Securing Your Home Network - Page 2

By Carl Hallberg | Posted Oct 16, 2000
Page 2 of 3   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn


The Hobbyist

OK, let’s make this a little more difficult. Let’s say that the Smiths’ neighbor, Mr. Jones, has four PCs all networked together. To make it interesting, they are not all Windows machines; let’s run some flavor of Linux/UNIX as well. Heck, let’s run more than one flavor! We’ve got Red Hat and FreeBSD, Windows NT, and Windows 95. Yikes! Now what does our Mr. Jones do?

Fear not -- there are more than a few ways to approach this, with only basic differences among them. And again, they can come reasonably cheap. First, Mr. Jones has to decide which of these machines will handle the role of gateway/firewall. The cheap way is to let one of the Linux machines face the outside world, because there are so many good, FREE security programs available for Linux. In fact, one of them -- IPCHAINS -- is even built into the kernel on many current versions of Linux. Red Hat 6.2 includes it, for example.

If IPCHAINS is not included in your version of Linux, it is freely downloadable on the Web (check your Linux vendor’s Web site). This is basic IP filtering, perhaps not as complete or robust as a good firewall, but darn close. Using IPCHAINS does come with a penalty, though. Although it is cheap, it isn’t easy. Rules for the filters must be thought out and entered manually. Still, if you want to block all incoming traffic, it isn’t brain surgery.

If you go the Linux route, in addition to running IPCHAINS you could also install a firewall. Some firewalls are available free for personal (but not commercial) use (www.firewall4linux.com), and others are available commercially. You’ll need to look at the features, price, availability, ease of installation, and so forth, before you decide which is right for you.

If Windows is to be the gateway, the idea is the same, but the average price may go up on the software. On the other hand, finding what you need and setting it up will probably be easier.

"The main point about anti-virus software is that you have to keep it up-to-date."

Once the firewall is in place, you’ll still want to have your anti-virus software handy. This shouldn’t add any cost--you already had it, right? The main point about anti-virus software is that you have to keep it up-to-date. Old anti-virus files aren’t very good for new and previously unknown viruses. You might want to think about updating the anti-virus every two weeks or so. Also, for the truly paranoid, additional software can be added that will detect changes to critical files, check for any security holes, send warnings, or take action in case someone should manage to sneak past the front lines. Once again, this isn’t necessarily an expensive proposition. Several books on computer security include CDs with samples of such programs. One such book is "Halting the Hacker: A Practical Guide to Computer Security," but there are many other books that also include security software on CD.

Of course, our Mr. Jones may choose to be more exotic in his solution. He might add a filtering router as the gateway and install firewalls on all of his PCs. He might buy a hardware firewall as the gateway and still install firewalls on all his PCs. He could also set up vastly complex trust relationships across his equipment, and so on. For most of us though, just the basics will do nicely.


Secret Decoder Rings

A great method for another added level of security is the use of encryption. Several tools are available to assist in encrypting; one of the most common is PGP Desktop by NAI (www.nai.com) software. The PGP desktop software provides a quick and easy way to provide high levels of encryption to email, files, network connections and more. PGP is also freely downloadable from MIT (Web.mit.edu/network/pgp.htm l), only for personal use. As always, please pay attention to the conditions spelled out in the licensing.

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter