Safe Surfing: Putting Up Firewalls at Home
By Louis Columbus (firstname.lastname@example.org)
Rejoicing that your PC at home now has a DSL or cable modem connection, you sit at your system, riveted at the speed over the slower 28 or 56K modem speeds you had experienced before. After the first four-hour session of surfing at warp speed you think to yourself, ``I can just leave this system on all the time and even retrieve files from work! This is going to be great!" Off you trot to work the next day, system online.
There is an emerging class of hacker who strives to capitalize on the security shortfalls inherent in systems designed for the home. Face it: the majority of the systems in homes were not built for the level of security an active IP connection requires. The intent of this article is to provide you with the tools to protect your always-connected system. These tools were once only known to hackers and major system administrators, yet with home-based PCs on high-speed Internet connections, a market has emerged for home firewalls.
Who's at Risk?
Cable modem and DSL users present an attractive target to hackers, especially if you leave your computer on and connected all the time. Dedicated IP numbers and persistent connections give hackers much more opportunity to explore systems, plus the ability to return to a hacked system, because it maintains the same IP address.
What you do on the Internet can also have an effect on the likelihood of your system getting targeted. If you hang out on IRC chat channels or newsgroups, and especially if you tend to get into online squabbles or like to flame, your odds of attracting attention are greatly increased. Several attacks locally to members of the @Home system were carried out by high-tech vigilantes tracking down verbally aggressive members of chat groups.
If you are a dial-up ISP user who connects to the Internet for short periods of time to send and receive email and browse mainstream Web sites, your odds of getting hacked are probably not that high. But if your system has open access to file sharing, or other points of entry, you will be advertising yourself to any hacker searching your neighborhood on the Net, using the very same techniques as the online security services use to test your system.
How Do the Personal Firewall Products Work?
These services perform TCP port scans of the systems they are evaluating, as well as checking for a few well-known vulnerabilities such as open file sharing access. The services range from a fairly basic 10-port scan performed by Shields Up from Gibson Research Corporation, to a very thorough 2,000-port scan including UDP ports, Web and email vulnerabilities from HackerWhacker. Be sure to check out the HackerWhacker Web site; it is full of pertinent information.
Easy-to-implement firewalls suitable for small businesses and individuals have also begun to pop up. Among the leaders: the $40 BlackIce Defender from Network Ice and the $60 Norton Internet Security 2000. Both of these programs are easy to install, and both handle the bulk of the security work without any help from you, so they're ideal for the resource-short small business and home user. I recently purchased BlackIce Defender from the Network Ice Web site and had it up and running in less than 10 minutes. It's a great tool for a first line of defense against hackers and others who periodically scan cable modem and DSL connection points in an effort to discover unprotected IP addresses.
What does BlackIce do? It checks your network card, and watches for suspicious activity. If it notices something, it warns you. And if it detects an attack, it's supposed to block that attacker from carrying out his attack, but not interfere with anyone else. For example, if you run a Web server and BlackIce detects an attack, it is supposed to stop the attack but allow everyone else through to your server. If your home machine is attacked, it's supposed to protect your machine while you continue surfing.
In the first week after installing BlackIce, I detected probes from amateur hackers trying to find open IP addresses and ports on my system and my provider checking for servers running throughout the network. My provider's license agreement prohibits me from running a server, and the provider checks periodically to make sure everyone on the networks is abiding by the agreement.
Putting a firewall on your PC is a lot like getting a security system in your home. It's a measure of prevention that is relatively inexpensive for the benefits and peace of mind it provides. Take a look at the white papers and documents on the sites mentioned here and consider getting a firewall up and running. The need for security online is a small price to pay for the sizeable performance gains in access speeds. The technology being used in the firewalls of today can meet the challenge of today's hacking tools, yet security will continue to be a moving target which needs to be addressed continuously.
Louis Columbus is director, market research for Zland.com and regularly writes on Internet and technology topics. He has 10 books published and more than three dozen articles. His latest book is Administrator's Guide to Electronic Commerce with H.W. Sams Publishing Company.
Online Security Tips
Install a personal firewall as quickly as possible. BlackIce Defender is very easy to work and reliable, and provides the option of setting the level of security you want to enforce.
If at all possible do not leave your system on 24/7. Turn it off when not in use, and if you have to leave it on, unplug the cable modem when you are not online.
Be a good Netizen. Don't send flame mails and especially don't incite flame wars in newsgroups.
If you are running a MacOS, look at Net Barrier located at http://www.intego.com/
Copyright (C) 1998 WWWiz Corporation - All Rights Reserved