In the coming years, security breaches wont occur nearly as often inside networks as at users homes. They are much easier targets. Months after I switched from my dial-up line to a cable modem and connected to work via our new virtual private network, I thought nothing of transferring sensitive documents to my home computer. Then, one day, I noticed the little data transfer light on my cable modem was blinking at a time when I wasnt connected to work or using the Internet. I spoke with a few people at work who had cable modems, and they recommended I put in a firewall. A firewall! You cant be serious, I exclaimed. Who would waste time trying to break into my home computer? How little lives do these hackers have? But I went ahead and installed a firewall—and I was shocked to find out just how bad this problem is.
Within 90 days, after installing a personal firewall called BlackIce Defender, I had no fewer than 1,300 attacks made. Most of the hack attempts were User Datagram Protocol port probes. The most disturbing attempt was the SubSeven port probe, where the hacker is looking for the SubSeven Trojan program that may have been inadvertently installed on the PC. This form of hack is referred to as a Remote Access Trojan, and many of the leading personal firewall vendors say its the most dangerous and prevalent Trojan out there. In 90 days, Ive received 23 probe attempts looking for SubSeven.
Its not just me. Its you and your users, many of whom have cable modems. In this age of security awareness, the cable modem Internet service providers actually make it easy for hackers. How?
The cable industry has made a mistake. Scans on cable PCs are common because hackers know that virtually all cable modems are in the 24.x.x.x range. They set up scripts that visit each computer in that range until they find one thats ripe for the taking.
How do you protect your company from users who download documents to their home PCs? You can buy each employee a personal firewall. Unfortunately, theres no way to ensure that employees install them or keep them enabled. Once youve figured out how to make sure that happens, please tell me because I dont have a clue.