New to the wonderful world of broadband-- now I am paranoid

Factual Questions
1

Hoping for some objective answers here on what I need to worry about now that my computer is connected to the internet all the time.

Firstly, I have downloaded ZoneAlarm (free version, yeah, I’m a cheap bastard) and seem to have it set up appropriately. My internet settings are high, and the only programs allowed to acces the internet are AIM, Yahoo! Messenger (because they have to or they won’t work!), internet explorer, MS Outlook 2000, and that’s it. Only the two chat proggies are allowed to act as a server since ZoneLabs said they have to be or they won’t work.

It blocks the odd IP address from attempting to connect to my computer, but apart from that it is totally silent.

Now, I don’t have any data that I cannot afford to lose, so my paranoia is a matter of time wasted rather than intellectual fruits being spoiled or something else equally tragic, but nevertheless I say: “Hey, why reinstall your OS if you don’t have to.” And I think I’m right there.

Secondly, there is no secondly. I’m running 98. Am i opening myself up for a world of hurt? bots? Or am I reasonably secure with ZA?

Muchas gracias. Broadband is way too cool.

2

You should be just fine. I just got AT&T cable access yesterday and it is awesome. The first thing I did is install Zone Alarm. It should be plently effective for most threats. The other thing to do is just make share that Windows File and Print Sharing are turned off in your control panels.

A deicated hacker could break into your computer through much effort but lets not be arrogant. Why would a teenage boy dedicate weeks of his time to read your e-mail (it isn’t that interesting is it?).

3

Just relax and let ZA do it’s job. All those port scans ans stuff happen to everyone all the time. There aren’t really 1,000s of hackers out there trying to get into your system.

4

good evening friends,

i love my broadband access, and woyuld hate to go back to dial up. you can test the integrity of your security firewall here by selecting “sheilds up” and following the instructions.

5

I run a mini-network with my Broadband using a Linksys cable router/switch. It has its own firewall. Other than my IP address, nothing else can be detected. I don’t need to use ZoneAlarm.

Oh yeah, one more thing. When I set up the four internal IPs for my machines, I didn’t follow the default method.

6

Relax. Network security is my profession. And your doing just fine.

Turning off Windows sharing is generally important, but ZA will even protect you from yourself, at least in that respect.

You didn’t mention anti-virus software, but you need some. If you don’t have it, get it. Even if you spend $40 bucks or so (the free stuff ain’t that great). Update your virus signature files every few weeks, or just after hearing about a new virus going around (which, these, days, is even more frequently).

You still should be cautious with programs that can access the Internet, and even more so for the ones that act as a server. Shut them down when they are not in use.

And every couple of months, be sure to update ZA.

One last tip - watch for “suspicious” ZA behavior. As you noticed after installing ZA, when you start an application that tries to access the Internet, ZA asks if you that is OK, and allows you to check a box that always allows that application to access the Internet. That’s fine - if you recognize the application.

I inadvertantly picked up some spyware (damn LimeWire crap). I only became suspicious when an un-named application kept attempting to access the Internet. ZA kept reporting "(ok, I can’t type a bunch of spaces, but imagine a blank here) is trying to access the Internet, do you wish to allow it? At first, I did the Nancy Reagan thing - I just said no. But it was persistent.

Knowing that I had recently installed LimeWire, I did some quick research, and learn about the spyware. AdAware took care of that.

The point is, if you are unsure, block it. If it starts to bother you, take the time to figure out what it is, and don’t just say OK to get it to shut up.

ZA is certainly sufficient to keep a hacker on a fishing expedition to drop hook in another part of the pond.

Sleep well.

7

Not really, NAT protects you somewhat, but you still need zonealarm. Install it, and you will see what I mean. I have a router/firewall, and I still get hits every once in a while. Also, I get apps trying to access the internet that shouldnt be, your firewall wont stop that. Adaware/zonealarm/router is the best combo.

8

:confused: What sort of sad router/firewall do you have? As far as outside traffic coming in, a Linksys will protect you as good as, if not much better than, ZoneAlarm. As far as traffic going out, well, you’re correct, it’s not going to do anything.

