Internet Security 101

In order to understand about Internet security, you will first need to understand how the Internet works. Attackers usually break into systems through vulnerable Internet services and flaws in Internet connection implementations. This is the first section of the article. Nothing terribly interesting here, though.

The Internet is powered by many different protocols--sets of rules that networking software must follow in order to be compliant. Most of the Internet works on the Transmission Control Protocol (TCP) and the Internet Protocol (IP). The underlying Internet Protocol provides a means of transportation of data and addressing of hosts. TCP is a protocol whose job is to get the data to its destination; it assures that the data will reach its destination in the order in which it was sent and it will retransmit it if necessary. Since we are concerned about basic security concepts, we will focus on the Intrenet Protocol.

In computer terms, a port is a "virtual gateway," or connection to a particular service between two computers. Every computer has 65535 different ports, ranging from 1 to 65535. Ports 1 - 1023 are reserved ports (also called privileged ports) for running public services, such as web servers, mail servers, or FTP servers. Ports 1024 and above are called unprivileged ports because they are used for outbound connections. If a port has a service running behind it, such as a web server, it is "open." If there is no service or program running behind it is a closed, and an attempt to connect to the closed port will cause the remote computer to return a "connection refused" error. When you are accessing a website, you usually access the remote machine's port 80 (HTTP), when you are sending mail via your ISP's mail server, you are accessing port 25 (SMTP), and when you are downloading a file via FTP, your commands are sent on port 21.

Port scanning is a process by which an attacker or a security administrator (take your pick!) can determine which ports are open and which are closed. What a port scanning program does is it justs attempts to connect to a specified range of ports, and it logs which ports are open. The log can be later used to attack specific services running on specific ports, or in the security administrator's perspective, secure vulnerable services. There is software to alert you if a port scan is being done on your computer.

A Denial of Service (DoS) attack is an attack whose purpose is to disrupt the target site's traffic and its ability to provide service to its customers. A Distributed Denial of Service (DDoS) is the same as a normal DoS, but it is an attack that is distributed among many machines. A common DoS attack, called a SYN flood, sends thousands of connection-initating packets to a computer on a port. If there is no service behind the port, the remote system sends back an error message to the sender. Thus, the remote system spends its time responding with error messages. This is just one example of how DoS attacks are used.