The two best things about those fast Internet connections you get from cable, DSL, and ISDN are that you don't have to dial a number to connect to the Internet, and they are also easy to share over a network. That's also the worst thing about them--the Internet's a two-way street, and when you've got always-on access to the Net, the Net has the same access to your hard disk. And as for networking... well, that presents its own set of problems, especially in the telecommuter home office and the satellite corporate bureau.

One of the most sobering exercises I've tried in the past couple of years was to run Network ICE's Black ICE Defender and read its report after a couple of days. I found that more than a dozen probes had been made on my PC--scripts that cycle through IP addresses looking for security holes to exploit. According to the report, I'd have been hacker bait if I'd accidentally downloaded BackOrifice or the UDP Trojan horse. The other sobering exercise was to visit Gibson Research's ShieldsUP site, and see how much information Windows networking provides to the outside world. Gibson Research uses a secure-socket connection to show what's open to the world, and is an educational site. But not every site equipped to probe your ports will be so benign.

All Along the Watchguard

OK, so there are the problems--always-on connections are an open door to intruders who are really out there, and Windows networking is not only tough to set up, it's insecure. Luckily, there's a single solution to both of these issues. It comes in a fire-engine red box called WatchGuard SOHO, a combination firewall and four-port Ethernet hub. WatchGuard SOHO is not only relatively inexpensive ($499 for a 10-user license), it's also easy to configure and provides a live updating service that renews the device's shields to keep out new forms of attack as they're discovered. With minimal configuration and no software drivers to install, it can physically accommodate four RJ45 Ethernet connections in addition to the one that hooks up to the cable/DSL/ISDN modem--and it's possible to daisy-chain other Ethernet hubs onto it to add more.

Setting up the WatchGuard SOHO product takes only a few short steps. Before plugging in the device, you visit a page on the company's Web site for detailed instructions on how to set up and configure the device. This involves disabling any proxy servers and noting your primary and secondary DNS servers before actually plugging the WatchGuard hub between your broadband modem and PC.

Installation is easy if your ISP uses dynamic IP allocation, but if your connection uses static IP addressing, you must feed your ISP-assigned IP address into the WatchGuard SOHO--a simple process that involves loading Web pages stored in the box. Then, you reconfigure Windows in each PC on the network to use DHCP so that your ISP sees a single IP address and your network uses dynamic addressing to route data to individual PCs.

The final part of setting up WatchGuard SOHO is to register for LiveSecurity, the company's update service. As with all configurations, this process involves opening a Web page lodged inside the firewall box itself. This service provides e-mail broadcasts, firmware updates, and other information for configuring small offices for security. From there on out, the WatchGuard experience is pretty much invisible; it handles security blocks and routes network traffic from the broadband modem to the network without a hitch.

And that's about all there is to ending the paranoia. Sure, if you need to hook your network up to a main office, you'll want to upgrade the service to include virtual private networking (a hefty $495 option). And if you hook up more than 10 people, you'll have to expand your license to include 25 or 50 seats. But apart from these issues, the only thing you need worry about is annual upgrades to your LiveUpdate. These cost $95 a year, and provide software upgrades to counter new and improved hack attacks. And after looking at a Black ICE Defender report, you'll be glad of anything that can keep those port probes from your PC.

Matt Lake has racked up experience in three major corporations and one branch of the government. He currently heads a small business near Philadelphia. This e-mail address is being protected from spambots. You need JavaScript enabled to view it