The Explorer: Secure Your PC Online, Part Three - InformationWeek
Software // Enterprise Applications
12:01 PM
Fred Langa
Fred Langa

The Explorer: Secure Your PC Online, Part Three

Building on Parts One and Two, Fred now shows how to make your PC nearly impregnable.

In Part One, we discussed the four myths of online security and the essential steps you need to take to ensure that your PC doesn't suffer from the worst and most-common online/networking security holes. By itself, Part One gets you a long way towards solid, basic online security.

In Part Two, we looked at "Personal Firewalls" that sit on your PC, and on each PC on a shared Internet connection. These applications work on a local level to block unwanted access to your PC from hackers or other undesirable agents. Even better, some also can block unwarranted accesses that originate from within your own PC -- such as from Trojan Horse and other apps that may secretly "phone home" to send information about you or your PC back to some outside destination.

Combined, Steps One and Two give you a reasonably high level security. In fact, they may provide all the security many people need for casual surfing and routine online activities.

But if you're reading WinMag.Com, you may not fall into the "routine" or "casual" surfer category -- I know I sure don't. So, this column -- Part Three -- discusses additional steps you can take if you want to increase your online security even higher. In fact, these are steps I personally take because (1) I have a 24/7 Internet connection; (2) I run my business and several Web sites online (see; (3) I have a somewhat higher than normal public profile and so may be a more likely target for hackers than others may be; (4) I share my Internet connection among several PCs; and (5) what can I say? -- I'm just a belt-and-suspenders kind of guy!

If any or all of those attributes describe you, then you also may wish to take one or more additional steps to make your PC nearly impregnable from hacker break-ins. Let me describe my own setup as a working example, and then we'll discuss alternatives:

First, I use all the techniques described in Parts One and Two: For example, none of my PCs binds networking clients, NetBIOS or "Print and File Sharing" services to its TCP/IP stack, so all the easy ways in to my system are eliminated. Second, I use a Personal Firewall on each PC (ZoneAlarm from ZoneLabs, while flawed, remains my personal favorite); this helps block both inbound and outbound hacker activity.

That gives me two levels of security so far. But I also take a third large (but easy and inexpensive) additional step: None of my PCs connects directly to the Internet! Instead, I use an old "junker" PC (an ancient 486 system that's too old, slow and RAM-limited for any other use) as an Internet connection server. This PC is a fossil with a cash value of maybe $25 -- the sort of thing you can find at a yard sale. But it runs Windows and Sygate: Sygate is a NAT ("network address translator") that allows a single Internet connection to be shared among several computers but that also features a very good built-in firewall. The way it handles the sharing completely disguises the online (IP) addresses of the PCs sharing the connection; the only PC the outside world can see at all is the junker system. That's worth repeating: None of the other PCs using the shared connection can even be detected from the outside -- and what a hacker can't detect, he can't attack.

Sygate's firewall also does a pretty good job of hiding itself (actually, it hides the PC it's running on) from prying eyes: Sygate swallows "probes" from hackers without any response whatsoever to indicate there's a PC there at all! It's as if it puts your PC in stealth mode. The firewall is actually is a fourth layer of protection.

And this kind of a setup actually adds a fifth, physical layer of defense: If a hacker manages to break in, he'll find himself in an almost empty, very wimpy junker PC with absolutely no interesting or sensitive files on it whatsoever. All the other PCs on my LAN are password-protected, and I've never let Windows save any passwords on the junker PC. So even if the hacker got into the junker PC, he'd have a hard time getting to any other system on the LAN -- what with their passwords, Personal Firewall apps running, and their innately-secure networking setups.

1 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
[Interop ITX 2017] State Of DevOps Report
[Interop ITX 2017] State Of DevOps Report
The DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll