Internet Security Submitted to Professor Mort Anvari Author: Yungeng Qi ID: 104293 Date: 11/16/2000
Internet Security Internet has become a part of people’s life, when you are surfing on the internet enjoying the huge resources, you are also open your door to rest of the world ! Today we will address some internet security holes regarding windows .xx operating system
Background information Nearly 80 percent home computers use windows operating system.(PC World) 80 percent of People using internet have E-transaction experience(PC world) Hundreds of IP address scanners can be obtained freely via internet(Asmodeus)
You may have known : “Denial of Service” shutting down Yahoo “Microsoft has been hacked recently and stolen of latest source code” You may not aware of your computer is also in danger caused by its operating system.
Let’s look at an experiment Visiting http://grc.com to probe my DSL-connected windows 98 system. The system contains : MS personal web server; internet explorer; pc anywhere; quicken; IRC,; ICQ;Telnet;FTP.
Here is the result: Pavilion is at IP 209.244.212.85 is being probed
Here is my network configuration
Here are the security holes The default File and Printer Sharing by NetBIOS & NetBEUI protocol. Blank logon password Too many application software installed
Two reasons causing security holes: NetBIOS & NetBEIU Vulnerability Inappropriate protocol binding
NetBIOS & NetBEIU Vulnerability Releasing machine name, volume name whenever connection established and being asked Backward compatibility. Allowing anonymous logon.
Inappropriate protocol binding
Solutions * Remove “Client for Microsoft Networks and its related file and printer sharing”
Solutions The improved protocol binding
Solutions Beware your other backdoors, such as:PWS; IRC;ICQ,;Telnet;browsers and email readers. They are also potential security holes. Try to use logon password, it can delay attack. Never run executable file from untrusted email source
Solutions Install Internet Firewall software
Solutions Turn off the internet access when you do not need it!
Questions Thank You Can you tell me what information I can get from your email sent with MS Outlook Express? Thank You