Welcome Guest. | Log In| Register | Membership Benefits
  • Email this page E-mail this page
  • |  Print Print this page
  • |   Bookmark and Share
  • icon

The Explorer: Secure Your PC Online, Part Three


Building on Parts One and Two, Fred now shows how to make your PC nearly impregnable.

By Fred Langa
InformationWeek
March 13, 2000 12:00 AM

In Part One, we discussed the four myths of online security and the essential steps you need to take to ensure that your PC doesn't suffer from the worst and most-common online/networking security holes. By itself, Part One gets you a long way towards solid, basic online security.

In Part Two, we looked at "Personal Firewalls" that sit on your PC, and on each PC on a shared Internet connection. These applications work on a local level to block unwanted access to your PC from hackers or other undesirable agents. Even better, some also can block unwarranted accesses that originate from within your own PC -- such as from Trojan Horse and other apps that may secretly "phone home" to send information about you or your PC back to some outside destination.

More Software Insights

White Papers

Webcasts

Reports

Videos


Startup Mulesource offers an open-source ESB for SOA architectures The company's IT GRC software helps automate the assesment and testing process for business decision makers with a customizable dashboard. Microsoft GM of Virtualization, Mike Neil, on the State of Virtualization, Hyper V and Windows 2008
Microsoft GM of Virtualization, Mike Neil, on the State of Virtualization, Hyper V and Windows 2008
Combined, Steps One and Two give you a reasonably high level security. In fact, they may provide all the security many people need for casual surfing and routine online activities.

But if you're reading WinMag.Com, you may not fall into the "routine" or "casual" surfer category -- I know I sure don't. So, this column -- Part Three -- discusses additional steps you can take if you want to increase your online security even higher. In fact, these are steps I personally take because (1) I have a 24/7 Internet connection; (2) I run my business and several Web sites online (see www.langa.com); (3) I have a somewhat higher than normal public profile and so may be a more likely target for hackers than others may be; (4) I share my Internet connection among several PCs; and (5) what can I say? -- I'm just a belt-and-suspenders kind of guy!

If any or all of those attributes describe you, then you also may wish to take one or more additional steps to make your PC nearly impregnable from hacker break-ins. Let me describe my own setup as a working example, and then we'll discuss alternatives:

First, I use all the techniques described in Parts One and Two: For example, none of my PCs binds networking clients, NetBIOS or "Print and File Sharing" services to its TCP/IP stack, so all the easy ways in to my system are eliminated. Second, I use a Personal Firewall on each PC (ZoneAlarm from ZoneLabs, while flawed, remains my personal favorite); this helps block both inbound and outbound hacker activity.

That gives me two levels of security so far. But I also take a third large (but easy and inexpensive) additional step: None of my PCs connects directly to the Internet! Instead, I use an old "junker" PC (an ancient 486 system that's too old, slow and RAM-limited for any other use) as an Internet connection server. This PC is a fossil with a cash value of maybe $25 -- the sort of thing you can find at a yard sale. But it runs Windows and Sygate: Sygate is a NAT ("network address translator") that allows a single Internet connection to be shared among several computers but that also features a very good built-in firewall. The way it handles the sharing completely disguises the online (IP) addresses of the PCs sharing the connection; the only PC the outside world can see at all is the junker system. That's worth repeating: None of the other PCs using the shared connection can even be detected from the outside -- and what a hacker can't detect, he can't attack.

Sygate's firewall also does a pretty good job of hiding itself (actually, it hides the PC it's running on) from prying eyes: Sygate swallows "probes" from hackers without any response whatsoever to indicate there's a PC there at all! It's as if it puts your PC in stealth mode. The firewall is actually is a fourth layer of protection.

And this kind of a setup actually adds a fifth, physical layer of defense: If a hacker manages to break in, he'll find himself in an almost empty, very wimpy junker PC with absolutely no interesting or sensitive files on it whatsoever. All the other PCs on my LAN are password-protected, and I've never let Windows save any passwords on the junker PC. So even if the hacker got into the junker PC, he'd have a hard time getting to any other system on the LAN -- what with their passwords, Personal Firewall apps running, and their innately-secure networking setups.

Page 2: 
1 | 2 Next Page »


Subscribe to RSS


Advertisement

CAREER CENTER
Ready to take that job and shove it?



TechCareers

SEARCH
Function:

Keyword(s):

State:
SPONSOR
RECENT JOB POSTINGS
CAREER NEWS
10 Search Engines You Don't Know About
Go beyond Google and get vertical. These specialized search sites will help you find the business information you need -- fast.

Yahoo Profits Fall 23%, Cuts 1,000 Jobs
Ari Balogh was named to the post of chief technology officer as the companys for a "realignment" of employees.

More articles from our career center





Subscription Info
Apply for a free 52-week subscription to InformationWeek (a $199 value)

Last Name:

First Name:

Title:

Company Name:

City:

Business Address:

Zip:

State:

Email Address:

NOTE: Offer valid for U.S., U.S. possessions, & Canada only

            

Join economist Chris Cornell and 3 CIOs in an Exclusive Online Exchange for Senior IT Executives: Using IT to Drive Value in a Turbulent Economy. November 5th only.