How do I know if I'm being hacked or cyber probed? Recommended monitoring software?

TheBigCheese · 14 Aug 2009 at 07:19

Hi guys

(Hopefully) amusing thread titles aside, I've just bought a laptop and as I'm installing the security software it's got me thinking that if anyone was trying to find a way into my PC or laptop I would have no idea they were doing it.

I connect to the net by a wired connection and run Kaspersky Internet Security 2009 along with the Adaware and Spybot to hopefully root out any nasties lurking in the PC but I wouldn't know if anyone was (I think the term is) looking for open ports on my PC or generally probing to find a way in.

Can anyone point me in the right direction of up to date high quality guides which can teach me what I need to be looking out for, the terminology etc...basically just network security!

If anyone can recommend any software that can monitor my system and alert me of any potential probing going on (Kaspersky does do this but it doesn't seem very intuitive software).

I hope this will be a useful thread on computer security and may even be stickied if there is enough useful information posted so please don't anyone post "you've got antivirus/firewall you're fine". I would like to understand the working of it in greater detail and how to tell manually, if for interests sake if nothing else.

HEADRAT · 14 Aug 2009 at 07:56

As you say Kapersky does this but any software that is too sensitive is just going to give you lots of spurious alerts, why do you think you would be a target for concerted cyber attack?

To be honest if your behind a router and you're patched up with all the security updates and you've got antivurs/firewall then your 90% of the way there. As long as you don't do anything stupid like open strange emails with attachments or download spyware/trojan infested software then you're OK.

All you will do by installing an overly sensitive probe app is make yourself paranoid.

HEADRAT

TheBigCheese · 14 Aug 2009 at 08:16

Hi, thanks for the reply.

I don't think I'm going to be targeted personally, it's more of an interest thing, I would just like to understand what's going on behind the scenes.

There is differing information on the net but it's difficult to distinguish the good advice from the bad.

atpbx · 14 Aug 2009 at 08:23

www.grc.com

HEADRAT · 14 Aug 2009 at 08:42

TheBigCheese said:
I would just like to understand what's going on behind the scenes.

Well there are a number of way a hacker can try and compromise you're machine, such as:-

Trojan
Spyware
Virus
Malware
DOS Attack

the threat to your system is hugely diminished if you have up to date spyware/antivirus protection. Just do some background reading into those areas and you will get a handle on what's happening.

HEADRAT

derkaderka · 14 Aug 2009 at 08:56

if your worried someone is accessing you remotely
dos windows

netstat -a -o -n

Have a look and see what your computer is connecting to

Chaos · 14 Aug 2009 at 12:33

Another thing would be if you are using a router make sure its running the latest firmware incase any previous ones had any security issues, and also change any defualt passwords it uses.

m4cc45 · 14 Aug 2009 at 12:40

Well I guess the only true way would be to monitor traffic on the interface - to do this all the time though would be a nightmare as there are literally millions of things going on at any given time and you'd need something like an IDS to monitor and filter it correctly.

The name of the program I use escapes me at the moment but there are hundreds of TCP dump monitors which will monitor the in and out traffic on your network.

M.

Meatball · 14 Aug 2009 at 12:51

Upgrade kis2009 to kis2010 while youre at it, free upgrade

.

theheyes · 14 Aug 2009 at 16:47

A "hacker" will generally probe the computer to see what operating system it is running, what services (and their versions) have ports open etc. Once they have this sort of information then they can start to think about how to gain access.

For example, lets say you like to operate the computer remotely so you have the VNC server service running listening for connections. After the port scan the hacker will know this, and unfortunately for you you didn't keep your software up to date and are running Ultra VNC version 1.0.1 which contains a known vulnerability. All he has to do now is wait for you to log in and capture the password. Job done. And if you've left an administrator account logged in when he opens the door it's pretty much game over.

The example above is hypothetical of course and is just one of many ways to gain control of a computer, but that is the general idea. To be targeted specifically like that by an individual is unlikely for a home user; you'd be more likely to see that kind of thing on corporate networks. A lot of hacking attempts are automated and hosted on infected computers attempting to recruit more PCs.

As said, being behind a firewall router is much safer than the days of connecting with a modem directly and the computers on your internal network are largely hidden from the rest of the internet. You are much more likely to be caught out by an email attachment, something bad off a file sharing site or an infected usb stick.

If you google "network security" you will find loads of reading material. Most of it is quite heavy but worth reading if you are interested. And don't skip over the Linux guides and manuals thinking they are irrelevant - they're not and contain really good info.