By Hanz Makmur March 20. 2001
As a result of living in the age of the fast moving Internet, having an always ON broadband connection at home has become desirable. To some users, having the ability to keep network interlopers away and share this broadband connection securely with other computers has also become a necessity. Fortunately there are a few things you can do to keep your data secured and to share your broadband connection with multiple computers at the same time.
There are many hardware and software products you can use to protect your computer from outside attacks. Software solutions are normally intended to protect one computer and hardware solutions are intended to protect the whole home network. A mix of both solutions provides users with stronger security.
Please note that this document is intented to show you steps you need to take to secure your home broadband network. If you would like to learn about getting a broadband network, see: GETTING BROADBAND ACCESS FOR HOME document first.
Internet Gateway Software
Software solutions are an immediate
solution and can provide a good degree of protection if configured
properly. The software runs on one of your computers which must be
turned on to share your broadband network. It also requires an
additional hardware such as a network hub, and additional Ethernet
card on the computer running the gateway software. Additional
security software may be required to keep the internet gateway
computer safe against network attacks from the Internet.
The complexity of the
software configuration and the requirement of additional computer to
run it, makes this solution undesirable for most
people. Similarly unappealing, once all
costs are added up however, this solution could be considered an
expensive solution.
The picture below shows a typical software based shared home network. It uses a computer as the Internet Gateway. The gateway is connected via an Ethernet interface to a network hub. Additional computers can be connected to the hub to share access to the Internet. In order for the whole configuration to work seamlessly, the gateway machine must also run a DHCP server in addition to its firewall and routing software. The Internet Gateway computer must also run specialized software to act as a print server for the rest of the computers.
Typical software based shared home network configuration
Security wise, the software solution may require additional software to keep the Internet Gateway itself secure. Because many uncertainties and possible mistakes during software programming and installation, you are suggested to use the hardware solution described below if you can afford to spend additional $100 - $300 on hardware. We recommend you use a software solution only if you have intimate knowledge of all the component software.
|
Samples of available Home Internet Gateway software |
|
|
Operating Systems |
Software Name |
|
MacOS |
Vicom Internet Gateway ($99) |
|
Windows 98SE, ME, 2000 |
HomeNetworking, ($free) |
|
Linux |
|
Internet Gateway Hardware
Hardware solutions cost more in the
immediate term compared to the software solution. However, when one
actually looks at the final configurations, this solution is a more
efficient and reliable solution. With the software solution, it is
possible for the computers in the local network to lose access to the
Internet whenever someone uses the Internet Gateway computer. This is
not the case with a DSL/Cable Modem router.
Typical hardware based shared home network configuration
The picture above shows a typical hardware based shared home network. It uses a single DSL/Cable modem router which typically comes with multiple switch ports, firewall software and a builtin DHCP server. Special versions of the router also come with Wireless Access point for wireless clients. The router basically replaces the need for the software, a hub, and the additional computer required in the software solution. This solution is simpler than software solution and is more reliable. Some DSL/Cable modem routers can also act as a print server. Connecting your parallel printer to the router gives you the ability to print remotely to the printer from any machines in you home network via TCP/IP protocol.
|
Samples of available Hardware. |
|||||
|
DSL/Cable Modem Router |
|
|
|
|
|
|
Descriptions |
|||||
|
# switched ports |
4 - 10/100 Mb/s |
4 - 10/100 Mb/s |
4 - 10/100 Mb/s |
4 - 10/100 Mb/s |
44 - 10/100 Mb/s |
|
Wireless Access |
No |
No |
Yes |
No |
Yes |
|
Cost |
|||||
|
Provide firewall |
Yes |
Yes |
Yes |
Yes |
|
|
Print server 1 |
No |
No |
No |
Yes |
Yes |
|
Management |
Web based |
Web based |
Web based |
Web based |
Web based |
|
Max. Users |
253 |
253 |
253 |
253 |
253 |
|
Failsafe Analog Modem option2 |
No |
No |
No |
Yes |
Yes |
|
VPN Support |
Yes |
Yes |
Yes |
Yes |
Yes |
|
PPPoE for DSL |
Yes |
Yes |
Yes |
Yes |
Yes |
|
1Allow you to attach a
parallel printer and share it with all your local
computers. |
|||||
It is important to note that we have not tried and used all
hardware below. We have some experiences with the LinkSys and SMC
brand of Cable/DSL routers and are very happy with
them. I would like to add a note of caution for
wireless DSL/Cable modem router users. The wireless part of
the router will need to be configured correctly.
Default factory setup is not secure. You
will need to add restrictions to your router to prevent other people
from accessing your broadband network. Many people do not pay
attentions to this issue and as a result many wireless network become
easy targets for people looking for network access.
