Using a Cable Router and Home networking, how secure am I ?

[cotton]

HI
I just connected three of my computers to a Cable Router. I understand that I can also use the router as a hub and all three computers use the Router to access each other using File and Printer Sharing.
My concern is once I install the FIle and PRinter sharing for all three, can people now access our hard drives through the Router.
If so, what is the best way to have file and printer sharing and still be able to use the router in a secure way.

 

[ganesha]

Basically you should be using Netbeui for f/p sharing. Go here for more detail.

 

[MC]

cotton, if you really concern about your security then UNPLUG your computer!!! lol

Seriously, if SOMEONE out there wanna nail you purposely, it doesn't makes any different whether to enable sharing or not.

But there are millions of computer out there, chances that you got hacked is very small. BTW, if you are not running some web hosting or serving some useful information then you are fine!

Still, be prepare the worst and backup your data if you can. At least run a firewall like ZoneAlarm the lower your chance to get nail down.


There are much more we should aware from day 1.....

 

[BoberFett]

cotton

Unless you have port forwarding enabled on that router (what model is it?) then no traffic from the internet should ever be routed to your internal machines and you basically have nothing to worry about.

 

[MC]

bober, are you sure?

 

[office boy]

Check it out at grc.com

oh it's the ShieldsUP! thingy

 

[BoberFett]

Yep.

I asked about what kind of router though, because I can't say for certain that every home broadband router produced is totally secure. The Linksys BEFSR41 that I use at home just dumps any and all incoming traffic. It doesn't even return ping requests. As far as the outside world knows, my IP address doesn't even exist.

 

[ganesha]

<< The Linksys BEFSR41 that I use at home just dumps any and all incoming traffic. >>


What about outgoing traffic such as from a trogan? Nope.
See here

 

[MC]

If you think your router w/little firewall will make you secure then you are wrong!

In that case, company can save all the money that used to hiring &quot;Network Security Expert&quot; just to make sure there are no....hmm...less exploit as possible.

alright, no point talking to somebody who knows nothing about networking security...i am outta here!

 

[office boy]

flamebait = MingChia

 

[BoberFett]

<< What about outgoing traffic such as from a trogan? Nope. >>

I said incoming.

Unless you run software which inspects every packet and asks for confirmation before allowing traffic to each IP, then there's no protection against trojans. But if you're getting trojans, you've got more immediate problems to worry about than some hacker in Pakistan getting through your cable router.

 

[BoberFett]

<< alright, no point talking to somebody who knows nothing about networking security...i am outta here! >>

Whatever, you pimple faced little geek. I'm a net admin, so I know a thing or two. There's a difference between hiding 3 computers on a home LAN and running a network with several WAN connections, running servers on the LAN which need to be accessed remotely. The first is easy. The latter isn't.


Edited for spelling.

 

[office boy]

BoberFett, ZoneAlarm inspects everything incoming and outgoing. It's supposed to block all trojan stuff.

 

[BoberFett]

Thanks office boy. I'm aware of that. I doubt most people want to be bothered though with running packet inspecting software though.

Like I said, if you have to worry about trojans, you've got more immediate problems to worry about than somebody hacking through your cable router. Like why you're downloading warez and crackz.

 

[pm]

IANAH (I am not a hacker), but having researched this thoroughly, I decided it is possible to break into the NAT firewall of the Linksys BEFSR41 router (as well as the other 'cheap' routers that rely on NAT for security). It's very difficult, it requires some patience, and it requires some program that accesses the 'net in a repeatable fashion (plus an exploit on the OS that is being run). So, it's very tough but it is possible. What you need to do is watch the outgoing packets and keep track of where requests are going. Then you pretend to be an incoming packet, spoof your IP address and basically fake everything so that your packet return seems to be a reply to an outgoing packet request. Then you need to have an exploit for the OS or whatever is monitoring the port (like buffer overrun, or some other vulnerability) and using this you can hack the computer. I have never hacked a thing in my life, but I came across the above scenario when reading about NAT security.

