Software // Enterprise Applications
Commentary
1/7/2004
12:01 PM
Fred Langa
Fred Langa
Commentary
50%
50%

The Explorer: Secure Your PC Online, Part Three

Building on Parts One and Two, Fred now shows how to make your PC nearly impregnable.

In Part One, we discussed the four myths of online security and the essential steps you need to take to ensure that your PC doesn't suffer from the worst and most-common online/networking security holes. By itself, Part One gets you a long way towards solid, basic online security.

In Part Two, we looked at "Personal Firewalls" that sit on your PC, and on each PC on a shared Internet connection. These applications work on a local level to block unwanted access to your PC from hackers or other undesirable agents. Even better, some also can block unwarranted accesses that originate from within your own PC -- such as from Trojan Horse and other apps that may secretly "phone home" to send information about you or your PC back to some outside destination.

Combined, Steps One and Two give you a reasonably high level security. In fact, they may provide all the security many people need for casual surfing and routine online activities.

But if you're reading WinMag.Com, you may not fall into the "routine" or "casual" surfer category -- I know I sure don't. So, this column -- Part Three -- discusses additional steps you can take if you want to increase your online security even higher. In fact, these are steps I personally take because (1) I have a 24/7 Internet connection; (2) I run my business and several Web sites online (see www.langa.com); (3) I have a somewhat higher than normal public profile and so may be a more likely target for hackers than others may be; (4) I share my Internet connection among several PCs; and (5) what can I say? -- I'm just a belt-and-suspenders kind of guy!

If any or all of those attributes describe you, then you also may wish to take one or more additional steps to make your PC nearly impregnable from hacker break-ins. Let me describe my own setup as a working example, and then we'll discuss alternatives:

First, I use all the techniques described in Parts One and Two: For example, none of my PCs binds networking clients, NetBIOS or "Print and File Sharing" services to its TCP/IP stack, so all the easy ways in to my system are eliminated. Second, I use a Personal Firewall on each PC (ZoneAlarm from ZoneLabs, while flawed, remains my personal favorite); this helps block both inbound and outbound hacker activity.

That gives me two levels of security so far. But I also take a third large (but easy and inexpensive) additional step: None of my PCs connects directly to the Internet! Instead, I use an old "junker" PC (an ancient 486 system that's too old, slow and RAM-limited for any other use) as an Internet connection server. This PC is a fossil with a cash value of maybe $25 -- the sort of thing you can find at a yard sale. But it runs Windows and Sygate: Sygate is a NAT ("network address translator") that allows a single Internet connection to be shared among several computers but that also features a very good built-in firewall. The way it handles the sharing completely disguises the online (IP) addresses of the PCs sharing the connection; the only PC the outside world can see at all is the junker system. That's worth repeating: None of the other PCs using the shared connection can even be detected from the outside -- and what a hacker can't detect, he can't attack.

Sygate's firewall also does a pretty good job of hiding itself (actually, it hides the PC it's running on) from prying eyes: Sygate swallows "probes" from hackers without any response whatsoever to indicate there's a PC there at all! It's as if it puts your PC in stealth mode. The firewall is actually is a fourth layer of protection.

And this kind of a setup actually adds a fifth, physical layer of defense: If a hacker manages to break in, he'll find himself in an almost empty, very wimpy junker PC with absolutely no interesting or sensitive files on it whatsoever. All the other PCs on my LAN are password-protected, and I've never let Windows save any passwords on the junker PC. So even if the hacker got into the junker PC, he'd have a hard time getting to any other system on the LAN -- what with their passwords, Personal Firewall apps running, and their innately-secure networking setups.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Nov. 10, 2014
Just 30% of respondents to our new survey say their companies are very or extremely effective at identifying critical data and analyzing it to make decisions, down from 42% in 2013. What gives?
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 16, 2014.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.