Previous Article WWWiz Home Next Article

Technology

Safe  Surfing: Putting Up Firewalls at Home

 By Louis Columbus (louiscolumbus@wwwiz.com)

 Rejoicing that your PC at home now has a DSL or cable  modem connection, you sit at your system, riveted at the speed over the slower  28 or 56K modem speeds you had experienced before.  After the first four-hour session of  surfing at warp speed you think to yourself, ``I can just leave this system on  all the time and even retrieve files from work! This is going to be great!"  Off you trot to work the next day,  system online.

          There is an emerging class of hacker who strives to capitalize on the  security shortfalls inherent in systems designed for the home.  Face it: the majority of the systems in  homes were not built for the level of security an active IP connection  requires.  The intent of this  article is to provide you with the tools to protect your always-connected  system. These tools were once only known to hackers and major system  administrators, yet with home-based PCs on high-speed Internet connections, a  market has emerged for home firewalls.

 Who's at Risk?

 

Cable modem and DSL users present an attractive  target to hackers, especially if you leave your computer on and connected all  the time. Dedicated IP numbers and persistent connections give hackers much more  opportunity to explore systems, plus the ability to return to a hacked system,  because it maintains the same IP address.

          What you do on the Internet can also have an effect on the likelihood of  your system getting targeted. If you hang out on IRC chat channels or  newsgroups, and especially if you tend to get into online squabbles or like to  flame, your odds of attracting attention are greatly increased.  Several attacks locally to members of  the @Home system were carried out by high-tech vigilantes tracking down verbally  aggressive members of chat groups.

          If you are a dial-up ISP user who connects to the Internet for short  periods of time to send and receive email and browse mainstream Web sites, your  odds of getting hacked are probably not that high. But if your system has open  access to file sharing, or other points of entry, you will be advertising  yourself to any hacker searching your neighborhood on the Net, using the very  same techniques as the online security services use to test your system.

          How Do the Personal Firewall Products  Work?

 These services perform TCP port scans of the systems  they are evaluating, as well as checking for a few well-known vulnerabilities  such as open file sharing access. The services range from a fairly basic 10-port  scan performed by Shields Up from Gibson Research  Corporation, to a very thorough 2,000-port scan including UDP ports, Web and  email vulnerabilities from HackerWhacker.   Be sure to check out the  HackerWhacker Web site; it is full of pertinent  information.

Easy-to-implement firewalls suitable for small  businesses and individuals have also begun to pop up. Among the leaders: the $40  BlackIce Defender from Network Ice and the  $60 Norton Internet Security 2000. Both  of these programs are easy to install, and both handle the bulk of the security  work without any help from you, so they're ideal for the resource-short small  business and home user.  I recently  purchased BlackIce Defender from the Network Ice Web site and had it up and  running in less than 10 minutes.  It's a great tool for a first line of defense against hackers and others  who periodically scan cable modem and DSL connection points in an effort to  discover unprotected IP addresses.

What does BlackIce do? It checks your network card,  and watches for suspicious activity. If it notices something, it warns you. And  if it detects an attack, it's supposed to block that attacker from carrying out  his attack, but not interfere with anyone else. For example, if you run a Web  server and BlackIce detects an attack, it is supposed to stop the attack but  allow everyone else through to your server. If your home machine is attacked,  it's supposed to protect your machine while you continue  surfing.

In the first week after installing BlackIce, I  detected probes from amateur hackers trying to find open IP addresses and ports  on my system and my provider checking for servers running throughout the  network.  My provider's license  agreement prohibits me from running a server, and the provider checks  periodically to make sure everyone on the networks is abiding by the agreement.

 Putting a firewall on your PC is a lot  like getting a security system in your home.  It's a measure of prevention that is  relatively inexpensive for the benefits and peace of mind it provides.  Take a look at the white papers and  documents on the sites mentioned here and consider getting a firewall up and  running.  The need for security  online is a small price to pay for the sizeable performance gains in access  speeds.  The technology being used  in the firewalls of today can meet the challenge of today's hacking tools, yet  security will continue to be a moving target which needs to be addressed  continuously.

 

Louis Columbus is  director, market research for Zland.com and regularly writes on Internet and  technology topics.  He has 10 books  published and more than three dozen articles.  His latest book is Administrator's Guide  to Electronic Commerce with H.W. Sams Publishing  Company.

 Online Security Tips

 Install a personal firewall as quickly as  possible.  BlackIce Defender is  very easy to work and reliable, and provides the option of setting the level  of security you want to enforce.

 If at all possible do not leave your system on  24/7.  Turn it off when not in  use, and if you have to leave it on, unplug the cable modem when you are not  online.

Be a good Netizen.  Don't send flame mails and especially  don't incite flame wars in newsgroups.

 If you are running a MacOS, look at Net Barrier  located at http://www.intego.com/

  

horiline

Copyright (C) 1998 WWWiz Corporation - All Rights Reserved
Phone: 714.848.9600 FAX: 714.375.2493
WWWiz Web site developed and maintained by GRAFX Digital Studio

Previous Article Next Article
WWWiz Home