Topic: How does one TRULY protect a computer from being hacked into?

[TechPro]

am I missing something?

You pretty well summarized the main points to it.

[DarkWing]

Even so, the router needs to know which computer to forward the hacker's connection to, which it can't without a forwarded port. My understanding is that HTTP, etc. gets through because the connection is triggered from the inside. Is this not correct?

Yes that's correct but in order for that to work the requesting computer (yours) must reveal it's IP to the server (website) so that the server can send the requested data.  That data is tagged with where it's headed and the router knows it's in response to a request.  What the router never truly knows, it how much of the data is what the requesting computer asked for the server/sender/website could include additional data/files/code and the router would think it was asked and thus let it through.  That's how "drive-by" hacking/malware/etc happens while users browse the Internet.

This is just one of the reasons (there are quite a few more) why good Anti-virus + Internet protection software is a MUST in addition to a good firewall.  There is no such thing as a truly secure method, and no such thing as a "immune" OS (despite what some may say).  There is only degrees vulnerability.

[Matthew]

Even so, the router needs to know which computer to forward the hacker's connection to, which it can't without a forwarded port. My understanding is that HTTP, etc. gets through because the connection is triggered from the inside. Is this not correct?

Yes that's correct but in order for that to work the requesting computer (yours) must reveal it's IP to the server (website) so that the server can send the requested data.  That data is tagged with where it's headed and the router knows it's in response to a request.  What the router never truly knows, it how much of the data is what the requesting computer asked for the server/sender/website could include additional data/files/code and the router would think it was asked and thus let it through.  That's how "drive-by" hacking/malware/etc happens while users browse the Internet.

This is just one of the reasons (there are quite a few more) why good Anti-virus + Internet protection software is a MUST in addition to a good firewall.  There is no such thing as a truly secure method, and no such thing as a "immune" OS (despite what some may say).  There is only degrees vulnerability.

"drive-by" hacking is not really hacking at all, it's malware infection. The most true definition of "hacking" requires no action by the target, everything is done to gain access remotely. Which can't be done for a computer behind a router because the computer doesn't exist on the internet, only the router. When a PC requests web data (or any other TCP connection), the router puts its own IP in the source header, and forwards the return data to the proper PC, using the specific dynamic port used by that connection to determine which PC to forward it to. You can't make another connection on that port (IE a hacking attempt) because the socket is already taken. Your only option is to trick the PC into downloading something else, which isn't hacking anymore, it's a virus.

Of course, if you have ports open (like, for example, a server does), all bets are off. Which is why servers can be hacked, they must be exposed to the internet to some extent in order to do servery stuff. Which is where a hardware firewall comes into play, going beyond the capabilities of a simple router to filter packets based on certain criteria. (For example, if it's not a valid HTTP request packet on port 80, burn it with fire).

I'm still learning about the intricacies of IP, so correct me if I'm wrong anywhere.

EDIT: I suppose theoretically you could spoof the source IP to trick the router into thinking it was part of the existing connection, but you'd then run into issues with how TCP sorts incoming packets and you'd end up dropping either the spoofed packets or the real packets because they were "duplicates". And as far as I know, web browsing rapidly opens and closes many different TCP sockets (one for every file? Or every page?) so the window is very small. Your best bet is still to downloading something "legitimately" in the sense that it is actually in the page and not just randomly inserted packets. There's still the problem that the receiving computer won't do anything with these spoofed packets because it's not what the browser was expecting (Unless you had a file larger than the MTU, then maybe you could insert it into the middle of the file, IE: Packet 1: File header + first 1/3, Packet 2: Spoofed packet containing malicious code, Packet 3: End of File). Either way, malicious content embedded in the web pages is a far greater threat than any kind of packet spoofing one might encounter. It's too much effort for too little reward. Plus, how is this hacker getting the session data in the first place? If he's sitting between the server and the client, he might as well just spoof the entire server connection. (Is he sitting in the ISP's hub or something?)

[Crash]

Well, the media calls DDOSing a goddam website hacking, which is just an insult to proper hackers with actual skill and knowledge.
It just depends how unnaturally far you want to stretch the definition.

[DarkWing]

I'm not going to quibble over the specific definition(s) of "hacking" and "malware" especially since both are used by the same nefarious people to obtain the same nefarious end results. 

The point was (and still is) what steps can a person take to protect or better protect their computers and their personal data, not the methodologies of IP and HTML spoofing.

Let's get back on topic.

Oh and by the way, IHateHackers, you said open ports is why servers can be hacked (which is correct) ... But you would have been more correct to state that's why (and how) any computer can be hacked.  Servers are typically a target more often (largest possible payoff for the hacker) and can be targeted at any time because they are usually on 24/7 and usually found at the same Internet address. However nearly ALL personal computers are much more vulnerable to hacking (the personal 'workstation' OS has far fewer security measures in place than most 'server' OS designs) and rarely have as many additional security steps applied to them.  ALL are susceptible to the same vulnerabilities if the operator doesn't avail himself/herself to the recommended security steps.

That is all.

[Matthew]

Well, of course, I didn't specifically say only servers can be hacked through open ports, that was really just an example. A clueless home user more than likely doesn't have any open ports, not knowing how to do so in the first place. But my point was that all servers can be hacked, because they are all open to the internet to some extent. Far fewer home PCs are going to be, but if they do have open ports then they, too, can be hacked in the traditional sense.

[VANGUARD]

They went to some counselor last Thursday; and in a nutshell, they're divorcing.

She is planning on buying a Mac, and hopefully not have him getting into her stuff. He's quite the expert in Windows, and I can imagine he would soon learn any type of computer soon enough.

[Matthew]

She should really get the authorities involved, seriously.

[NUMBERZero]

Yeah, if there is evidence that he was hacking or doing anything along those lines, the police would have no diplomacy with him.

[Matthew]

Yeah, if there is evidence that he was hacking or doing anything along those lines, the police would have no diplomacy with him.

Doesn't matter if she has evidence or not, report it. They can investigate and most likely find some evidence.