One Firewall, Two Firewall...
Q. If one firewall is good aren't two better?
A. It depends. Let's define what we're talking about first. Firewall simply refers to the implementation of a hardware or software solution to filter information flowing from one place to another in a networked computing environment. Here are some examples of where you will find a firewall:
- Perimeter firewalls: Exist on a company or home network at the point where the internal network connects to the outside world;
- Intra-network firewalls: Normally seen in large environments were a company wants to control data flowing between areas;
- Personal or Device firewalls: They exist on individual computers to provide customized protection.
For the home user let's keep it simple.
Your router probably acts as a simple packet filter perimeter firewall. In other words all it does is stop computers outside of your network from initiating a connection to a computer inside your network. It probably isn't doing any content filtering or more complex firewall tasks.
Your individual computer may also have a personal firewall installed. It's intended to do a lot more than simply prevent connections. It may serve to detect what are called anomalies, events that may indicate a problem caused by malware. It may protect you from known vulnerabilities while you are surfing the web. It does content filtering, meaning that it inspects each packet of information flowing into and out of your network to detect problems.
The question posed above generally refers to an individual computer trying to run more than one firewall at a time. Each one may operate perfectly well, but each may get in the way of the other if they try to run together. So the answer to the question is yes and no. It can be very helpful to have separate perimeter and personal firewalls running. It's not a good idea to have multiple firewalls on a single device.
Passwords, ARRRGGGHHHH!!!
Q. These passwords are driving me crazy! Passwords like $itn0Mbd and nwbY1iy$ drive me crazy!
A. Me too. Sorry, you're on your own.
Just kidding! Fortunately most places let you, in fact force you, to change the initial password they assign to your account when it is created. However, they also try to help you stay just a little safer by enforcing certain rules such as a minimum character count, no repeating characters, no dictionary words, at least one capital letter, punctuation mark or number, etc. This can be counter productive when it leads to frustrated users writing their passwords underneath the keyboard or on a sticky note on the monitor. I've even seen a user who worked in an open office space and, for some reason, would always lean back in their chair before logging in. Why? They had written their password on one of the little metal strips separating the ceiling tiles in the office!
There's a way to pick good passwords that are easier to remember and can meet most site standards. All you have to do is come up with a phrase that means something to you. Let's take the phrase "Aunt Nora loved to make ginger snap cookies." By taking the first letter of each word we can easily turn that into anltbgsc as a password. Now let's make it a little tougher and change the s to a $ and the l (ell) to a 1 (number 1). Now the password is an1tbg$c. If they insist on at least one capital letter then make it An1tbg$c.
Sure, it may take a few times to get comfortable typing it, but I bet you can remember it!
Simple substitution can make decent passwords very good with little effort. Here are some ideas:
If your phrase includes the word "and" use "&". Simple and easy to remember.
- E -- 3
- K -- 4
- L -- 1 or !
- S -- $
- O -- 0
- B -- 6
- T -- 7
- A -- @
Strangers Reading My Home Wireless Network!?!
Q. I just read in the newspaper that strangers can get on my home wireless network and read everything I send over the Internet. Help!
A. First, that's what you get for still reading tree-ware. ;-) I spent more than 20 years in the business and trusting a reporter or columnist to give you technical advice is like trusting Aunt Gertrude to give you advice on your Honda fuel injection problems. Unless, of course, Aunt Gertrude happens to be a Honda mechanic! Generally most people in the news business have no background to assess the issues they cover. Some do spend the time necessary to learn the subject they cover, but most are satisfied with being general reporters who can ask questions and put a sentence or two together -- until they start believing their own press and become columnists.
Honestly there is a grain of truth in the column that was distributed nationwide and which suggested that users connect their individual devices directly to their cable or DSL modem. That's great it if you want to work from one spot in your house within convenient cable reach of your modem termination point. The problem is that more home users today have multiple computers, ranging from desktops to the smallest of laptops, that need to have access from all over the house.
What to do!?! Oh! What to do!?!
First, ignore the column. Let's talk about how wireless works in a non-technical way. Basically, a wireless router in your home is just like the hot spot you encounter at Starbucks, Borders or whatever your favorite place is to connect to a free wireless network. The wireless device sends out radio signals that the wireless card that is attached to or is part of your computer can use. Anyone can, by default, connect to the wireless device and read the transmissions that are moving between the hot spot and the computers connected to it. Now whether you are at home or at Starbucks that can be a problem if you're sending sensitive stuff over the network.
(By sensitive stuff I mean user names, passwords, bank account information, that nasty email about your boss....)
There is a solution and we'll focus on the home network now and save what to do in public for later. The solution is encryption. Your wireless router at home can certainly be set up to use encryption and there are several ways to approach it. I won't try to address specific issues on "how to" here, you'll have to refer to the documentation for your type of wireless router, but here's what you need to do:
- Change the password used to access the router (see password hints above).
- Change the network name and, if it will let you, set the router to not broadcast the name.
- Select an appropriate encryption method for your router. Most routers will offer several types of encryption. Avoid WEP, which stands for wired equivalent privacy, as it is easy to break. WPA or WPA2 using either AES or TKIP are fine.
- Choose a good passphrase to allow a computer to attach to the wireless router. You will have to use this passphrase on each computer you want to connect. Just as with passwords (see above) you need to avoid passphrases that are easy to guess. A phrase like "Johnshome" or "mysecretphrase" are not real good.
If you're really a control freak (like me) you can go a step further and turn on MAC address filtering, which means that every person who wants to connect to your device has to provide you with the MAC address of their wireless card (a special number assigned to every wireless network card that identifies the card and the manufacturer). You can then tell your router to only allow these cards to connect to your network so that even is someone knows your passphrase they can't connect with an unknown device.
Now you can rest a little more comfortably. It's highly unlikely that anyone, even the neighbor kid who thinks he's so great, is going to connect to your network without your OK and even if they do the transmission between each device and the wireless router is encrypted. I know that I've simplified the topic far too much for the geek crowd and it probably still seems a little complex if you're non-technical. But I'm not going to get into things like algorithms and salts here because I want people who otherwise throw up their hands and say "it's too complicated, just leave it alone," to realize they do something to protect themselves!
Trust me. Read the manual and you can do it. If not, the neighbor kid can probably help! Just make sure you learn how to change the router password and the passphrase used to join your computer to the router so you can change them after he leaves!
No comments:
Post a Comment