Keep your doors locked tight with these security products. Business Advisor hed: Blanket security dek: keep your doors locked tight with these security products. by Matt Lake
It’s amazing how easy it is to ruin someone’s day. All it takes sometimes is a single off-the-cuff question. Take the fellow I was chatting with the other day about his snappy new cable Internet access. He was crowing about how he loved the speed and convenience, that he had two computers online at once, and best of all, he still had an open phone line.
I was happy for him. But then I asked him the fateful question, and his house of cards toppled. I didn’t think that the question–“What firewall are you using?”–was so bad … but then again, I wasn’t the one without a firewall. So I had to do a repair job on his sense of security-and fast. And here’s what I told him.
The back door’s open
When you have DSL or cable Internet access, you’ve got a huge access road connecting your computer to the Internet at large. And that access road is a two-way street. Your Internet connection is active whenever your computer is on–and that means that anyone with the right software can poke around your computer. And the right software is easy to come by–the Internet is riddled with port-scanning scripts that cycle through IP addresses at random, looking for a point of entry into your PC.
What can these hacking scripts do? To get some idea of your computer’s vulnerability, pay a call on Gibson Research’s Shields Up site www.grc.com. Click in succession on these two links: Test My Shields and Probe My Ports. Just be prepared to have your false sense of security shattered. Like any Web site, Gibson’s can read your computer’s IP address. But it has scripts on its pages that can detect whether NetBIOS networking is open to the Internet–making the contents of your hard disk and everything else on your network vulnerable to snoops.
Some computers already have software blockers in place–programs that will either prevent access through existing ports, or even put these connections into “stealth” mode. With these safeguards in place, you can feel pretty secure. But if you don’t have them, the quickest and least expensive way to put up a firewall is to download the free and effective Zone Alarm software from Zone Labs www.zonelabs.com. The software is free for individuals and nonprofit companies, and $40 for use in businesses.
Zone Alarm keeps a log of any attempted access to your system. And that’s quite a lot–dozens of port-probing attempts per day, usually from automated software some script kiddie downloaded from a hacker site. Almost none of these attacks will ever result in unauthorized access to your computer. They’re mostly hobbyists or social maladapts with nothing better to do with their time and Internet connections. But the sheer volume of activity may result in something someday, so it’s wise to cover your assets with a firewall.
The trouble with firewall software is that it needs to be running on all Internet connected computers, and that takes its toll on your system resources. Zone Alarm also tends to be a little fussy. It kicks up dialog boxes the first time you run any Internet-connected program asking for confirmation, which is a bit of a nuisance, especially when it asks less network-aware people if the program can act as a server (which of us knows the full implications of that question? Not me!). And when the program’s icon blinks, you’re instantly thrown into a panic.
A good hard firewall
Hardware firewalls used to be the kind of thing that IS departments in big corporations worried about. Nowadays, you can get them for under $200 with a built-in network hub. Linksys is probably the best-known manufacturer of broadband routers, but I uncovered a good alternative from SOHOware-the BroadGuard Secure Cable/DSL Router. This box-model number NBG800-provides Ethernet connections for up to four computers and hooks straight up to a broadband modem through a fifth Ethernet port.
In addition to providing a single Internet connection for multiple computers and routing data across the network, the BroadGuard router provides a full firewall. Whereas many broadband routers limit their security offerings to network address translation (NAT), the BroadGuard router provides stateful packet inspection (SPI), which blocks data movement from attempted hacks, and prevents denial-of-service attacks. But the router does permit virtual private networking (VPN), which many site and home-office workers use to hook up securely to an enterprise server.
The biggest stumbling block to any consumer-level networking product is the aversion that even sophisticated computer users have to networking. I’ve seen database gurus and hardcore applications programmers freeze like Bambi in headlights when asked if their broadband access uses fixed or dynamic IP addresses. And that’s the first thing you need to know when setting up the BroadGuard router. SOHOware’s installation guide requires a serious rewrite for broadband subscribers with static IP addresses. All the information’s there, but it’s not in an easy-to-follow order, which will confuse anyone without networking expertise. But for the more common dynamic IP assignment, it’s a pretty straightforward setup-no serious background in IT required.
The installation steps involve collecting the host and domain names your broadband service provider assigned you (all the steps are provided clearly in the manual) and in some cases, some IP and gateway addresses, too. You then enter a special URL in your Web browser to open the controls for the browser–this isn’t a Web site, but pages stored in the router itself. You then plug the host and domain information into a form on the router’s Web page and you’re set. You can even “clone” the ID of your network card, if your ISP uses this to verify your log-in to its services.
From there, you just plug any Ethernet-enabled computer into the BroadGuard router, enter the router’s IP address into the computer’s gateway setting, and you’re sharing a broadband connection. The instructions for setting up the network connections are very straightforward–even to a network-phobe like me. Although there’s a physical limit of four Ethernet ports on the device, you can daisy-chain other routers to increase access to up to 253 computers sharing the same Internet account (just don’t tell your access provider about it!).
Safe and sound
The BroadGuard Secure Cable/DSL Router operates as a strictly plug-and-play device once it’s been programmed with the host and domain name your broadband modem expects. But it’s easy to tweak the security settings from any computer on the network. It’s simple to arrange–the router has its own permanent IP address, which you enter in any Web browser. A standard user name and password box pops up, which you fill out to get to the router’s Web-based control panel.
Here, you can enter an e-mail box where the router can send any alerts you may wish to receive–such as when someone tries to hack your system. You can also set up other controls, such as blocking access to URLs you don’t want people visiting on company time, a setting that requires you to match blocked URLs to computers on your network.
However, the finicky settings are definitely the ones that people will use least often. In general, SOHOware’s BroadGuard router is a snap to set up and use, and restores a sense of security that’s no longer a false one. If you’re a belt-and-suspenders type, you can run Zone Alarm and a virus scanner such as Norton AntiVirus to add an additional layer of security from unwanted attacks. But since setting up the BroadGuard router, I’ve seen no activity whatsoever in my Zone Alarm logs. And a visit to Gibson’s Shields Up site generates more of a smug grin than the rictus it used to.
But the proof of the system is written all over the face of the fellow I stopped short with my firewall question. He’s now crowing about his cable Internet access again-and adding how his firewall router makes it secure against hackers.