Column

Holier Than Thou

We talk about connecting to the Internet, a pipe through which travels all of the information flowing into or out of the law practice. It is not that simple, though, and that oversimplification can mean that you overlook possible holes that might make your client or law practice information vulnerable to access by others.

Any Port in a Storm

The reason the pipe analogy works is that, while in transit, your information really is flowing amid lots of other information. But the place that it ends up – or starts from – is determined in part by what the request is. For example, when you open up your Web browser, and type in www.slaw.ca, you are sending a request to a Web server. This computer exists somewhere and is listening for your request. But, like lawyers and staff in any busy law practice, that computer may be multi-tasking, working on other things until that request arrives.

To be more efficient, it listens with only part of its attention. The focus of this attention is called a port. In most cases, a request for a Web page is sent to the port 80 on a Web server. In fact, your request to the Slaw site is the same as typing www.slaw.ca:80. If you asked the Web server to deliver your request to a different port – like www.slaw.ca:81 – you would get an error message. It isn’t paying attention to Web requests on that port.

The point is that, when you connect your home or office network to the Internet, or your laptop to the court’s or coffee shop’s wireless network, you are potentially making ports on your own system available to others. Depending on what the port is listening for or transmitting, you may be exposing your system unnecessarily.

If you think of your computer or network device as a sieve, then the ports are the holes that let the information flow through. Unlike a sieve, you want those ports blocked unless they are doing something purposeful. For example, if you are not using your laptop or network to provide access to your Web site, then port 80 should not be available to external visitors.

Port Scanning

Intruders automate their attacks with a first step, which involves scanning your system for open ports. This is opportunistic, and scans as many systems as possible with specific ports (and correlating weaknesses) in mind. Most of our systems are not important enough to be a specific target, although that does not reduce the negative impact if we end up in a random attack.

You can be proactive by scanning your own ports and use free, easy to use Web-based tools to do your own check. One of the best known is Gibson Research’s Shields Up. This service will look to see where you are coming from and it will run its tests against that address. You cannot point it at a second location (for example, testing your office network while you are sitting at your home computer). There are tests to run here. One is the File Sharing test and the other is the Common Ports test. The first one looks at Windows computers to see what services are turned on in Windows to enable file and printer sharing. 

The concern this raises is that you may be sharing that information with people you do not trust. Unless you are disabling Windows File Sharing when you leave the network where you are using it, others may be able to see that you are making information available. It doesn’t mean that your information is immediately available, but you are broadcasting that it is there. Windows 7 seems to do a better job than earlier versions in making your system as invisible as possible to probes by port scanners.

The common port test looks to see if you have ports turned on for common functions, like Web servers (port 80), e-mail servers (25, 110, 143, among others) and file transfer servers (21). Note that these are mostly servers. If your computer isn’t a server, or if you are not providing those services through your network router or device, then these should be turned off.

Keep in mind that having ports open is not itself a security failure. You have to have some ports open to deliver certain services. But it is important to know what is open and to have secured whatever services or information are accessible through that port.

Shields Up is essentially no frills and you may need a bit more information to understand what your computer is sharing. Hackertarget is a great alternative. This site provides a variety of services and you can run up to 4 reports a day for free, with the results e-mailed to you. Use the Nmap scanner to look at your network’s ports and the WordPress security report to find out whether your law firm Web site, if it uses WordPress, has been properly secured. The report you receive as an e-mail attachment will have pages of data and explanations that can make it easier to understand what you may need to do to fix any problems found.

Whether you choose GRC’s Shields Up or Hackertarget or other tools, you should have a routine of checking your network and system security. That way, if you inadvertently make a change or install or upgrade software that does it for you, you wil catch the potential threat on your next check. If you have holes in your network or systems that exposes your information to others, you should be aware of this and ensuring that your systems are properly protected.

Comments

  1. I just wanted to add something to your post in regards to scanning for ports, and that is about a free program called NMap that does roughly the same as the other two programs. There is also a version online that has the exact same functions at http://nmap-online.com/. I would also like to point out that although you may have some ports open on your computer while you are in court, coffee shop et al., they are not necessarily broadcasted to the internet simply because of Network Address Translation (NAT) unless the ports are specifically forwarded to the local IP (port 80,21,22).

  2. Thanks, Andrew. Great tips. Geeks will appreciate that Trinity uses NMap at the command line in one of the Matrix films!