Protecting your computer against hacking is different from protecting it against viruses that you accidentally or unknowingly invite into your computer that then cause damage in one form or another. Anti-hack is about protecting your computer against external entities that are deliberately trying to get into your computer to cause damage and to steal from you – or cause damage. Viruses are impersonal and hacking is personal.
Anti-Hack software is now out there for sale in addition to anti-virus software. These products protect you in ways that anti-virus software does not. Following are some examples.
DoS (Denial of Service) Attacks:
DoS attacks occur when too much traffic is directed to your company website at once. The web server essentially ‘chokes’ on the amount of traffic trying to squeeze into it’s network hardware. Attack scripts are easily downloadable and you do not need to be an experienced engineer to launch an attack. Upset customers seeking some sort of revenge or disruption, competitors interrupting your site, or these days, as in the recent major hospital attacks, the trend is to hold your web site hostage until some ransom is paid or some demand met. “Ransomeware” is a relatively new term, but it is gaining a lot of visibility in recent times.
SNMP (Simple Network Management Protocol) Attacks:
Akamai’s Prolexic Security Engineering and Response Team (PLXsert) recently issued a threat advisory warning of DDoS (Distributed Denial of Service) attacks abusing the Simple Network Management Protocol (SNMP) interface. PLXsert SNMP DDoS attack campaigns target various industries including consumer products, gaming, hosting, nonprofits, and software-as-a-service, mainly in the US (49.9%) and China (18.49%). The attackers used an online tool posted by the hacker group ‘Team Poison’. This latest wave of attacks targets devices running SNMP which by default is open to the public Internet unless that feature is manually disabled. Anti-hack software is now being created that help prevent SNMP attacks such as this by preventing the attacker from forcing network switching to secondary gateways.
This is a little complex but basically, a SYN flood attack is similar to a Denial of Service attack in that there is request made to the web server that ties up its resources and makes it unavailable to other connections. When a computer or web browser tries to connect to a web site, what’s called a 3-way handshake is used to establish the connection between the two computers. In a SYN/AWK Flood attack, the computer offers its hand (1-way), the server reaches out to meet it (2-way) but the offered hand is quickly withdrawn. The server waits for the hand to come back until it ‘times-out’ and then the cycle repeats millions of times. The 3-way handshake is never established and all other connections are refused while this is happening.
USB Auto-Run Attacks:
By default, Windows runs any executable, program, or script on a USB drive the second it is inserted into any computer or laptop. This means that anyone* with unauthorized code, like a virus or a key-logger or backdoor program – all of which are easily downloadable – can walk past any computer in your building, insert the USB drive for just a second or two, and take control of your entire business without you knowing about it. Anti-virus software knows this and will try to block known vulnerabilities, but what about the unknown ones that were created this morning?
*I want to get them thinking locally here too. Friends could do it, your wife could do it, your kids could do it, the babysitter, your priest, etc…
Here’s a test; right-click on My Computer and select the Remote tab, or, in Windows 8, right-click This Computer and click the ‘Remote Settings’ link on the left side of the System panel that opened. Is ‘Allow Remote Assistance connections to this computer’ checked? Click the Advanced button and you will see how far this goes and how easy it is for your computer to allow others to connect to it. You can actually allow others to take complete control of your system.