Are attackers really scanning my computer for vulnerabilities? Yes!
The precursor of any attack is reconnaissance and by continuously scanning, nefarious entities on the internet are able to detect and exploit both known and unknown vulnerabilities. Anyone in the world can reach-out and prod your computer. Every day, tens of thousands of different services, bots, and attackers scan the computers on WPI’s network. Help keep WPI strong, and make sure that your computer is protected from these scans and potential attacks with the advice below provided by Information Security.
How can I protect my computer from these attackers? Raise the shields!
Make sure that your computer’s firewall is actively blocking dangerous network connections. A firewall will block scans as well as most network-based attacks. You should also ensure that you have all your devices set to automatically update and that you have anti-malware software to scan your computer. Understand that attackers are persistent and that they are always searching for new exploits to use against you. While WPI’s Information Security Office is here to help protect you from these Internet-based threats, you are ultimately the one responsible for the security of your devices.
Enabling your firewall
Most operating systems will have a firewall already installed, however, it is not always enabled by default. Follow the instructions below for your operating system and contact IT (firstname.lastname@example.org) if you need any assistance.
The Microsoft Defender Firewall is specially tuned for Windows computers and you must have it enabled to prevent unauthorized access.
- On your Windows computer access Settings >> Update & Security >> Windows Security >> Firewall & network protection
- Ensure that the Microsoft Defender Firewall is set to On.
Apple has always been a leader in security, however it is important to note that the firewall on many models is turned off by default. Perform the following to make sure that your Mac is protected by the built-in firewall.
- Click on the Apple Menu and navigate to System Preferences >> Security and Privacy >> Firewall
- Check the box to enable the firewall
Linux machines allow for any network connections by default and may not have a firewall pre-installed. For Linux systems based on Debian (Ubuntu and Raspberry Pi), use UFW. For RedHat or CentOS, use FirewallD.
UFW (Uncomplicated FireWall) is a simple and reliable firewall for Linux machines.
- Install the ufw package by using the terminal command
sudo apt-get install ufw gufw
- Configure UFW to disallow sessions initiated externally
sudo ufw default deny incomingand
sudo ufw default allow outgoing
- Enable the firewall’s defenses
sudo ufw enable
- Check the firewall’s status using
sudo ufw status verbose
FirewallD is a utility that allows for firewall rule management on RedHat-based operating systems.
- Install FirewallD using the Yum package manager; enter the terminal commands
sudo yum install firewalldand
- After the computer restarts FirewallD will be enabled and protecting your computer.
- You can verify that FirewallD is running using the command
sudo firewall-cmd --state
Updating your devices and software
Vulnerabilities are frequently uncovered by researchers and attackers. These vulnerabilities are constantly being scanned for and exploited in the wild. Patches that protect devices and their software from these vulnerabilities are commonly released in updates by product vendors. By making sure that your software has been updated to the latest version, you can ensure that you have the latest security patches and that an attacker will not be able to exploit any known vulnerabilities on your device. Making sure that automatic updates are enabled on all of your devices will protect you and your data from ransomware, exfiltration or worse.
Frequently scanning your device with anti-malware software
Anti-malware software can scan your computer to detect any malware, adware, or spyware that are present. By running anti-malware scans frequently (at least once a week), you can prevent malware from seriously infecting your devices. Most anti-malware scanners offer paid versions which will allow you to schedule system-wide scans on your computer automatically. WPI students are eligible for 4 years of automated scanning and active protection from Malwarebytes for only $5.
Network: Two or more computers connected to share resources. The most common resource shared today is a connection to the internet. When you connect your phone to your home's Wi-Fi, you are connecting your phone to your home network and through that, you connect to the internet.
Bot (short for “robot”): An automated program that runs over the internet. Some bots run automatically, while others only execute commands when they receive specific input. There are many different types of bots, but some common examples include web crawlers, chat room bots, and malicious bots.
Firewall: A system designed to prevent unauthorized access to or from a private network. You can implement a firewall in either hardware or software form, or a combination of both. Firewalls prevent unauthorized internet users from accessing private networks connected to the Internet, especially intranets.
Patch: Improvements made to a program that fix a security vulnerability that exists in the current version of the software. Patches are generally issued through software updates which can be enabled to occurautomatically. Attackers frequently scan for computers that have not yet received patches for their vulnerable software.
Malware: An umbrella term used to refer to a wide range of viruses, worms, Trojans, and other programs that a hacker can use to damage, steal from, or take control of endpoints and servers. Most malware is installed without the infected person ever realizing it.