

Thanks for your feedback thus far, I hate to keep asking but...

 

[Rodrigo Istalindir]

I don't mind the questions. Helps me remember how to explain things instead of just assuming everyone knows what I'm talking about

SNMP is Simple Network Management Protocol -- its a system for managing networked devices (computers, routers, pretty much anything computer related). For example, there are programs out there that use SNMP to do health and status monitoring on all the servers in a network, etc. Unless you are in a big corporate environment, there is no reason to have SNMP turned on anywhere.

Many devices are badly designed, and come not only with SNMP turned on by default, but without any passwords or other security enabled. This leaves them open to being hacked. Hackers will set up bots to scan for remote systems with such a vulnerability and then try and crack it.

Not terribly unusual to see something scanning, although ideally your firewall is stealthing all ports instead of just denying the connection. It's the 'the only good scout is a dead scout' theory. If a hacker tries to hit your system and gets a denial, he at least knows there is a device there and can try something else. If he tries to hit a stealthed port, the attack just disappears as if there wasn't even a device there, and he moves on to someplace else.

That 'ShieldsUp' site will tell you if your ports are stealthed or just blocked. If you have any ports open from the outside (eg for bittorent) though, the efficacy of stealthing ports decreases.