Another alternative (which I think is possible, but I don't know for a fact) is, if the user isn't forwarding any ports, you can take advantage of the ability to access the router from the WAN (the 'net) port, put in a password pounder to just pound out passwords, and when you get the right one, you have access to the router. If the user is execeptionally clueless then the password will just the the default. Then you move computers onto the DMZ host until you find one that you can hack.

For the first, there are no really good ways to avoid except to stay up to date on security issues with your OS and browser. If there are no exploits known for your OS/browser, then there's no way to take advantage of the access that you've spoofed. You should also avoid running programs that access the net in a repeatable manner.

For the second (which, like I said, I'm not sure is possible), choose a really hard, long password with alphanumeric characters and capital letters. They give you a possible password of up to 64 letters and numbers. Mine is over 30 long, doesn't mean much of anything (it's in a relatively obscure foriegn language) and contains a whole lot of special characters. So, if you are worried, come up with a really complex password and you should be more than safe. Also watch your logs.


Having said all this, you need to worry a lot more about trojans and viruses and hardware dying than hackers. The more important your data is to you, the more important it is that you take precautions. But the NAT security on a router is fairly rock-solid. I disagree with Boberfett that it's &quot;totally secure&quot;, but it is &quot;reasonably secure&quot; in my opinion. And I researched the issue pretty thoroughly on the Usenet and reading articles.

 

[BoberFett]

pm

<< I can't say for certain that every home broadband router produced is totally secure. >>

I suppose that was poorly worded. I try to remember to not use words such as 'totally', 'always', 'never', etc, but sometimes I slip. But I'm willing to discuss intelligently. (Oops, I guess that leaves MingChia out)

<< you basically have nothing to worry about. >>

That's all I said in my first post, before MingChia decided to try to taunt me. For most people, running a broadband router is sufficient protection. Unless you plan on spending several thousand dollars for a stateful inspection firewall, you are vulnerable. And even then you aren't guaranteed security. You want security? Rip your NIC out. Every computer on the internet is vulnerable in some way or another. But let's look at what you're proposing.

<< What you need to do is watch the outgoing packets and keep track of where requests are going. >>

So there has to be somebody between you and the destination server with a packet sniffer. Odds? Very low.

<< Then you pretend to be an incoming packet, spoof your IP address and basically fake everything so that your packet return seems to be a reply to an outgoing packet request. >>

Which even software such as ZoneAlarm won't detect because the IP address has been validated. This is what a spoofed packet is for, and will get through any firewall that doesn't do stateful inspection.

<< Then you need to have an exploit for the OS or whatever is monitoring the port (like buffer overrun, or some other vulnerability) and using this you can hack the computer. >>

Yep, these are all a possibility. But the odds are probably more likely that you'll be struck by lightning. Ever been outside during a thunderstorm MingChia? Or are you afraid of lightning?

And I've never seen anything that pointed out how to access the routers configuration from the WAN. As far as I know, it can only be accessed from the LAN. But I could be wrong.

 

[pm]

Bober, I didn't mean for my post to be a slam of yours. All I did was point out that saying it's &quot;totally secure&quot; is not quite correct. I said the odds are low. I said it's nothing major to worry about. In my last paragraph I pointed out that there are many more things to worry about beyond being hacked. I said the security is &quot;fairly rock solid&quot; - all I did was point out that in my research I came up with two ways to hack a Linksys router and then gave advice on how to protect yourself from them. I don't quite understand where this hostility came from.

As far as accessing from the WAN side. I've been able to do it, but not consistently. I think they disabled it on the newer firmware releases. Russ says he can do it on his. See this thread in the networking forum.

 

[BoberFett]

I'll also add this. Nobody is going to hack into your LAN so they can get your credit card numbers from Quicken or download the pr0n saved on your hard drive. The size of the reward for doing so is not worth the effort required to do it. It'd be far easier for some malicious hacker to look for unprotected computers. Unless they're in it for the sport (in which case you don't have much to worry about anyway) then they won't waste time hacking your computer when they could potentially be hacking into hundreds of unprotected computers in the same amount of time.

Security through obscurity. It's not ideal, but it counts for something.

 

[BoberFett]

Sorry pm, I didn't mean to sound hostile towards you. I can be a little confrontational at times though. No harm intended.


But MingChia can bite me.

Edit: And thanks for that thread link. I'll check it out.