Access Intelligence's BROADBAND GROUP
Communications Technology
Current Issue
Subscribe
Advertising Information
Meet the Editors
Advisory Board
Annual Awards
Custom Publishing
WebEvents
Show Dailies
Reprints
List Rentals
Archives
Search Career Center Contact Us Calendar Industry Partners Home

Archives

Communications Technology June 2001 Issue
Broadband: Always-on Security

By Ron Hranac

About a year and a half ago, I discussed the importance of ensuring the security of always-on Internet access such as that provided by digital subscriber line (DSL) and cable modems.

Given the fact that we live in what is often called Internet Time, it's probably appropriate to update some of those recommendations.

Daily intrusions

Hardly a day goes by that we don't hear about a new computer virus that spreads like wildfire, a denial of service attack on popular Web sites, or other intrusions into our day-to-day online computing activities. The always-on nature of cable modem service in many ways provides the biggest vulnerability to these problems. Several of my friends and professional acquaintances who use intrusion detection software on their PCs have shared stories of numerous attempts by others to access their computers while online. The estimated 5.5 million cable modem subscribers in North America alone represent dandy targets for this sort of mischief.

Alerting customers

As I said in my February 2000 column, you really should tell your cable modem subscribers about the potential risks associated with being online. At the same time, you should tell them about ways they can avoid the majority of those risks. Call it healthy paranoia.

Turning off file-and print-sharing

Turning off file- and print-sharing is one of the easiest steps to implement, and takes only a minute or two. Go to the Windows control panel, which may be found by clicking Start | Settings | Control Panel. When you've reached Control Panel, double-click Network. Look for the File- and Print-Sharing button, and click it once. A File- and Print-Sharing dialogue box will appear. In it, you'll find two items that, unless changed previously, will have check marks beside them.

One of these items is "I want to be able to give others access to my files," and the other is, "I want to be able to allow others to print to my printer(s)." Uncheck both of these by clicking on the respective boxes. Click OK to close this dialogue box. Then click OK to close the Network window. Close the Control Panel.

Inoculation

One of the best investments for a home or office PC is anti-virus software. Companies such as McAfee (www.mcafee.com), Symantec (www.symantec.com), and Trend Micro (www.antivirus.com) have excellent packages available, any of which may be purchased online or at most office supply and retail computer stores.

Regardless of which anti-virus software you use, the key to effective protection is to keep the software's virus definitions up to date. I recommend no more than a couple weeks between updates, which may be done easily online.

Security patches

I'm convinced that there are folks out there who spend all of their time looking for and exploiting weaknesses in Windows and popular Web browsers. Figure on monthly visits to Microsoft's Web site (http://windowsupdate.microsoft.com) to check for updates and security patches for Windows and Internet Explorer. If you use Netscape, you'll find updates and the latest version of that popular Web browser at www.netscape.com.

Browser settings

Configure your browser to accept only signed downloads, and be sure to examine the digital certificates of all downloads. Check your browser's manual or help files for more information about this.

Personal firewalls

Symantec has licensed AtGuard, and as I understand, incorporated it into their Internet Security software. McAfee offers a similar package. One highly rated intrusion detection software is BlackICE Defender from Network Ice (www.networkice.com), which may be set up to provide a level of security protection from the list of Paranoid, Nervous, Cautious and Trusting. The program does the rest. Considered a software-based personal firewall, BlackICE Defender dynamically adjusts the degree of your computer's security while it watches for attacks and intrusions, then blocks access from the intruder's Internet protocol (IP) address. BlackICE Defender is available online for $39.95 or at most retail software outlets.

PC Magazine recently gave an Editors' Choice Award to Zone Labs' (www.zonealarm.com) ZoneAlarm Pro, another software-based personal firewall. It sells for $39.95. A version with fewer features, ZoneAlarm, may be downloaded for no charge.

High-speed access routers

Since I last wrote about Internet security, a variety of companies have introduced hardware-based solutions. These products are targeted at residential and small business users, and are reasonably priced. Linksys (www.linksys.com) and SMC Networks (www.smc.com) are two vendors with which I'm familiar. Both companies manufacture what are called cable/DSL routers. The box is installed between the cable modem and one or more PCs.

One popular configuration includes a four-port 10/100 Ethernet switch, firewall, and network address translation (NAT). Dynamic host configuration protocol (DHCP) server functionality is available on the local area network (LAN), or PC side of the box, and DHCP client functionality on the cable modem side of the box. SMC's broadband router also includes a built-in print server. This class of product sells for around $150. Single-port models are around $100, and eight-port models are in the $200 range.

For those users not able to install Category 5 Ethernet cabling, or who would like portability in the home or office--say, with a laptop--Linksys offers a wireless cable/DSL router. It features up to 64-bit wired equivalent privacy (WEP) encryption. Regardless of vendor, make certain that the product includes WEP encryption. Otherwise, you leave yourself vulnerable to unwanted snooping by someone sitting in the next room or maybe outside in the parking lot.

I doubt that there will ever be a 100 percent foolproof solution to the risks inherent to always-on Internet access, but understanding those risks and how to minimize them will prevent most problems. As with anything high tech, if one person figures out an effective protection scheme, someone else will figure out a way around it. The hope is that the good guys are able to stay one or two steps ahead of the bad guys. Short of not using a PC at all, or never going online, about the best that one can do is to manage the potential risks. This won't guarantee that problems won't happen, but it will reduce the likelihood. If something does happen, it hopefully will be easier to deal with than if precautions were never taken.

Ron Hranac is a consulting systems engineer for Cisco Systems, and senior technical editor for Communications Technology. You may reach him at .

 Back to June 2001 Issue


Access Intelligence's CABLE GROUP
Communications Technology | CableFAX Daily | CableFAX's CableWORLD | CT's Pipeline
CableFAX Magazine | CableFAX databriefs | Broadband Leaders Retreat | CableFAX Leaders Retreat
Access Intelligence, LLC Copyright © 2005 Access Intelligence, LLC. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Access Intelligence, LLC is prohibited.