Security
Cable modem and DSL security issues and solutions
John Broughton
Note: This article discusses cable modem and DSL security, but much of it is relevant to any type of Internet connection, including dial-up and campus Ethernet connections.
If you have an ISP for a dial-up connection, or dial into campus modems, you've probably also noticed advertisements for DSL or Internet cable services, two ways to get high-speed Internet
access. DSL and cable connections are "always on" — no dialing is needed. And this type of connection is not that expensive — for example, DSL service from Pacific Bell (HTTP://www.pacbell.com/), if ordered before April 30, 2000 (and with a commitment for 12 months), costs $39.95 per month and includes free
installation, a free DSL modem, and a free network interface card.
Unfortunately, DSL and cable connections also have additional security risks. "Always on" means that your computer is assigned an IP address that doesn't change unless you log off, and there is
no timeout feature. So a connected computer (if on) can be attacked 24 hours per day, seven days per week. Once identified as having a security weakness, or broken into, an always-on
Internet-connected computer can easily be found again. And its high-speed access makes it a particularly desirable target. By contrast, a dial-up connection is typically "off" most of the time,
is dynamically assigned a new IP address whenever it connects, and isn't as useful as a springboard or as a "zombie" machine. (For a detailed discussion of cable modem and DSL security issues,
see Prying Eyes: Is your always-on connection safe? [HTTP://www.computercurrents.com/] in the January 25 issue
of Computer Currents.)
So — how can you protect your computer, if you have a cable modem or DSL?
-
Reduce the number of hours that your computer is physically connected to the Internet by logging off or by other means. If you shut down your computer when it is not in use, you
clearly reduce the chances your computer will be broken into. Logging off from your high-speed Internet provider accomplishes the same thing, plus it typically gives the computer a new IP
address when it next logs on. (And reconnecting to your service provider is a lot faster than with a dial-in connection.) Finally, you can also physically unplug the network connection going
into your computer (typically, an Ethernet connection), although this won't change the IP address.
-
Make sure that your computer's settings minimize vulnerabilities. If you want to graphically see how (un)secure your Windows computer is, you can test it at the ShieldsUP! (HTTP://grc.com/) site. This site also explains, in detail, how to change Windows settings to reduce your computer's vulnerability to network attacks, and it
has evaluations of some firewall software.
-
Keep up-to-date on security fixes for your operating system and programs. If your computer runs Windows, you should frequently check the
Microsoft Windows Update (HTTP://windowsupdate.microsoft.com/) page. If you have Office 2000 (Word, Excel, etc.), you should periodically check the Microsoft Office Update (HTTP://officeupdate.microsoft.com/) site. For Windows security in general, you'll find detailed information at the Microsoft Security Advisor (HTTP://www.microsoft.com/security/default.asp) site. For Macintosh computers, a good source of security
information and solutions can be found at MacInTouch Security Resources (HTTP://www.macintouch.com/security.html). For Linux, a lot of
information can be found at the Linux Security Home Page, and at the Linux Security HOWTO (HTTP://www.linuxhq.com/ldp/howto/Security-HOWTO.html) page.
-
Install firewall software to prevent attacks from being successful. A firewall — software that can block specified incoming and outgoing data packets — can add an
additional level of protection for a networked computer. For Windows 95, 98, and NT computers, one good choice is
BlackICETM Defender (HTTP://www.iss.net/products_services/hsoffice_protection/), which costs $40, including one year of upgrades and technical support; there are additional charges to
continue support for more than one year. Another is ZoneAlarm (HTTP://www.zonelabs.com/), which is free for personal and nonprofit (but not government)
use. For Macintosh computers, two possibilities are NetBarrier (HTTP://www.intego.com/netbarrier/), available for MacOS 7.5.5 and later, for
$75; and DoorStop Firewall, Personal Edition (HTTP://www2.opendoor.com/doorstop/DoorStopEditions.html#pe), available
for MacOS 8.1 and later, for $60. For Linux systems, packet filtering (firewall) software called Linux IP Firewalling Chains
(HTTP://www.rustcorp.com/linux/ipchains/) is bundled with almost every Linux distribution.
In short, if you have or are getting a cable connection or DSL — enjoy! But keep in mind that high-speed access makes your computer into a more accessible and attractive target. If you
spend a bit of time (and maybe money) protecting your computer, you'll be much more safely connected to the Internet.
[ Next Article | Contents | Search BC&C | BC&C Main Menu |
IST | UC Berkeley ]
Berkeley Computing & Communications, Volume 10, Number 2 (April-May 2000)
Copyright 2000, The Regents of the University of California