EZLAN.NET
Copyright © 2001-2008

Hardware and Software Specifications, Examples, Links, and other info. are valid at the publishing time. In case it become invalid use the Internet Search.

1st Published, Dec. 2004

Over 9,000,000 Hits Site Wide in 2007

 

 

 

 

  

Basic Protection for Broadband Internet Installation.

The following is not an inclusive solution for protecting all Internet connection installations, but rather a attempt to help Home and SOHO users to be reasonably safe in their Internet endeavors. 

Take into consideration that if you have something that is very desirable, and a "real pro" wants it, no matter what you do they probably will find the way in

In general, security issues at home and a small office installations involve.

1.  Unauthorized Internet traffic coming in (from the Internet to your computer).

2.  Unauthorized Information going out (from your Hard Drive to someone else Web Server.)  AKA software calling home.

3.  Accidental leakage.  Firewall left disable, computer left in DMZ etc.

Unauthorized Information going out is mainly a function of "spyware" and programs that are "calling home". Unfortunately, the amount of programs that are calling home is growing by the day.

The most common solution to share Broadband Internet connection is to use Cable/DSL Router (Wired or Wireless). 
When you use few computers to share one Internet connection, the information that comes from the Internet needs to know to which computer it belongs.  The main function of Cable/DSL Router is to Route the Internet signal to the requesting computer. This function is called Network Address Translation (NAT).

As result, information that came from the Internet in and was not requested by one of you LAN’s computers (like hacking attempts) does not know where to go, and it is blocked by the Router, hence NAT Firewall.


Since doing NAT is the core of the Router's function, NAT can not be switched off and the Firewall is always ON, thus All Entry Level Cable/DSL Routers by default are NAT-Firewall.  
Few more upscale Routers might have additional protection like Statefull Package Inspection (SPI).  Depending on your Security needs you should consider the type of Router that you need.

More here: Cable/DSL Routers - NAT & Ports.


 I would suggest to every one with Broadband Internet Connection (Cable, DSL. etc.) to   use a Cable/DSL Router, even if you are using only one computer connected to the Internet.

The price of an Entry Level Cable/DSL Router (as off  2005) starts around $15 (USA prices) For these $$$ you get an Hardware firewall that is a Great foundation for Protecting your computer system from "Trouble".


Cable/DSL Router is just a small part of the Security measures necessary for adequate protection.


When you are connected to a Website or downloading files, a lot of junk can get to your Hard Drive.  Since you requested the pages from the site the NAT Firewall will not block what comes in from this site.

 If the “Site Keeper” loaded the pages with  “Junk” it will get to your computer. 


So you have NAT-Firewall but you can end up with Viruses, Zombies, Trojan etc. "Dished" to you by sites that you visited on your own volition.


Since the NAT-Firewall blocks only Incoming, any communication initiated from any of your LAN’s computers will go out to the Internet, and will be answered.  As a result programs calling home, spywares, “zombies” etc. can communicate freely in lieu of the NAT Firewall. 

You will not be aware of these activities unless you monitor the communication locally with a software Firewall.


Most decent software Firewalls will alert you to existence of this communication, and will allow controlling it in various ways. (Unfortunately WinXP, and WinXP  Internal Firewall (ICF) is a "Basic Firewall"  and thus does not add anything to the Router’s protection. If you using a Cable/DSL Router you better off disabling ICF.) With the release of WinXPSP2, Windows Firewall was greatly improved but it is still not controlling outbound Traffic.

Frequent usage of programs like Ad-ware, and Trojan-Worm Scanners, will further secure the Network. (see more here: Internet Infestations.)


How much safety you need?

It is a matter of Surfing habits and personal preference.


In sum:  The Hardware Firewall provided by most Cable/DSL Routers, is an excellent tool.  However, it mainly secures the Incoming traffic, it does not stop information from going out. 

To secure the Outgoing traffic you need to add a good Software Firewall.

As a result, many Cable/DSL Router owners use the combination of Hardware (Router) + Software Firewall.


There are many Comprehensive Security suits available. Search the Internet for the term Software Firewall.

Personally I do not like any of the Behemoths that are currently Sold on the Market.

I rather add to the Windows native capacities small applications that are Not intruding on my system.

See this page for examples.

Link to: Free Security suit for Internet Connection Protection


You can check your system's security by logging to the following page, scroll down to the Hot Spots section, and click on Shields Up.

Link to:  Gibson Default Page.


If you are using Windows 2000, or Windows XP, additional Security measures can be achieved by using NetBEUI as the Default Protocol for Files, and printer sharing on your Network.

NetBEUI is s simple protocol that relies only on local computer names (no IPs to set), and thus it is not Routable to the Internet.  In other words, you Hard Drive content cannot be “shared” from your computers over an Internet connection if the Sharing protocol is NetBEUI

On a small Network 2-5 computer, using NetBEUI as the local sharing protocol improves somewhat the local “Speed” of transfer between your LAN computers.

Instructions to set NetBEUI: here


More about Security and keeping clean computers here:

Internet infestation

Basic Steps in cleaning Internet "Junk".

 


Copyright © 2001-2008 EZLAN.NET.  All Rights Reserved.
Home