This article was written by Keith Dawson for's DigitalMASS Internet column. It is archived here for informational purposes only because it no longer appears on the DigitalMASS site. This material is Copyright 2000 by

Shields up!

Keith Dawson

To protect your home computer systems from the Dark Side of the Internet, you'd like the ideal firewall to play Jedi mind games with potential intruders. Each time some cracker probes your network it would say, with a curious little hand gesture, "Move along. There's nothing to see here." And the cracker would go away, bemused.

Not so long ago only corporations, universities, and government agencies needed to worry about network intruders and malicious crackers. Individual surfers and small/home office workers didn't present interesting targets for the bad guys; and besides, their dial-up Net connections made them hard to pin down in the crackers' crosshairs.

A couple of trends are changing this picture. First, public entities are getting educated fast about the need to take security precautions on the Internet -- so the interesting targets are getting harder to attack. (The bad guys aren't in danger of running short of public victims any time soon, though.) Second, the exploding numbers of high-speed residential Internet connections -- via DSL and cable modem -- make the population of home users both more attractive and more vulnerable to Internet intruders.

Let's consider, for example, a home computer connected to the Net via a cable modem. There are three reasons why a bad guy will find it easy and rewarding to probe or attack such a system.

  • The system (probably) has a fixed Internet address, whereas one that dials in over a standard modem gets a different address each time.
  • The high-speed connection presents a more attractive platform to use for launching further attacks, sending spam, serving up porn, trading warez, and doing other things you would rather your ISP not suspect *you* of doing.
  • The cable-connected computer is more likely to be powered up and online at all hours of the day or night.

Internet hackers/crackers scan home systems regularly for any kind of vulnerability; cable-modem and DSL systems typically are visited with multiple scans every day.

If you're running an always-on, high-speed Internet connection at home -- especially if it serves a local network of several computers -- you're going to want to get smarter about firewalls and security. While there are some simple precautions you can take, knowledge will be your best defense over the long run. The bad guys aren't getting any dumber.

The very first stop on your educational journey should be Steve Gibson's "Shields Up!" site. Its information is copious, authoritative, and free. The site offers a quick test to see if your Net-connected computer is vulnerable to certain attacks. Passing does not mean you're in the clear, but failing certainly means that you're inviting trouble.

If your computer is running Windows, your next stop should be Gibson's detailed review page covering four software-based Windows firewall products. None is free but all are cheap. (Gibson promises to develop a free firewall as soon as he has the time.) One highly rated such product is BlackIce Defender; Gibson gives it high marks but finds it overly sensitive to false alarms.

If you run a home network of computers and printers, you may want to plug the DSL or cable wire into a single box that can provide firewall protection and let all the other machines share the fast connection. A couple of commercial products aim to fill this niche: the Cobalt Qube and the Office Server. Both run the Linux operating system, and both offer easy setup and administration from the comfort of your Web browser. These products need to come down in price before they'll be big sellers in the residential market: prices are in the $1000-1500 range.

Linux and other free Unix variants can run quite happily on a 486 chip. If you're both adventurous and budget-constrained, you could outfit an old 486 or Pentium box with Linux or FreeBSD and configure your own firewall/gateway. If you go this route you'll find that technical help is plentiful and of high quality. Good starting points are Robert Ziegler's free tool for configuring Linux firewalls and Dan Langille's diary of his FreeBSD education.