To protect your home computer systems from the Dark Side of the
Internet, you'd like the ideal firewall to play Jedi mind games with
potential intruders. Each time some cracker probes your network it
would say, with a curious little hand gesture, "Move along. There's
nothing to see here." And the cracker would go away, bemused.
Not so long ago only corporations, universities, and government
agencies needed to worry about network intruders and malicious
crackers. Individual surfers and small/home office workers didn't
present interesting targets for the bad guys; and besides, their
dial-up Net connections made them hard to pin down in the crackers'
A couple of trends are changing this picture. First, public entities
are getting educated fast about the need to take security
precautions on the Internet -- so the interesting targets are
getting harder to attack. (The bad guys aren't in danger of running
short of public victims any time soon, though.) Second, the
exploding numbers of high-speed residential Internet connections --
via DSL and cable modem -- make the population of home users both
attractive and more vulnerable to Internet intruders.
Let's consider, for example, a home computer connected to the Net
via a cable modem. There are three reasons why a bad guy will find
it easy and rewarding to probe or attack such a system.
- The system (probably) has a fixed Internet address, whereas one
that dials in over a standard modem gets a different address each
- The high-speed connection presents a more attractive platform to
use for launching further attacks, sending spam, serving up porn,
trading warez, and doing other things you would rather your ISP
not suspect *you* of doing.
- The cable-connected computer is more likely to be powered up and
online at all hours of the day or night.
Internet hackers/crackers scan home systems regularly for any kind
of vulnerability; cable-modem and DSL systems typically are visited
with multiple scans every day.
If you're running an always-on, high-speed Internet connection at
home -- especially if it serves a local network of several computers
-- you're going to want to get smarter about firewalls and security.
While there are some simple precautions you can take, knowledge will
be your best defense over the long run. The bad guys aren't getting
The very first stop on your educational journey should be
Steve Gibson's "Shields Up!" site.
Its information is copious,
authoritative, and free. The site offers a quick test to see if your
Net-connected computer is vulnerable to certain attacks. Passing
does not mean you're in the clear, but failing certainly means that
you're inviting trouble.
If your computer is running Windows, your next stop should be
covering four software-based
Windows firewall products. None is free but all are cheap. (Gibson
promises to develop a free firewall as soon as he has the time.) One
highly rated such product is
Gibson gives it
high marks but finds it overly sensitive to false alarms.
If you run a home network of computers and printers, you may want
to plug the DSL or cable wire into a single box that can provide
firewall protection and let all the other machines share the fast
connection. A couple of commercial products aim to fill this niche:
Cobalt Qube and the
Rebel.com Office Server. Both run
the Linux operating system, and both offer
from the comfort of your Web browser. These
products need to come down in price before they'll be big sellers
in the residential market: prices are in the $1000-1500 range.
Linux and other free Unix variants can run quite happily on a 486
chip. If you're both adventurous and budget-constrained, you could
outfit an old 486 or Pentium box with Linux or FreeBSD and configure
your own firewall/gateway. If you go this route you'll find that
technical help is plentiful and of high quality. Good starting
points are Robert Ziegler's
free tool for configuring Linux firewalls and Dan Langille's
diary of his FreeBSD education.