Why is a Persistent-Internet-Connection a Security Risk?

by
William G. Perry, Ph.D.

Operating personal computers with a Persistent-Internet-Connection. Doing so is unsafe and leaves the door open for crackers to attack their system. You increase the chance of being the victim of a successful exploit against your information assets if your computer remains actively linked to the web.

The Internet functions in an asymmetric threat environment. Onslaughts against connected computers are numerous, unpredictable and constantly changing. The culprits who launch malware could be automated botnets, a single script kiddy or an organized identity-theft ring.

The "bad guys" who are on-line are constantly conducting reconnaissance on the Internet and probing to find computers with a persistent-Internet-connection and vulnerabilities. Potential intruders, once a weakness is discovered, can gain unfettered access to a system. Your system, due to the way the Internet works, is constantly screaming out through more than 65,000 ports, "Connect to me," unless you have taken specific steps to block the probes. You should find that fact sobering.

The obvious question is, "Can I turn off my Persistent-Internet-Connection?" The short answer is "yes". You may want to do exactly that, especially if you mainly use your computer to work on a word processor, spreadsheet or database. Productivity work can be accomplished without maintaining an "always on" or persistent-Internet-connection.

Malicious users launch viruses, Trojan horses, spyware and other exploits through the Internet against vulnerable systems. Access the Internet and the game is on, therefore, consider turning off the Internet connection when you aren't using it to search for information. You immediately minimize the number of potential threats and reduce the chance that risks become realities. When a continual connection with the web is ended it's virtually impossible for a threat from the web to manifest itself. Break the connection and enhance Internet security.

A word of caution, however, must be shared with the reader. Your work practices may have to change if you currently are dependent upon an "always-on" Internet connection. Many users like the convenience of being clicking once and being at their favorite search engine's website. Other people have chosen to receive frequent and automatic updates from software publishers and want to schedule updates to be received during low-demand hours such as late at night or early in the morning. Continuous Internet connections are normally required for automated updates.

Therefore, if you turn off your persistent Internet connection you may have to adjust your work routine to manually check with publishers for updates immediately upon signing-on again and before beginning to use your computer. Your system might otherwise be unprotected upon beginning to work or surf the web because computer security software updates try to stay as current as possible.

Changing your work practices and weaning yourself away from a persistent Internet connection is inconvenient. However, experiencing financial or productivity losses from a successful exploit against your system is likely to be a much bigger problem. The individual computer user is in the driver's seat and must make the choice.

Consider your options carefully. You may very well choose to suffer the frequent distraction of turning-off an Internet connection when done and adopting what may be considered a security best practice: Log on to the Internet only when you need it and log-off when you have what you need.

Learn more about how to protect your computer at https://www.computer-security-glossary.org.

© Alliant Digital Services - 2010

Dr. William G. Perry is computer information security specialist and has taught information systems security at both the undergraduate and graduate levels and coordinated numerous information warfare projects and presentations with the federal government. Among the agencies with whom Dr. Perry has been associated is the Office of the Director of National Intelligence, the Department of Defense and the Federal Bureau of Investigation.

Alliant Digital Services which is a newly formed organization that focuses upon providing a high quality of information assurance services to individuals and organizations who must secure their mission critical data in an asymmetric threat environment and comply with national and international information security standards (i.e. COBIT, ISO 17799, ISO 27000, FISMA, HIPAA, ePHI and the new passed High Tech Act).

Alliant Digital Services established a free web site to help disseminate information related to computer security. That site can be found at https://www.computer-security-glossary.org.