ADSL and the opportunistic hackers

ADSL may mean faster Net access and 'always-on' connection, but there are dangers. Will Knight reports.

British security experts predict a sharp rise in the number of computer attacks on individual Internet users with the introduction of always-on ADSL Internet access.

The concern is that users with a fixed IP address and a permanent Internet connection that never gets switched off, could open the door for hackers even on an individual user's computer.

Despite the concerns, BT insists it has "assessed all the risks of always-on connections" and claims that "the security risk with a great of ADSL use is negligible." In fact BT's rollout of ADSL -- BTOpenworld -- will provide firewall security for both business and individual users.

Unfortunately, if you are not getting your ADSL service from BT, the situation can be quite different. When the service is available it will be up to individual ISPs to decide what level of security is provided. "Others [ISPs] will have to satisfy themselves that they have provided sufficient security for their users," the BT spokesman says.

The different security offerings from individual ISPs could leave many users potentially in vulnerable circumstances according to Internet Security Systems spokesman, Kevin Black. "Users who think that they are completely secured by the actions carried out by their ISP may well find out that they are not. You have to be aware of the potential of someone gaining access to your computer," says Black.

And Black's concerns seem prudent. The experience in Israel, where ADSL has been available to residential customers for some time, has resulted in a number of horror stories where malicious hackers have wreaked havoc with home PCs. A representative of Israeli security firm Finjan, warns the same could happen in Britain.

The representative suggests that protection at service provider level will do little to prevent a "dramatic increase" in hacking activity and especially the number of attacks on ordinary home users in Britain. "The tools are getting more and more simple to use," he says. "I think that there will be a lot more novice activity."

Similar tales of security alarms with ADSL emerge from the US and one recent study concluded that as many as one in four broadband PCs in the US are "highly vulnerable" to hack attack.

Independent security consultant Ian Johnston-Bryden says users need to recognise whether or not they could become potential targets. "The only way there is a real risk is if someone has decided to do all their banking electronically and have a bank account worth raiding," he adds. "Otherwise the hacks can just be an irritation." However, common sense, argues Johnston-Bryden puts small businesses in most danger. "The risk is, that if a small company gets an ADSL connection on one machine and then connect that to a number of other machines. Then if someone hacks them they could exploit something of commercial value."

BT's spokesman agrees that security remains the principle responsibility of the user. "Many of the threats are driven by what applications people are using. If they're doing something such as hosting a Web site then they are going to be vulnerable," he says.

There are a number of solutions that individual Internet users could employ to try to prevent this sort of attack: anti-virus software, personal firewalls and even up-to-the-minute personal intrusion detection software.

Black recommends the use of personal firewalling software on top of the protection offered by an ISP.

Tony Westbrook investigates the perils of an 'always on' Internet connection and decides its high time he set up his own personal firewall to keep the creeps at bay...

Can you offer any further advice on the security risks of ADSL connections? Have you had your personal machine hacked? Tell the Mailroom

Take me to Hackers

Check out ZDNet's Interactive Broadband Guide