Hardware Tips: Keep Your PC Hidden From the Bad Guys
A new PC fresh out of the box is like Swiss cheese: It's filled with holes that make it vulnerable to viruses and information thieves. Firewalls, operating system updates, and antivirus software can plug many holes, but hackers are always looking for--and finding--weaknesses in Windows and other software. For best protection, hide your PC behind a router's hardware firewall. Routers with firewalls are cheaper and easier to install than ever.
Hackers find a computer by connecting to its IP address, four numbers (each from 0 to 255) separated by periods that identifies each device on the Internet. A router allows several PCs to share a single Internet connection--and to hide behind a single IP address. The router displays the public IP address that is issued by your ISP and seen by everyone on the Net. It uses the Network Address Translation (NAT) standard to assign a private, temporary address to each computer on your network. The router directs inbound and outbound Internet traffic so it appears to outsiders that each of your networked machines is using the router's public IP address.
When hackers make contact with your public IP address, they don't go to your computer, but instead to a "dumb" router that lacks the vulnerability of a Windows-controlled PC. When you put all your computers behind a hardware firewall, you'll likely see a dramatic drop in the number of intrusion alerts that your software firewall registers. (You'll certainly want to continue to use that security program in addition to your router, though.)
Get Your Own Router
Entry-level four-port routers, sufficient for most home and small-office
networks, are cheap; for example, the RP614 from
With the explosion of networks in homes and small offices, vendors such as Netgear, Linksys, and D-Link provide reasonably simple configuration screens and, most important, telephone support, usually free for the first 30 days. Whether you're buying your own router or installing one from your ISP, you're likely to come across a lot of new acronyms. Here are the ones you need to know.
UPnP: The Universal Plug and Play standard simplifies the installation of any networked device--from routers to home appliances. Just plug it in, and it shows up in Windows Explorer. Most routers now come with UPnP, which Windows XP and Me support. One of the early security flaws in Windows XP involved UPnP, but Windows XP Service Pack 2 corrects the problem. UPnP is still too new to be trusted, though, so leave it disabled unless you are running software that requires it.
VPN: A virtual private network creates a secure channel between two computers over the Internet. Many businesses use a VPN to link remote workers to the company network. Your IT department can tell you whether your router needs to support IP Security (IPSec), the Point to Point Tunneling Protocol (PPTP), or some other network-security protocol.
SPI: Stateful Packet Inspection examines each incoming data packet and rejects unsolicited packets. Packets containing an inbound Web page, for example, have been solicited by a local computer and hence are ushered through the firewall.
DMZ: A Demilitarized Zone allows you to partially or fully expose a computer to the Internet. Online gamers and people maintaining Web servers and FTP sites will find this feature useful.
What's the second thing you do when you think your PC has a hardware problem (after you check the cables)? You reinstall the device drivers for the suspect component. But that means hunting down model numbers, looking for CDs, and maybe downloading files. WinDriver Ghost backs up all your device drivers and reinstalls one driver or many with just a few mouse clicks. The program is especially handy for keeping hand-me-down PCs with unknown hardware running smoothly. It's free to try, and only $25 to keep.