Sharing and securing your broadband connection
By Tom Gromak
The Detroit News

You've made the leap to broadband. Now what?

The first thing you need to do is make certain your connection is safe and secure. Why? To prevent hackers from gaining access to your files or, just as bad, your hardware itself. Is it hard? No, in fact, it's quite easy with the right tools.

The software solution

If you only have one computer attached to your cable or DSL connection, you'll do fine with a software-based firewall for protection. What's a firewall? Well, it's exactly like a firewall in a home, or in a car: A theoretically impenetrable barrier - in this case a digital one - that stops invaders from gaining access to your system.

Not having a firewall is a lot like leaving all your doors and windows open when you go away on vacation. But, inside your PC, those doors and windows are called ports. Ports are essentially numerical addresses in your PC's networking protocols through which various things happen, like Web page access, file downloads, peer-to-peer sharing, e-mail, chat, etc.

At work, your information technology personnel have installed firewalls that often block certain ports and leave open more innocuous ones. The result is that you can browse the Web but you probably can't run Kazaa. That's because each use accesses a different port.

Some of those ports can allow a broad range of access to the services and structure of your PC and its operating system. Those ports are what hackers look for and what they exploit when they break into a system or write a Trojan horse, worm, or virus that exploits open ports. And it's serious. Online security experts at McAfee.com estimate there are more than 2,500 ways to get into your computer.

Remember when the SoBig worm exploded onto the scene (and exploded our Inboxes with random spam)? By simply blocking a single port with a firewall, a user could have prevented the worm from using his or her machine to do its dirty work.

It's true that Windows XP comes with its own rudimentary firewall protection. You can enable it by going to your network control panel, right clicking local area connection, and selecting properties. On the advanced tab, you'll find a check box to enable the Internet Connection Firewall.

A better solution is a more comprehensive firewall package like McAfee's Personal Firewall Plus ($39.95 at http://www.mcafee.com). It's more configurable - something you'll need if you do any online gaming (because online games also require certain ports to be opened. If they're not, you go nowhere). And it provides you with a lot of information about any apparent attempts to gain access to your computer or its data, complete with a tracing solution that will allow you to report suspicious activity (though accuracy may vary because good hackers usually cover their tracks well).


--------------------------------------------------------------------------------



McAfee's Personal Firewall, a software solution, provides excellent protection against hacker attacks, worms and trojans, as well as a wealth of information about attempts -- both harmful and benign -- to access your system.



--------------------------------------------------------------------------------


Hardware hack-proofing

A second solution is a hardware-based firewall. What's the advantage? Such protection is usually built into pieces of equipment called routers. A router sits between your cable or DSL modem and your PC (or PCs). It acts sort of as a tiny little computer and server, and it, not your PC, initiates the connection to your ISP. You can connect more than one PC to a router, making it a quick, easy and cheap way to share Internet access in your home. A router with built-in wireless capabilities also allows you to go portable in your home with a laptop or wireless-equipped PDA.

Router firewalls, like their software counterparts, offer numerous options for configuration, allowing you to determine what ports are open, what are closed and when. And, once the firewall is engaged, a decent router (I use the D-Link DI-614+) will make it appear to the outside world that the router is the only thing at your home that's connected to the Internet. Hackers likely won't be able to see your PCs, your Xbox, or your digital video recorder.

How hard is it to use a router to share your connection? If you can plug in cables, you can do this. Most devices and modern operating systems will automatically detect that they've been connected to a LAN (a local area network) and will configure themselves to access that LAN and the Internet beyond.

In my apartment, I effortlessly networked my main PC, my old Macintosh, my ReplayTV, my laptop, and my PDA. The first two are wired directly to my D-Link router; the last three all connect without wires. The laptop and PDA have built-in wireless networking. The ReplayTV is connected through another really cool D-Link device called a wireless bridge. It's a small box with an antenna that connects to the DVR's built-in networking jack and converts it to a wireless signal that communicates with the router. There are no drivers required for the bridge and only minimal configuration that can be done with a quick installation wizard built into the device.

Don't let all this technology intimidate you. Once you dive in, you'll find it's far easier to set up than you imagined. And it makes your online experience far better and safer.

Tom Gromak can be reached at [email protected].





The control panel in the D-Link DI-614+ wireless router allows you a wide range of flexibility to protect your PC and to share and control your Internet access.


DNews