Hardware Tips: Keep Your PC Hidden From the Bad Guys

A new PC fresh out of the box is like Swiss cheese: It's filled with holes that make it vulnerable to viruses and information thieves. Firewalls, operating system updates, and antivirus software can plug many holes, but hackers are always looking for--and finding--weaknesses in Windows and other software. For best protection, hide your PC behind a router's hardware firewall. Routers with firewalls are cheaper and easier to install than ever.

Hackers find a computer by connecting to its IP address, four numbers (each from 0 to 255) separated by periods that identifies each device on the Internet. A router allows several PCs to share a single Internet connection--and to hide behind a single IP address. The router displays the public IP address that is issued by your ISP and seen by everyone on the Net. It uses the Network Address Translation (NAT) standard to assign a private, temporary address to each computer on your network. The router directs inbound and outbound Internet traffic so it appears to outsiders that each of your networked machines is using the router's public IP address.

When hackers make contact with your public IP address, they don't go to your computer, but instead to a "dumb" router that lacks the vulnerability of a Windows-controlled PC. When you put all your computers behind a hardware firewall, you'll likely see a dramatic drop in the number of intrusion alerts that your software firewall registers. (You'll certainly want to continue to use that security program in addition to your router, though.)

Get Your Own Router

Entry-level four-port routers, sufficient for most home and small-office networks, are cheap; for example, the RP614 from Netgear (see FIGURE 1

FIGURE 1: A low-cost router puts the "wall" back in your firewall and stops many hackers cold.
) costs around $40 online. If you're planning a wireless network, get a wireless router instead of an access point; they are priced about the same. And if you're shopping for a new ISP, don't buy a router just yet. Most of the cable and DSL modems that broadband ISPs provide come with firewalls.

With the explosion of networks in homes and small offices, vendors such as Netgear, Linksys, and D-Link provide reasonably simple configuration screens and, most important, telephone support, usually free for the first 30 days. Whether you're buying your own router or installing one from your ISP, you're likely to come across a lot of new acronyms. Here are the ones you need to know.

UPnP: The Universal Plug and Play standard simplifies the installation of any networked device--from routers to home appliances. Just plug it in, and it shows up in Windows Explorer. Most routers now come with UPnP, which Windows XP and Me support. One of the early security flaws in Windows XP involved UPnP, but Windows XP Service Pack 2 corrects the problem. UPnP is still too new to be trusted, though, so leave it disabled unless you are running software that requires it.

VPN: A virtual private network creates a secure channel between two computers over the Internet. Many businesses use a VPN to link remote workers to the company network. Your IT department can tell you whether your router needs to support IP Security (IPSec), the Point to Point Tunneling Protocol (PPTP), or some other network-security protocol.

SPI: Stateful Packet Inspection examines each incoming data packet and rejects unsolicited packets. Packets containing an inbound Web page, for example, have been solicited by a local computer and hence are ushered through the firewall.

DMZ: A Demilitarized Zone allows you to partially or fully expose a computer to the Internet. Online gamers and people maintaining Web servers and FTP sites will find this feature useful.

Subscribe to the Security Watch Newsletter

Comments