The Problem"Broadband" Internet access is being aggressively marketed with all the care and integrity we have come to expect from telephone and cable companies. There are some things they don't tell you about.
Network disruption: Installation of a broadband service may prevent you from accessing other devices on your network, such as print servers, Linux/Samba file servers, etc. which normally have "private" IP addresses.
Security: An Internet connection is a two way connection. Any computer attached to the Internet can be invaded through that connection. If that computer is attached to a network, the entire network is exposed to attack.
Why Wasn't this a Problem Before?
Why is it a Problem Now
How Likely is an Invasion?Very. A security expert recently installed a new cable modem at his home. It took him half an hour to get his firewall up. Within that time, someone was already examining the contents of his hard disk.
Brian Livingston, respected author and InfoWorld columnist has written a series of columns on the subject, starting with High speed Internet access can be harmful to your health and the health of your PC (25 Oct '99). Though his column aims at the home PC and home network, the problems are even greater for business networks.
Many other security experts have provided similar warnings.
Note: If you get your Internet service by simply plugging into a network jack provided by your office building's Internet service, they may be providing a private IP address that provides good protection except from people in the same building.
One of our clients recently installed a new computer. Instead of connecting to their network, it connected to the network of another tenant through the Internet access system. This is not what I'd call secure. Of course our client is firewalled, in fact they have two firewalls so accounting is secured from the rest of the employees.
The company maintaining Internet access system for this building assured everyone they were firewalled - and they were, from the ourside - but now the network is misconfigured and everyone is open to invasion from the outside too, unless they have their own firewall.
Note: Cable Modem service has additional network security problems because you are on a LAN (Local Area Network) with everyone else on that leg of the cable. This can make invasion of your computer stupifyingly simple. Some cable providers encrypt network traffic to prevent this, others don't. If you are networked in your office using the Windows default settings, your hard disks, printers and other resources may even show up in other people's "Network Neighborhood".
Solving the ProblemA permanent solution for these Internet access problems is imperative for several reasons:
An individual or home office with a single PC can use a product like Zone Alarm, a product of ZoneLabs. It can be downloaded free for hobbyist use, $19.95 for business users.
For a small office with a network, the most effective and easily maintained solution is to use unroutable "private" IP addresses within the network and access the Internet through a masq, or NAT router. Automation Access offers several ways to install this class of protection.
NAT, PAT, masq: What Are They?These are special router protocols. A router is a device that connects one network to another network. In this case, your business network and the Internet. For a plain router, traffic is simply passed through in both directions and all computers have their own "routable" IP address, and those addresses must be assigned by proper authority (and usually handed to you by your ISP). This is how the routers that make up the Internet work.
A router offering NAT, PAT or masq (there are subtle differences we won't go into here) requires only one IP address from your ISP, because all the computers on your network have special non-routable "private" IP addresses. These are not vulnerable to hackers because they can't pass through the routers that make up the Internet, or even through the router that connects you to the Internet.
When the router sees a request for an address not on the private network, it flags it for the private address it came from, sets the "from" address to that one routable IP address, and sends it out on the Internet. When a reply comes back, it is re-addressed for the private network and sent to the correct workstation.
Even if a hacker knows the exact IP address of your workstation, he can't send anything to it because no router will pass that address through. Only replies to requests from your workstation can get through. If he knows that one routable IP address your router uses, he still can't get through, because your router will just drop his packets because they aren't flagged for your workstation.
©:Andrew Grygus - Automation Access
Velocity Networks: Network Consulting Service - Internet Service Provider - Web Page Design and Hosting
All trademarks and trade names are recognized as property of their owners