Home computer security with a DSL/Cable Modem connection.

If you have a broadband connection to the internet (DSL/cable-modem), it means that you have both a fast access AND that you are now permanently connected to the internet. This means that someone can easily discover your IP address and might attempt to hack into your system. To protect your system and your private information, you need a firewall solution. There are people out there that will try to hack into your PC and...

Why do I need a firewall?

So what if someone hacks into my system? What could they do?
A Hacker invading your PC could...

Steal your information (credit card info, userid/passwords etc...)
Wreak havoc on your PC, corrupting/deleting files.
Use your computer as a SPAM relay (i.e. your computer sends SPAM to thousands of people and your ISP could shut down your account).
Infect your computer with viruses and propagate it to your friends.
Install "spyware" on your computer.
Remotely control your computer to participate in hacking into other websites/computers.
Remotely control your computer to participate in massive Denial of Service attacks against various sites (that's when hundreds/thousands of computers simultaneously try to access the same service on a computer.... the server is overwhelmed and cannot respond to legitimate requests, hence the name "Denial of Service" attack.

The list goes on and keeps on growing as hackers/spammers unite in finding new intrusion and abuse techniques.

Here are a few resources to review how vulnerable your current setup is to various abuses:

PC Flank website: Run the "Quick Test".
GRC.com's Shields UP series of vulnerabilities/firewall tests.
GRC.com's Leak Test firewall testing.
GRC.com's Shoot the Messenger To disable MS Messenger's (standard on winXP) annoying popup SPAM windows.
SpyBot. Free software to find and remove spyware installed on your PC. If you use Internet Explorer, you will be amazed at the stuff that slipped through.

One bit of advice

The biggest security hole on your PC is the combination Internet Explorer and Outlook (or Outlook Express). Those two programs are responsible for more security holes than anything else. No other Email program comes close to carry as many viruses as Outlook. Internet Explorer is the interface of choice for inserting spywares and other junk on your PC. I personally use and recommend alternate email and web browser programs such as Mozilla (Free Mozilla web browser and email program) and (Eudora Free email program). Note that once in a while, I have to fire up my old Internet Explorer for those odd sites that use IE specific extensions and do not work well with other browsers.

How do I protect my PC and my information?

To protect your system against hackers, you need some form of firewall. The first line of defense is also the simplest: Install a broadband router that supports Network Address Translation (NAT). Those routers typically have 4 ethernet ports allowing you to have more than one computer that share the same internet connection. The NAT feature makes it look to the world like there is only one computer. It has the side effect of providing a pretty good protection against external intruders.

Another benefit of using a broadband router is for people who's ISP uses PPPoE instead of plain DHCP to provide an IP address to your computer (SBC/Yahoo does that). If your provider uses PPPoE, you have to install some software on your computer and give a userid/password in order to connect to the internet. With the broadband router between the DSL modem and the computer(s), you configure the router with the userid/password instead of having to install and run this access software.

The next step up in safety is to install a real router/firewall unit. We recommend two very reliable, simple to use/setup award winning router/firewall units from Linksys below.

The next element is to run a personal firewall software on your PC. You can do BOTH the router/firewall AND the firewall software on your PC for extra protection or you could just do one or the other. The personal firewall is extremely useful/necessary if you bring your laptop to a public internet access such as an internet cafe.

The personal firewall software range from free (ZoneAlarm basic) to some $50. We recommend two award winning products from ZoneAlarm and Symantec for their ease of use and reliability.

Broadband Routers with NAT / hardware firewall

Linksys BEFSR41 Cable/DSL Router with 4-Port Switch.
This is a personal favorite of mine. The simplest, most reliable, high performance and even good looking router I have used so far. Works like a charm. Everybody loves it.

It is NOT a full firewall router, but it has built it Network Address Translation (NAT) which pretty much acts as a basic firewall.

See linksys site for full spec.

Linksys BEFSX41 Cable/DSL Firewall Router with 4-Port Switch/VPN End.
This one is a real Firewall. It won a bunch of awards for being efficient, simple and fast.

See the PCmag article for review. Note that the article lists other viable firewalls products. I always lean towards the linksys products as they are reliable, SIMPLE to setup/use and relatively cheap.

