Technical (Bottom-Up) Methodology 105
organizations above “hacking back,” but that does not mean it has never
happened.] We are not going to get into an exhaustive discussion about
protecting yourself on the Internet here. After all, this is a book on vulnerability
assessment, not Internet Security basics. Here are a few tips to help put your
mind at ease when contacting a Web site dedicated to hacking:
Run a personal firewall. There are several different types that you can
either download or purchase at a retail outlet. One of the more popular
personal firewalls is Zone Alarm from http://www.zonelabs.com. At the
time of this writing, there was still a free version of this personal firewall
that you can download. A second option is the BlackICE firewall from
http://www.iss.net. While this product has no free version, it is still a very
commonly used personal firewall.
Use a different ISP account. To make it more difficult to have someone
come back into your home system after visiting a hacker Web site, simply
change your ISP. You can use a free service provider like netZero or Juno,
or you may also want to sign up for an account with a provider such as
Earthlink, which offers a 30-day free trial and just cancel your account
before the 30 days expires. If switching your ISP is not for you, then
perhaps an Internet kiosk is a better option. Internet kiosks are becoming
more and more popular, and can be found in major malls, airport, and
restaurants. The downside to the kiosks is price. These services generally
charge either a per-minute or per-15-minute connection charge. Another
option is to use the Internet access at your public library. The major
drawback to the library is similar to that of the Internet kiosk: there is no
easily available storage for the files you download.
Use an antivirus product. While most of the files you download from these
sites are completely safe and legitimate, you may still encounter files that
are infected with Trojan horses or other malicious code. Even if the Web
site that posted the code has scanned the files for viruses, it is better to
protect yourself than to find out the hard way that someone missed a virus.
Use anonymous proxy service. The anonymous proxy services, such as
Anonymizer (available from http://www.anonymizer.com), hide the IP
address that you are coming from. This provides a pretty good layer of
security from anyone who might try to “hack back” into your system. There
are a number of different services on the Internet from which to choose.
Some anonymous access services are free or feature limited, and other
sites simply charge a monthly access fee.
Stop cookies from reaching your machine. There are a number of ways to
stop cookies, which are small pieces of code given to your computer from
a Web site, from reaching your machine. You can go into your Internet
browser and simply turn off the receipt of cookies but this might cause
you to lose functionality with sites such as Hotmail and your online bank.
So, if you need to stop most cookies from reaching your machine but still
want to let through a selective few, then you need a cookie manager tool.
An example of a cookie manager is WebWasher
®
. WebWasher is available
from http://www.webwasher.com, and there is a free version of this