The Explorer: Secure Your PC Online, Part Three - InformationWeek
Software // Enterprise Applications
12:01 PM
Fred Langa
Fred Langa
Free Yourself from Legacy Apps
Jun 08, 2017
They've served their purpose years ago, but now they're stretching your IT budget and increasing s ...Read More>>

The Explorer: Secure Your PC Online, Part Three

Building on Parts One and Two, Fred now shows how to make your PC nearly impregnable.

In Part One, we discussed the four myths of online security and the essential steps you need to take to ensure that your PC doesn't suffer from the worst and most-common online/networking security holes. By itself, Part One gets you a long way towards solid, basic online security.

In Part Two, we looked at "Personal Firewalls" that sit on your PC, and on each PC on a shared Internet connection. These applications work on a local level to block unwanted access to your PC from hackers or other undesirable agents. Even better, some also can block unwarranted accesses that originate from within your own PC -- such as from Trojan Horse and other apps that may secretly "phone home" to send information about you or your PC back to some outside destination.

Combined, Steps One and Two give you a reasonably high level security. In fact, they may provide all the security many people need for casual surfing and routine online activities.

But if you're reading WinMag.Com, you may not fall into the "routine" or "casual" surfer category -- I know I sure don't. So, this column -- Part Three -- discusses additional steps you can take if you want to increase your online security even higher. In fact, these are steps I personally take because (1) I have a 24/7 Internet connection; (2) I run my business and several Web sites online (see; (3) I have a somewhat higher than normal public profile and so may be a more likely target for hackers than others may be; (4) I share my Internet connection among several PCs; and (5) what can I say? -- I'm just a belt-and-suspenders kind of guy!

If any or all of those attributes describe you, then you also may wish to take one or more additional steps to make your PC nearly impregnable from hacker break-ins. Let me describe my own setup as a working example, and then we'll discuss alternatives:

First, I use all the techniques described in Parts One and Two: For example, none of my PCs binds networking clients, NetBIOS or "Print and File Sharing" services to its TCP/IP stack, so all the easy ways in to my system are eliminated. Second, I use a Personal Firewall on each PC (ZoneAlarm from ZoneLabs, while flawed, remains my personal favorite); this helps block both inbound and outbound hacker activity.

That gives me two levels of security so far. But I also take a third large (but easy and inexpensive) additional step: None of my PCs connects directly to the Internet! Instead, I use an old "junker" PC (an ancient 486 system that's too old, slow and RAM-limited for any other use) as an Internet connection server. This PC is a fossil with a cash value of maybe $25 -- the sort of thing you can find at a yard sale. But it runs Windows and Sygate: Sygate is a NAT ("network address translator") that allows a single Internet connection to be shared among several computers but that also features a very good built-in firewall. The way it handles the sharing completely disguises the online (IP) addresses of the PCs sharing the connection; the only PC the outside world can see at all is the junker system. That's worth repeating: None of the other PCs using the shared connection can even be detected from the outside -- and what a hacker can't detect, he can't attack.

Sygate's firewall also does a pretty good job of hiding itself (actually, it hides the PC it's running on) from prying eyes: Sygate swallows "probes" from hackers without any response whatsoever to indicate there's a PC there at all! It's as if it puts your PC in stealth mode. The firewall is actually is a fourth layer of protection.

And this kind of a setup actually adds a fifth, physical layer of defense: If a hacker manages to break in, he'll find himself in an almost empty, very wimpy junker PC with absolutely no interesting or sensitive files on it whatsoever. All the other PCs on my LAN are password-protected, and I've never let Windows save any passwords on the junker PC. So even if the hacker got into the junker PC, he'd have a hard time getting to any other system on the LAN -- what with their passwords, Personal Firewall apps running, and their innately-secure networking setups.

1 of 2
Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of Data and Analytics
Today's companies are differentiating themselves using data analytics, but the journey requires adjustments to people, processes, technology, and culture. 
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll