As I write, it has been just about 24 hours since the arrest of Kevin Mitnick for, among other alleged crimes, stealing the credit card information used by Netcom Communications in billing its Unix shell account holders. At last count, there were some 32,000 such shell accounts on Netcom--one of which belongs to yours truly. The plain truth is that no Internet service provider, large or small, can entirely prevent such attacks. In part, this is due to design limitations of the current generation of the Internet Protocol Suite--limitations that the designers of the next generation of IP are attempting to address.

At the moment, however, IP is as porous as a screen door. For years, Internet hackers have gathered root passwords on uncounted thousands of systems by the simple expedient of promiscuously capturing IP packets. (The contents of these packets are entirely unencrypted, so users who log into root accounts over the Net may as well broadcast their passwords on the evening news.) This ongoing problem has come to be known as the "Sniffer Hack" and a detailed explanation of the problem is available from the Computer Emergency Response Team anonymous ftp server (130.160.4.7) in the document, CA-94:01.ongoing.network.monitoring.attacks in the /pub/cert_advisories directory. There are a lot of other CERT advisories, tools and papers available from the same server. Get cert_faq from the /pub directory for a comprehensive list.

"Internet firewall" is the single most misunderstood term in the entire lexicon of Internet terminology. An effective firewall consists of a constellation of hardware, software and security practices, each of which works to reinforce the others. Once of the most useful starting points in coming to grips with firewall concepts is Marcus Ranum's excellent paper "Thinking About Firewalls". You can ftp a copy of this paper from csrc.ncsl.nist.gov (129.6.54.11) as fwalls.ps (its a PostScript file) in the /pub/secpubs directory. Another very useful document in the same directory (also in PostScript form) is Russell L. Brand's " Coping with the Threat of Computer Security Incidents-A Primer from Prevention through Recovery", available as primer.ps.

Other resources include the various Usenet newsgroups devoted to computer security. Some of the best include: comp.security.misc, comp.security.unix and alt.security. There are also hackers' newsgroups such as the infamous alt.2600, a group with many excellent pointers to potential security holes, hacking techniques and related archives and publications..as well as a VERY high noise-to-signal message ratio.

There's also a mailing list for those interested in Internet firewalls. You can get back issues from ftp.greatcircle.com (or 198.102.244.43) in the /pub/firewalls/digest directory or you can subscribe by sending mail to majordomo@greatcircle.com with no subject. In the body of the message, put only:

You can also subscribe to CERT's advisory mailing list (which will only send you mail when a new advisory is issued) by sending mail to cert-advisory-request@cert.org. No subject or body text is required.

No firewall will protect your LAN and its users from computer viruses. For individual PC workstations, you'll want either the latest McAfee SCAN (from ftp.mcafee.com or 192.187.128.1 in the /pub/antivirus directory) or the latest version of Frisk's F-prot (try risc.ua.edu or 130.160.4.7 in the /pub/ibm-antivirus directory.) For Macs, ftp to info.asu.edu (129.219.9.130) and get disinfectant.bin (the Mac binary version) or disinfectant.hqx (the BinHexed version) from the /pub/mac/virus directory. You may also want to monitor comp.virus on Usenet and you may want to subscribe to the virus alert mailing list by sending mail to listserv@lehigh.edu with no subject and body text reading only: