re #reply-13214968
this from 2000-Mar-20 LangaList ...
"Is The "Sixth Security Layer" Useless?
You folks are great! Each week, I'm awed by your collective
knowledge, which many of you share in email or in the chat areas
associated with some of the columns I write.
For example, the current column on the WinMag site ("Secure Your PC
Online, Part Three" at
winmag.com ) describes a six-
layer defense I use to protect my PC against miscreant hackers, and
shows you how you can employ any or all of the same layered strategy
to help secure your PC.
Last week, I got this note from Viraf Mohta, who's the Director of
Kiosks and Interactive Media for eOutlets.com:
Dear Mr. Langa:
First, I would like to thank you for your informative
newsletters. Second, I would like to draw your attention to
a POSSIBLE error in your most recent article regarding
multiple layers of defense for your online PC. (You may
want to confirm this with other sources though.) As your
6th layer of defense, you unplug your modem and replug it,
under the assumption that in doing so, your PC which has a
dynamic IP address, will be assigned a new dynamic IP
address. You also state that this is true for ANY PC using
dynamic IP addresses. Well, I don't think this is ALWAYS
true. It depends on the way the dynamic IP addresses are
allocated to your PC by the server. You could very well get
the same IP address, each time you unplug and replug your
machine, and even if you were to turn your machine off for
a few days.
A rule (set by the server admin) on the dynamic IP address
assigning server determines what happens at your end, to a
certain extent. The rule could state that even if your
machine has been shut down for a week, you will still get
the same IP address when you re-boot it; but if shut off
for two weeks, then grant any IP address which is free and
available. Although an IP address granted to you is
dynamic, it is still 'reserved' for you for the duration of
the one week specified in the rule on the server. So
unplugging your modem or LAN connection, or even turning
your machine off doesn't guarantee a new IP address.
Once again, thanks for your very informative newsletters.
Viraf is right: It *is* possible to reserve an address--- but that's
not true dynamic addressing.
But even with dynamic addressing, there's still a small but nonzero
chance you could get the same IP each time. If a connection is truly
dynamic, then (because of the way blocks of IP addresses are
allocated) you'd have a 1 in 256 chance of getting the same address--
- not hugely favorable odds, but better than nothing. It's also
possible that your odds would be 1 in 256*256 addresses or even 1 in
256*256*256 addresses; these are much larger "haystacks" for the
"needle" of your address to get lost in---for making you harder to
track.
But in itself, dynamic addressing is not a great defense. That's why
it's the 6th (and weakest) layer in my system. It doesn't do a lot---
but even a minor speed bump in the path of a hacker is better than
nothing. 8-)
Come check out all six defensive layers and see which ones would work
for you!"
winmag.com |
