Peter:
Heya. I think if you ask 10 people about security issues
with routers, you'll get 10 different answers. :) So here's mine.
If you're securing a network with corporate assets on
it (e.g., databases of customers with credit card info), don't
mess around with it, and hire an expert. For most *home user's
systems*, the biggest "treasure" found on your network isn't
any of the files on any of the PC's -- the real treasure is the
broadband access itself. That is, many Internet na'er'do'wells
collect armies of "owned" PC's that become their drones so that
when they want to crash Amazon.com's servers, they will use
*your* PC to do it.
For these *home user's systems* (again, if you've really
valuable data on your networks, don't spend less on network
security than you would on *physical* security), good Internet
security consists of:
1. A NAT'ing router like the BEFSR41, or one with a
builtin firewall like the BEFSX41. I don't work for
LinkSys, don't own any CSCO stock, but I've setup
more than a dozen home LAN's with their products
and I can't complain. If you'd prefer a more home
brewed NAT'ing firewall, see "http://leaf.sf.net";.
2. Virus protection (like Norton Anti Virus) on every
PC with Auto-Update activated.
The above two pieces are, IMO, a 99.9% solution for the
average home-system. That is, if you have one of those routers
protecting your LAN from the wilds of the Internet, and if your
anti-virus software is kept as up-to-date as possible, the chances
that some black-hatter will gain illicit access to your PC's is
very slim. Please note that the anti-virus part is *very* important:
most network compromises I've seen originate from an worm or trojan
attached to an email attachment.
Again, security-advice can be a very tricky thing to give,
so please accept my suggestions in the manner intended. If I can
clarify or amplify any of the above, please let me know!
cheers,
Scott
On Mon, 12 Jan 2004, Peter Judd wrote:
> Scott,
> Okay, will check into router.
> Is there anything to be aware of re. router and security as I step into the
> cable modem / always on world soon?
>
> On good advice I have not been using TCP/IP with my small LAN for File &
> Printer Sharing as a way of preventing unauthorized access from the
> Internet - used NetBeui instead since it is non-routable.
> Are there functions / options of different routers that can control access
> from the Internet and give me confidence in leaving clients machines with
> VCN servers and tunnels running. I will be performing maintenance remotely
> but do not want to expose them to hackers, vandals, mistakes etc.
>
> Peter
<snip>
-------------------------------------------------------
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
_______________________________________________
Kaboodle-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/kaboodle-user
To UNSUBSCRIBE, click on the above link.