See linksys site for full spec.

Personal Firewall Software

ZoneAlarm Pro 4.0 Co-winner of PC mag Editor's choice, Nov 2003 (see See whole PCmag article)
See also: ZoneLabs Firewall Now Protects Against ID Theft

Article extract: ZoneAlarm Pro 4.0, Nov 25, 2003
By Edward Mendelson

Zone Labs' ZoneAlarm Pro 4.0 is a one-stop security package that combines an easily customizable firewall with program control and ad-blocking features. It also includes e-mail security, which quarantines dangerous attachments and prevents worms from sending mass mailings from your machine. It's almost as friendly and feature-packed as Norton Personal Firewall 2004, but it lacks Norton's privacy-protection features.

ZoneAlarm's options are clear and highly customizable, with every control accessible from a single tabbed interface, with none of the obscure detours found in less integrated packages. A tray icon displays a bar graph of current inbound and outbound traffic. Warning messages include links to detailed advice on deciding whether to let an application access the Internet. If you frequently download new versions of your favorite software and don't want to be warned about each new version, you can tell ZoneAlarm that an application changes often, and it won't bother you with such warnings.

Installation on our multinetwork test systems was effortless, and the program asked us whether to include specific networks in an Internet zone or a local-network Trusted zone (with more lenient security settings). The control panel lets you specify high, medium, or firewall-off security levels for both the Internet and Trusted zones, with options to customize the high and medium levels. The default high-security setting stealths all ports, while the medium setting leaves them visible but closed. When you upgrade or uninstall the program, a prompt asks you whether you really intend to turn off its security in order to prevent uninstallation by rogue software.

Ad blocking is almost as effective as in McAfee Internet Security Suite 6.0 or Norton Internet Security 2004 , but it distorted the display of some non?ad banner graphics. A version with Web filtering based on blacklists and algorithms costs $59.95; a reduced ZoneAlarm Plus version ($39.95) lacks ad-blocking and cache-cleaning features; a freeware version includes only the firewall.

Note: You can get a free version of the basic zonealarm firewall for download (click on zoneAlarm image to the right, then click on Download & Buy at the bottom of the page, and finally click "ZoneAlarm" under "Zone Labs Security Products and Information"). ZoneAlarm offers two other products with a more complete security coverage for $39 (ZoneAlarm Plus) and $49 (ZoneAlarm Pro).

Get ZoneAlarm PRO4

Norton Personal Firewall Co-winner of PC mag Editor's choice, Nov 2003 (see See whole PCmag article)

Article extract: Norton Personal Firewall 2004, Nov 25, 2003
By Edward Mendelson

Few programs successfully balance the needs of beginners and experts, but Symantec's Norton Personal Firewall 2004 gets it exactly right. The software offers thorough and easy-to-use protection out of the box and easy-to-manage fine-tuning of security and privacy settings.

An effortless installation followed by online product activation (required within the first 15 days of use), sets up the firewall for medium-level security. This level puts all ports in stealth mode and pops up an easy-to-understand alert when intrusions occur or applications first try to access the Internet. A configuration dialog has a slider for switching from medium to lower or higher security levels, and each level has custom settings for allowing Java and ActiveX applets.

A network detector feature automatically switches a laptop between customized profiles for home, office, and mobile use. Expert users can dig deep into option dialogs for total control over the way specific programs connect to the Internet or how specified Web sites connect with their PCs.

Privacy control features prevent data like credit card and Social Security numbers from being uploaded to nonsecure sites. An intrusion detection system purposely reports only the most common types of intrusions to avoid cluttering the screen with messages, but the firewall silently protects against intrusions that the detection system doesn't report. New intrusion and software signatures can be automatically or manually downloaded via Symantec's LiveUpdate service.

Norton's ad- and pop-up?blocking feature is more easily customizable than anyone else's. A Web Assistant toolbar added to Internet Explorer lets you selectively block or allow ads and pop-ups from individual sites, and an optional Ad Trashcan lets you drag ads from the browser so that they'll be blocked in the future. Combining the best in ease of use and protection, Norton Personal Firewall 2004 shares our Editors' Choice with ZoneAlarm Pro 4.0.

[Back to Project-greenhouse Home]