In the early days of Internet access and email, online communication held so much novelty that you could send a message to almost anyone with an address and receive a reply. That openness and digital naivete succumbed to spam and malware. Attacks on unprotected computers can enroll them in botnets that disrupt global commerce and communications. To defend your systems against attempts to overrun and misuse them, start by setting them up to differentiate good incoming data from bad.
Bogus Data Packets
An unprotected computer attached to an equally unprotected network attracts data packets sent using falsified IP address information. These spoofed addresses make intrusion attempts look like the welcome input of a trusted user from inside your network. A computer that can't validate the source of the data may accept the source and the incoming information as genuine, unable to differentiate between safe, trusted documents and a malware payload. Malware can make your system send out data -- including your confidential personal information -- without your authorization to do so, and can make your system vulnerable to hackers who use it to send out spam or engage in attacks on computer networks.
Protecting Network Territory
To implement anti-spoofing protection for a computer network, you turn on the corresponding detection and blocking features of your software or hardware firewall. These features rely on a complete list of the names and addresses of the parts of your network. When incoming data reaches the firewall, the protective interface checks the information to verify that it actually comes from the source it claims. If all the identifying marks don't match, the firewall rejects the data as forged and untrustworthy, shielding you from a potential attack. To enable these protections, you find and activate the anti-spoofing settings in your firewall's management software, identifying the topology -- whether the protective interface leads in from or out to the Internet -- and the addresses of the devices on your network. You select the extent of the protection you want for each item on the list of devices, including network hardware as well as computers.
Spoofing extends beyond attempts to attack networks. You may be most familiar with the form that shows up in your email inbox. These messages appear to come from a safe, familiar source, including a company or person you trust. Sometimes spoofed messages list the sender as your own email address or another address on your domain. In conjunction with phishing attacks, these messages provide links to allegedly critical information about package shipments, bank-account security breaches and other emergencies. These details alarm most people enough to overwhelm their cautious response to unverified claims. To enable protection against these forms of spoofing, you can turn on the junk-mail filters in your email client software and set them to quarantine, delete or redirect any suspect messages, or simply place them in a Junk folder so you can peruse them yourself. If you receive your email through Web domain you host yourself, you may be able to activate spam filtering through your hosting service and mail provider.
Protecting yourself against spoofing, phishing and other attempts to gain unwelcome access to your computer infrastructure requires ongoing vigilance to deter new forms of malware or new versions of hostile tactics. Firewall-software updates help these products continue to withstand new forms of attack. Operating-system updates include critical security patches. Anti-virus and anti-malware products rely on updated definitions to identify and repel new attack sources. Along with the products you use, the most important component in your protective scheme consists of your own alert response to suspicious inputs. If you condition yourself to question the legitimacy of unexpected requests for action or information, you can play a critical role in your own digital defense against spoofed intruders.
- SonicOS 5.6: MAC-IP Anti-Spoof
- Kivox White Paper: AGNITIO's Anti-Spoofing Technology
- Intel: Intel 82599 SR-IOV Driver Companion Guide
- Check Point Software Technologies: Creating a Strong Firewall Security Policy
- GFI MailEssentials: Anti-Spoofing
- Juniper Networks: Configuring Anti-Spoof Settings in Intrusion Detection and Prevention Devices (NSM Procedure)
- Check Point CCSA Exam Cram: Defining Security Policy with SmartDashboard: Sean Walberg and Simon Desmeules
- Cogmotive: Office 365 Anti-Spam Settings
- Symantec: Detecting Potential Attacks and Spoofing Attempts
- FirewallBuilder: 14.2.6. Anti-Spoofing Rules
- Ciaran Griffin/Photodisc/Getty Images