The best combo is a harware firewall to keep the outside out, ZoneAlarm to keep the inside in.

9

If you care about security, what in the world are you doing running Outlook? No firewall is going to keep it from receiving what appears to be mail for you.

10

Uh, most hardware firewalls should be configurable to control threats from the outside and inside, although I suspect the default to is to block everything from the outside and to allow everything from the inside.

But just like ZA, it should be configurable. If not, it’s a really crummy firewall, more like an anti-networking box.

11

The linksys is great router, but it is not perfect. I’m not going to give a cite, because I think the admins here might frown on that, but do a search on Linksys or NAT and exploit or vulnerability. That should show a couple of them anyway.

My current Router is a Dlink Router/wireless access point. I had a Linksys before I decided to go wireless, they both use the sort of firewall, and with both of them I would still get hits on zonealarm from the outside (although rare, mind you…maybe once a month or so). Even the real firewalls, the high dollar raptors and such that coporate networks use, can be penetrated if someone really knows what they are doing. If linksys’s were perfect, we wouldnt be spending thousands on Firewall equipment, we would just run down to bestbuy. or build a few linux box’s with IP masquerading and use that.

Also, if you have one of these stand alone routers, keep the firmware updated. They plug holes as the find them. There is an enhanced security update for linksys that just came out a few weeks ago.

12

A firewall has no way of knowing if a network request sent from your machine to an external host on one the standard ports was initiated by you, or spyware/trojan. It can block certain kinds of traffic, but it cant read your mind. ZoneAlarm knows what proggy initiated the activity, because it resides on your machine. The firewall doesnt have that luxury.

13

bdgr, Correct, that is a benefit of a software firewall, it can track to the application. Of course, there are “costs” as well, such as processor consumption.

FWIW, I have home network with six PCs and an 802.11b network as well. And I use ZA.

Like erislover, I too am a cheap SOB. Instead of buying a router, I just bought an additional $10 NIC and used one of my (old, otherwise worthless) PCs as a network gateway.

14

That works well if set up properly and kept up to date. Otherwise, that PC being used as a gateway can get hacked itself. When I set up my wireless network, the wireless/router was only a little more than just a wireless access point, so I just went ahead and got the all in one unit sold my linksys to one of the people I do work for on the side.

I LOVE wireless, I can post to the straightdope while sitting on the can, and when someone brings me a pc to work on I just plug in my USB wireless adapter and instant access.

15

I think we’re talking apples and oranges here. There’s exploits, and then there’s exploits. In the case of the Linksys, the exploits allow users from your Intranet, in theory, to access the Admin panel or the router. The Admin panel is blocked by hardware from access from the outside, AFAICT. Thus, unless you are a corporation with many people who you might not want to have access, you are pretty safe.

And then all they can see is your ISP password and username - of which, I (and many people) have none entered. There’s no secret info there.

And of course, using a simple router like that for a corporation would be unwise.

16

You may be mistaken here. What about always having to have the other PC on to access anything on the Net? And the electricity cost of running it all the time?

Assume 100W power drain over a year. That’s 876 kW*hr per year. At 10 cents/kWh, you have $87.60 per year in electricity usage.

Cost of the Linksys router is $79 at my corner store. The Netgear is $69. It draws about 3W (it has a 9V/1A supply, but typ. drain is 3W). Over a year, that is about $2.63 in electricity.

I think in this case, the stingy person might pay the most. If not over one year (assuming power costs are lower, or you don’t run your system all the time), it may take a year or two however.

17

Good point, unless you are using the gateway machine for something else also, like storage or something, it’s probably cheaper to go with the standalone.

18

Interesting point on the power consumption cost. Is your 100W figure for a PC alone, as I leave the monitor off?

And, btw, the PC does also serve as a file server and print server for the rest of my home network.

Also, I love my wireless network. I work on a laptop, and write this from sitting in my lazy boy waiting for the NCAAs to start on the big screen.

19

Never mind, looked it up, it is somewhere between 20 and 30 Watts for my particular model.

But I don’t know what my kWh cost is though…

20

20-30W? Eh, don’t worry about it. I’m just sometimes interested in energy.

I like energy.