See: The
Wireless Underground San Francisco's Free Computer Networks
|
Summary of Software and Hardware Solutions |
||
|
Solutions: |
Software based |
Hardware based |
|
Pros: |
|
|
|
Cons: |
|
|
The above table shows a summary of the available solutions to keep your home network secure. The argument for choosing hardware solutions is very strong. Most hardware solutions, with the exception of wireless DSL/CableModem router are easy to setup. These boxes come with plug and play simplicity. All you have to do is follow the picture and you are all set. We recommend you use a software solution only if you have intimate knowledge of all the software components.
Personal Firewall
Software
Security of your data should be placed
at the top of your priority when connecting to a broadband
network.The solutions provided by a DSL/CableModem router is normally
enough to keep your computers away from uninvited guests. The quality
of security achieved from the software solutions however, depends on
how you configure the software and your knowledge on computer
security. With this in mind, you are also suggested to add a
software firewall on your home computers even if you already have a
hardware solutions. Two locks are always better than one. Below
you will find some information on popular personal firewall software
you can get to add additional security to your home
computers.
|
Samples of available Personal Firewall software |
|
|
Operating Systems |
Software Name |
|
MacOS |
NetBarrier
$49.95 |
|
Windows 98SE, ME, 2000 |
Tiny
Personal Firewall (free for home use) |
|
Linux |
|
Virus Threats
Computer virus can get in to your
computers in many ways even if you have a good and strong firewall.
There are over 53,000 viruses that exist today on PC platform that
could destroy your data, rendered your computer useless, distribute
your data to the Internet and attack other computers even if you are
behind a firewall. These
viruses get distributed from the Internet via email, during web
browsing, file exchanges etc. without the user’s
knowledge. The only way to protect your
computer from these viruses is by installing anti-virus software. To
learn more about computer viruses, see: Symantec Virus
Encyclopedia or McAfeee
Virus
Information Library.
There are many anti-virus programs that exist out there. Rutgers University has chosen to site license Trend Micro Solution Office Scan for Windows. This products are available at http://software.rutgers.edu for free use by Rutgers faculty, staff and students. It may be installed on any Rutgers owned PC or PC's personally owned by faculty, staff, and students. Distribution of this software to non-Rutgers affiliated persons is prohibited.
Below you will find a table listing a sample of available Anti Virus software. These software do the same thing in common. They protect your computer data from virus threats.
|
Samples of available Anti Virus software |
|
|
Operating Systems |
Software Name |
|
MacOS |
VirusBarrier
$49.95 |
|
Windows95/98/SE/ ME/2000/XP |
Norton AntiVirus 2001 $39.95 |
|
DOS, Windows95/98 |
Data Rescue F-PROT $free |
For more info on see: How to Protect Againts Computer Virus
Privacy
Issues
Data security is important to users
especially when data stored in home computers tend to be personal in
nature. With that in mind, I would like to bring the light the issue
of software that steals data without users' knowledge.
There are rumors that many software monitors users activities on the Internet and sends a report back to the vendor that created the software. Some vendors collect user's activities or other data and sends them back to the vendor that created the software without user's knowledge. Reported vendors that do this data gathering include Netscape, RealNetworks, and AOL.
Internet Browsers leave data on your computer called a 'Cookie' as you visit certain websites or purchase something on the Internet.A Cookie can be used for a legitimate purpose however, there are cookies that are used to track your activity as you go from one Internet location to another. Every time you click on banner advertisements or links, data could be collected. The data collected can be used to target advertisements or anything the vendor likes to do with them. See: http://www.naviant.com/Products/eTargeting/eTargeting.asp. These activities could violate your rights of privacy and generate unwanted emails.
Fortunately there are a few ways to protect you from these trackers. One method is by using Ad-Aware. Ad-aware is a free multi spyware removal utility, that scans your memory,registry and hard drives for known spyware and lets you remove it safely. This program removes ‘spyware’ installed in your computer without your knowledge to track your Internet activities.
To protect your privacy, you should carefully consider which ‘cookies’ to accept when you browse the Internet and install a personal firewall software. Firewall software, like ZoneAlarm could also help prevent any data being sent from your computer without your permissions.
Another method is to refuse advertisements all together. Removing advertisements not only speeds up your browsers, it also keeps you from unnecessary spending and protect your privacy. To remove banner advertisements, all you have to do is to follow the instructions set in: Web Ad Blocking instruction.
Conclusion
When you connect your home computers to
the Internet, "Be Afraid and be very afraid." You have to make
sure that every possible means to protect your data is in place. This
is one time that you can not be cheap. There are many ways to protect
your data and they are outlined in this document. A hardware
DSL/CableModem router is recommeded. Additional personal firewall and
antivirus software installed on each computer at home as well as
careful 'cookie' acceptance are highly recommended. Again,
we recommend you use a
software solution only if you have intimate knowledge of all the
software components.
