Don’t be caught playing Russian roulette with security for your home PC. Many people are quite oblivious to the fact that there is a need for security if you have an “always on” Internet connection i.e. DSL/Cable modem, attached to one or more computers. Without proper security you are open to someone eventually gaining access to your PC. I put intrusion detection scanners on my system at home and I’m amazed at how frequently there are probes on my IP address.
Generally the probes are first to the well-known open ports or the well-known security loopholes in specific services.
Your “always on” system presents a presence to anyone through the many different ports used for connection to the various services, http, ftp, smtp, and telnet. Most ISPs either will not allow or will charge extra for using more than one IP address for multiple computers connected to a hub. To get around this, Internet connection sharing software of some sort i.e. ICS (Windows 98SE,win ME and win 2000), NAT (network address translation), or a Linux based IP masquerading is used. The problems with these solutions are that your one computer has to be on all the time and is may be vulnerable. However there are a many sites on the Internet that can be used to check the security of your Internet connection by detecting vulnerabilities.
With most high-speed access packages, you get a dynamic IP address that your ISP provides to your system when it first connects. Often you are given a lease time frame of 30-90 days. If you restart the system you may not get the same address again so your IP number will change. This can be a problem if you have a service running, for the web server, camera server, file server, or for running multiplayer games and you don’t want the address to change. If you have an “always on” hardware solution such as DI-701 your dynamic address will never change.
View of DI-701
Yellow cable to hub
Blue cable to DSL/Cable modem
Photo taken with D-Link DSC-350 camera
The D-Link DI-701 solves the security problems and the IP address changing problems I previously discussed with an “always on” firewall that prevents intrusion and maintains the IP address.
It is very easy to set up the small clear box (no blueberry or tangerine for mac fans) to your DSL/Cable modem (the global port) and your computer or hub to the internal port. Then plug in the power connection and then go through the configuration procedure. DI-701 will automatically find the external IP address, and then you can decide if your internal IP address will be assigned using the private IP address range of 192.168.0.1-192.168.0.128 or to any fixed IP address you wish to assign. Changing the settings can be done by a GUI (via a software package for win9x, NT, win 2000), the serial port or telnet session. As well, you can configure your internal server’s set up to be accessed externally through any port number you wish. For instance you could put an ftp server on port 2020 instead of port 21 as added protection since most port scanners just check the well-known port numbers. You can share up to 32 internal computers to your one external connection. The D-Link DI-701 broadband gateway is an excellent and a simple hardware based firewall solution for high speed Internet access. I have used the latest version of the firmware and there are settings for port filtering as well. (for advanced applications).
I tested the DI-701 to the outside world using various standard vulnerability tools on linux such as Saint and Nmap as well I had my ports probed at www.grc.com and the ports came up either in closed mode or stealth mode (very secure) which is as effective as big name hardware firewalls.
Yes, hackers are going after commercial sites before home sites, but I have seen that home sites are becoming a target too. For only $99.00 for the DI-701 you will gain very effective protection and it also has a very fast install. The worry about being hacked into is real and if you want to see, as I did, load up some intrusion detection software and you will discover that there are people scanning and looking for easy vulnerable prey. Don’t be one of them. Get a D-link DI-701 or the just released DI-704 that includes a four port 10/100 switch for $179.00.