Why is a Persistent Internet Connection a Security Risk?

by William G. Perry, Ph.D.

Many people operate their personal computers with a continuous Internet connecti
on. Doing so is unsafe and leaves the door open for crackers to attack their sys
tem. You increase the chance of being the victim of a successful exploit against
your information assets if your computer remains actively linked to the web.
The Internet functions in an asymmetric threat environment. Onslaughts against c
onnected computers are numerous, unpredictable and constantly changing. The culp
rits who launch malware could be automated botnets, a single script kiddy or an
organized identity-theft ring.
The "bad guys" who are on-line are constantly conducting reconnaissance on the I
nternet and probing to find connected computers with vulnerabilities. Potential
intruders, once a weakness is discovered, can gain unfettered access to a system
. Your system, due to the way the Internet works, is constantly screaming out th
rough more than 65,000 ports, "Connect to me," unless you have taken specific st
eps to block the probes. You should find that fact sobering.
The obvious question is, "Can I turn off my Internet connection?" The short answ
er is "yes". You may want to do exactly that, especially if you mainly use your
computer to work on a word processor, spreadsheet or database. Productivity work
can be accomplished without maintaining an "always on" Internet connection.
Malicious users launch viruses, Trojan horses, spyware and other exploits throug
h the Internet against vulnerable systems. Access the Internet and the game is o
n, therefore, consider turning off the Internet connection when you aren't using
it to search for information. You immediately minimize the number of potential
threats and reduce the chance that risks become realities. When a continual conn
ection with the web is ended it's virtually impossible for a threat from the web
to manifest itself. Break the connection.
A word of caution, however, must be shared with the reader. Your work practices
may have to change if you currently are dependent upon an "always-on" Internet c
onnection. Many users like the convenience of being clicking once and being at t
heir favorite search engine's website. Other people have chosen to receive frequ
ent and automatic updates from software publishers and want to schedule updates
to be received during low-demand hours such as late at night or early in the mor
ning. Continuous Internet connections are normally required for automated update
s.
Therefore, if you turn off your persistent Internet connection you may have to a
djust your work routine to manually check with publishers for updates immediatel
y upon signing-on again and before beginning to use your computer. Your system m
ight otherwise be unprotected upon beginning to work or surf the web because com
puter security software updates try to stay as current as possible.
Changing your work practices and weaning yourself away from a persistent Interne
t connection is inconvenient. However, experiencing financial or productivity lo
sses from a successful exploit against your system is likely to be a much bigger
problem. The individual computer user is in the driver's seat and must make the
choice.
Consider your options carefully. You may very well choose to suffer the frequent
distraction of turning-off an Internet connection when done and adopting what m
ay be considered a security best practice: Log on to the Internet only when you
need it and log-off when you have what you need.
Learn more about how to protect your computer at http://www.computer-security-gl
ossary.org.
© Alliant Digital Services - 2010
Dr. William G. Perry is computer information security specialist and has taught
information systems security at both the undergraduate and graduate levels and c
oordinated numerous information warfare projects and presentations with the fede
ral government. Among the agencies with whom Dr. Perry has been associated is th
e Office of the Director of National Intelligence, the Department of Defense and
the Federal Bureau of Investigation.
Alliant Digital Services which is a newly formed organization that focuses upon
providing a high quality of information assurance services to individuals and or
ganizations who must secure their mission critical data in an asymmetric threat
environment and comply with national and international information security stan
dards (i.e. COBIT, ISO 17799, ISO 27000, FISMA, HIPAA, ePHI and the new passed H
igh Tech Act).
Alliant Digital Services established a free web site to help disseminate informa
tion related to computer security. That site can be found at http://www.computer
-security-glossary.org.