If your computer is networked and/or has a permanent link to the Internet (for instance, a cable modem or a building cabled for Internet), the best thing to do is run an accurate diagnosis on it to check whether it is in some way open to hacker attack. Although many people think that hackers can only attack through the Internet, statistics show that attacks and information theft are more common on internal networks. Note that the procedure we are talking about here is just as useful o check company security in small offices and corporations with many networked computers.
A very good program, especially for users that know very little about the matter, is GFI LANguard Network Scanner, which can be downloaded from http://www.gfi.com/downloads/downloads.asp?pid=8&lid=1 (it can run on Windows 9x/ME, but is recommended for computers with Windows 2000/XP). The program is user-friendly and can test a single computer or an entire network for security breaches, reporting vulnerable points. Furthermore, if other computers on the network are file-sharing enabled (see last week’s column), the program allows you to simply access and scan through the computer with the security breach.
After installing the program, you should enter the IP address of the computer you want to check (your machine, for instance) or an entire range of IP addresses (if you want to test your entire network, for instance). In basic terms, to test your computer select option File, New Scan in the LANGuard program, then chose the first option (Scan One Computer) and address 127.0.0.1. Click on button Finish and then click on the Play icon (the symbol containing a left hand arrow).
After the program has finished its diagnostic, a report will appear on the screen’s left. You must scan the report, checking all items related to your computer, especially regarding port (open ports) and share (sharing) icons. If the program indicates the presence of any active sharing on your computer, you should immediately disable it, since this is a weak point, as we explained last week. After disabling sharing and restarting your computer, run the program again in order to check that sharing has really been deactivated.
Ports are virtual communication ports that await some sort of communication. Personal computers normally only have port 139 (Netbios) open (computers running Windows 2000/XP quite usually have ports 135 and 445 open too). Trouble arises when the computer has a lot of open ports – such as FTP ones – seeing that this will be a weak spot, as the computer will wait for connections on these ports and a hacker can use a spyware program to access your computer through such an open port. If the program indicates that any port apart from port 139 is open, you should find out why this occurs and identify the program on your computer that is keeping the port open.
You should also look for any other open ports, and the program itself will explain the respective reason for this.
The procedure for testing an entire network is similar. In the first place, you must know the range of IP addresses your network is using. To this end, run program Winipcfg (Start menu, option Run). In the window that pops up, select the network card installed in the computer. The IP Address Box will specify the IP address of your computer (e. g., 192.168.0.5). The network in which your computer is installed may use the same IP address, with only the last digit varying from 1 to 254. Thus, just select the second option (“Scan Range of Computers”) from option New Scan in the File menu, typing in as initial IP address the IP address of your machine, but changing the last digit to 1, and as the final address the same IP address as our machine, changing the last number to “254”, repeating the same procedure described above.