Building on Parts One and Two, Fred now shows how to make your PC nearly impregnable.
Finally, I also use a sixth trick: My cable modem ISP uses "dynamic IP addressing," which is also the technique used on most dial-up/modem ISPs. With dynamic addressing, every time you re-establish your connection, you get a new IP address, which has the desirable side-effect of making you slightly harder to track: With a dynamic address, even if a hacker finds you this time, your address will be somewhat different the next time you connect, so he'll have to track you down again. To take advantage of dynamic addressing, I unplug my cable modem once a day or so, or anytime there's seems to be unusual activity at the modem: When I plug back in, the modem re-synchs
and goes back online at a slightly different address, forcing any curious hackers to start over. This trick won't work for connections with a "static IP" that never changes, but is worth remembering for any connection with dynamic addressing.
Call me paranoid, but with six layers of protection -- a proper networking setup, a personal firewall, an Internet sharing service that hides the PCs behind it, a heavy-duty firewall built into the connection-sharing service, physical isolation of the sensitive data on the LAN, and some simple misdirection through dynamic addressing -- I start to feel at least somewhat safe. <g>
Still, it's worth stopping here for a moment to say that no online system can ever be 100 percent secure; depending on the skill level, determination, and resources of the attackers, any system that's online can eventually be hacked. (The only way you can be 100 percent safe from online attacks is to pull the plug and break the connection between the Internet and your system.)
But by raising multiple barriers to hackers, you can make your system such a pain to get to that most hackers will likely give up and simply move on to easier targets. With a six-level security scheme like mine, it's not that your system can't be hacked (in theory, any system can eventually be hacked), but that it won't be hacked because it's just too much trouble.
Some Alternative Pieces:
Hardware: Some "routers" (and hubs with router capabilities built in) have firewall firmware that can simultaneously distribute anti-hacker protection along with shared Internet access. I personally dislike "black box" hardware that keeps me from knowing what's going on inside or making customizations and adjustments as I see fit, but some people actually prefer the just-plug-it-in-and-go approach. If that's you, then a hub/router with a built-in firewall may be just the ticket.
Software: Sygate is only one of many Internet-sharing solutions that offer good security. I like it because it's inexpensive, offers great security when placed in "enhanced" mode, requires almost no
configuration, and allows ample customization if you want it. For example, you can "black list" sites to prevent all access to known-bad locations, or conversely, "white list" sites to only allow access to known-good locations. But many other solutions -- such as the deservedly popular WinProxy -- offer similar abilities.
And here's an interesting item -- a special-purpose FREE, configurable firewall that's an offshoot of the Linux project. This specially stripped-down version of Linux fits on a floppy: You boot an old PC from the Linux floppy, and the fireplug app runs the pc, sets up connection sharing and a firewall, and runs the whole thing in RAM. Although it's harder to configure than commercial firewalls, you can't beat the price -- and its hardware requirements are so low, it'll run even on PCs that won't run any recent version of Windows.
Layers Do The Trick
In any case, the concept is simple: You need a layered defense between you and hostile netizens. The more important your data and online activities are, the more layers you need. I personally feel everyone should have at least two layers of defense -- and many people reading this column (more advanced users with always-on or often-on connections) probably should have three, four, five -- or even six layers of defense. I do.
What do you use to provide online security? What hardware and software solutions can you tell us about? How much protection is enough -- and how much to too much or too little? Join in the discussion!
To discuss this column with other readers, please visit Fred Langa's forum on the Listening Post.
Building A Mobile Business MindsetAmong 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps – and it's past time for those with no plans to get cracking.