Tuesday, April 10, 2007

Security For Me: Broadband @ Home

Got broadband at home? Sure you do! Whatever your connection is, DSL, ADSL, fiber optic etc. you are on a broadband connection. However this means something verry interesting... your computer is part of the local area network of your provider! How come? Basically, when you connect the broadband device it connects to a server (or a central point) at the provider location and puts you on the Internet. But this happens with all users of that provider and being connected directly to the same point it means that the computers will "talk" with eachother at very high speeds (at the maximum bandwidth of your connection). Some providers even use "town speed" and "Internet speed" (usually the fiber optic providers do that, something like 50 Mbps in the town and 1 Mbps in the rest of the world). For such providers, sky is the limit in the speed that 2 clients talk with each other (by the way, a wireless connection in the G band works at 54 Mbps). Now imagine a virus. The infected computer will attempt to infect your computer at very high speeds and it may succeed. You don't want that, do you?
Another problem is that some providers link you to a local switch. All users on that switch can use it at maximum capacity. For example, my own connection is a simple PPPoE one and I have an Ethernet cable coming into my home directly from the local building switch which in direct link to the "area switch" which connects to the fiber optic backbone. With the people in my area I can talk at 100 Mbps... meaning 10x the speed of my home router.
Did I said "home router"? Yes I did! This little device which costs less than 100 USD allows me to connect my desktops and my laptop (via a secured wireless link) to the Internet. As I said before I have an Ethernet cable to connect to the provider. However this is not important at all. I could have a DSL modem and that modem would be then connected to my router.
In our days the routers do an excellent job at protecting your network (if set up in the right way, and they come secured out of the box, but read below). No matter what broadband connection you have, a hardware based device that among others is a hardware based firewall, will secure your network very good. Some DSL and ADSL modems come with a built-in router so you don't need a second one unless you want to go wireless but some modems have that too.
So how do you connect all those? Case 1: without a router:
Provider --- modem --- computer
A modem connects you to the provider network; you may not have it at all if you have a fiber optic connection like I have (my case is: Provider --- computer). The big disadvantage of that modem is that it does not protect your computer, it simply does a media conversion from USB or Ethernet to the provider connection like a DSL line. To secure it just do this case 2:
Provider --- modem --- router --- computer
Insert the router between the modem and your computer. The router has the advantage of allowing you to share the connection to more than one computer.
If your modem has a built in router it already looks like:
Provider --- modem/router --- computer
so you can already share the connection and be secured at the same time.
If you don't have enough free Ethernet ports in the router (or modem/router) just put a normal switch in the picture. The routers allow you usually to connect directly (by expanding the number of ports with switches) 254 computers.
You may want to say that you do have a firewall on your OS. Sure, if you do, turn it ON! Although it does not make sense to have a double firewall, it may protect your computer from the others in your home network. And you want that too.
So how secured is your router? If you don't mess up the setting, very secured. However, some routers come with management ports wide open, so you have to close those by hand. To see what ports you have open, use a site like www.grc.com which will scan your computer (actually your router because it "is in the way"). If you don't use a router then at least turn on the OS firewall or a 3rd party one...
I won't go into details any further. Any more details I will discuss in the comments as replies to your questions. If I see a particular interest on a subject I will consider dedicating it a whole post.

No comments: