Below are the sites relating to Gilsinan's presentation:
Information about SWBell's special DSL Installation Offers (Current as of March 24, 2000)
Note: The author highly recommends her DSL Internet Service Provider, Valuenet,
http://www.valuenet.net Valuenet offers the same promotional specials as SouthWestern Bell.
Joe Yu, owner, is well experienced with firewalls, and used a Cisco Catalyst 1900 Hub for my
installation, which contains switching cable, and establishes a secure connection without the expense
of a Router/Firewall, which can range in price from $350 to $25,000. Mr. Yu mentioned the
following companies which offer firewalls for sale: Watchguard; Sonicwall. Watchguard offers
products ranging from $350 to $5,000; Sonicwall has a router for $450 which is a ten-user system
and $900 for a 50 user system.
Now that DSL service and cable internet access have made high speed internet access affordable for most of us, concerns have arisen about the risks associated with such "always on" access. I interviewed Nic Terry of the St. Louis University Law School faculty and discussed with him security concerns relating to DSL and cable modem access. Before we begin, however, we should note that with the advent of wireless internet access an entirely new layer will be placed on the issue of security--but that's for another day.
In securing your "always on" online connect, the first task to perform is a risk analysis. If you have a dial up connection, there is a tiny risk, as there is no persistent connection. This may be referred to as "dynamic IP." If you have a cable modem, you are more likely to have fixed (or static) IP addresses and therefore you are at risk. If you have DSL you may also have static IP addresses which put you at about the same risk as the cable modem.
What is it you are at risk of? Of other, unknown folks getting into your machine(s). Even putting
aside confidentiality concerns (a lawyer has professional standards which apply in this regard), you
may be at risk of the "denial of service" type of hacking recently directed at Yahoo!, e-Bay and
ZDNet. A hacker, in addition to using your connection as a method of sending spam, could use it
as an instrument for effecting "denial of service" at targeted sites. Another, less considered risk of
a persistent connection is that folks might put programs on your computer that broadcast information
to third parties (i.e., private matters, for example), without your knowledge. They could place a
"daemon server" on your machine, in stealth mode, which would broadcast your information to
anyone it chose. A good firewall can stop the bad guys from getting in and also from sending
information out of your computer.
Although reports indicate that the Windows2000 operating system has more security than Windows 95 and 98, it is not "bullet proof" either. Windows NT also has security problems. Most of us have machines operating on Windows 95 or 98 wherein the problem is something called "NetBEUI". It is the default networking protocol for Windows (you will need a network card to install DSL, even if you don't otherwise network computers for sharing). NetBEUI is unsecure by default when you install an internet network card (which you need for DSL and cable modem access). NetBEUI will bind by default to that card. While you may think you are only getting TCP-IP, by default Windows adds NetBEUI, meaning you have a port "open to the world."
First task then, is to unbind NetBEUI and your second task is to put passwords on your file sharing
that you set up between your machines. You can actually see if you have an open port by running the "Shields Up!" test on the Gibson Research Corporation Second way of securing your connection. Even if you take the steps outlined above, you will still
have a port on the Internet that hackers can run a "ping" on. A true firewall either makes the ports
invisible and/or secure. A traditional solution (scaled down from the corporate solution) is to build
a physical firewall. You need an extra computer to do it properly. It's better done if the computer
is NOT on the network but is an independent computer (a old 486 would do nicely for these purposes
because its bus speed is fine). On this "external", non-networked computer you insert two network
cards. The first connects to the DSL and its only setup is for the TCP/IP. The Internet will see this
on this machine and this constitutes the physical firewall. The second network card is a member of
your internal network. The other machines (if any) look to the other card using the internet network
sharing of, for example, Microsoft Windows 98 Second Edition. The other/second network card
provides the internal IP addresses inside but these are unseen by the external Internet. Your private
IP addresses are two series of numbers which cannot exist on the public Internet. These are what
you set on your internal machines.
A third way is to not setup a physical firewall (the second suggestion described above), but rather
to stay with a hub and the basic Ethernet network as it is configured, take the WIN precautions (see
the first paragraph under "Risky Business") and then ALSO add to each of the machines (so that you
secure each and every port) a software firewall, such as BlackIce (cost $25.00) or ZoneAlarm (free)
from Zonelabs.com. Actually, some reviewers give higher marks to ZoneAlarm than to BlackIce,
but you can be the decision maker. In any event, each machine gets its own installation of the
software
One other trick, learned by experience, entails what to do when the telephone installer (or "cable guy") leaves.
The telephone installer will install the DSL on one machine only and you will have to install it so
that other machines can be attached. To do so, you can unplug the cable/DSL modem and plug it
into the hub. There are two types of hubs. One has 4-8 output ports (these are cheap, usually $40).
Some have, in addition, an in/out port and that's the kind you can just plug in your standard Ethernet
cable into. The better hubs do what's known as a "crossover". With the cheaper hubs, you will have
to pay another $10 or so for a "crossover" cable.
For firewall software solutions see:
Where to find out More:
The Gibson Research Site which has extensive help files and step by step instructions on how to
close ports.
Two articles by Fred Langa entitled "Making Your PC Secure Online"
For testing your speed of access check out
Other relevant information:
Definition:
NetBEUI (NetBIOS Extended User Interface, pronounced net-BOO-ee)
formalizes the frame format (or arrangement of information in
a data transmission) that was not specified as part of NetBIOS. NetBEUI was developed by IBM for
its LAN Manager product and has been adopted by Microsoft for its Windows NT, LAN Manager,
and Windows for Workgroups products. Hewlett-Packard and DEC use it in comparable products.