Damn I wanted to leave this alone. I really tried. But then I read his
website...
Another frickin' internet victim. Everybody did it to me. It wasn't my
fault...
He could have stopped this at anytime. It really wouldn't have taken much.
Now a talk about our friend at GRC...
Using windows for a security solution is bad enough. He left ports open
on his pc's. Could have easily been stopped by the proper configuration.
NSA has a pretty good guide for this.
He left ports open on his firewall. Or did he. Not much mentioned here
about firewalls.
Ping and traceroute to his servers. From all the wonderful external addresses
on the internet. Hello... Hello... Is anybody home here?
Internet Security is just like car theft. At the end of the day the tow
truck drives away with the alarm whaling away, the club on the steering
wheel, stereo faceplate in the house, video camera running, clifford alarm
system engaged, kill switch deployed, and big dog in the yard.
Gotta put security at all levels. Take care of those windows boxes up front.
The registry can be modified to stop ports, if the sockets list doesn't
work.
If you got a firewall, employ it correctly. You need more than one layer
of protection here. PC based firewalls are handy but they are the VERY
last line of defense. A little NAT would have been pretty handy here also.
Then... After you get all that done, figure out exactly what you want to
do on and around the Internet.
At this point, once you are sure, call your friendly operator...
He should have told Verio up front I need the following: FTP, HTTP, etc...
and then said block everything else to my network. If he had done that,
Verio being a customer oriented solution provider would have done so. Anybody
would have. Money revolves around the idea of providing what the customer
wants.
Oh yeah.. .and when you finish. Test your solution... Know your risks
and how you intend to deal with them... then test periodcally.
A little definition for the three kinds of hackers...
1) script kiddies... this where most of these guys start off at.
2) copy cat's... They chunk code at this level. A little here and a little
there.
3) Architect... Don't worry, you won't see it coming and better yet if you
do you'll wish you hadn't. If a hacker gets to this level they normally
hate levels one and two. They usually end up pushing Level one and two
to the fine law enforcement people.
The steps listed above will stop level one and level two hackers. Level
three if he is sloppy.
Note to Mr. Gibson...
ISP's are not here to be mommy and daddy. Do your part then call to see
what else is available but don't be an amatuer and think someone else should
solve your problem....
Mitch