While it is not one of my favorite Bill Murray films, 2003's Lost
in Translation, which was written and directed by Sofia Coppola,
looked upon the often strange results that take place when language is a
barrier, and as odd as it may sound, I think it is fair to say that
the disconnect that resulted in my most recent Digital Grind column
appears to lose its way largely down to the message being lost in
translation -- or at least in this case, lost in direction.
I take total blame for that - the column was submitted and was
edited during the span of several days in which due to health issues
I was not available for consultation - so it was not entirely clear
what it was that I intended it to say.
The fact that it appears to suggest that I do not know what NAT is
or how it works, and perhaps even more startling -- that I appear to
believe that computers can communicate via the Internet without
having an IP Address -- crop up due to editing that was absolutely
necessary due to space limitations.
To address the issue I thought it might be helpful to
provide the original column below, in its entirety, and after doing
so I will be directing the readers who email about it and my mistakes
to it, so that they can both see where it was I intended to go and,
perhaps of more importance, benefit from the lesson I had hoped to
share.
So here is the original Digital Grind Firewall-RouterColumn (any errors in spelling or grammar are my own):
 |
| A typical home network with a Firewall-Router uses a mixture of wired computers / server with WiFi devices like gaming consoles, iPads, Skype-capable wireless phones, and other computing and entertainment devices that use Network Address Translation (NAT) to permit many devices to access the Internet using just one IP Address from the ISP. |
Digital Grind Firewall Column
While it has a number of related meanings, the phrase “security
through obscurity” is most often used to describe a belief that a
computer or network with nothing of interest on it is safe from
intrusion because it should not interest an outsider.
That notion can appear to be quite sensible, but consider this: In
modern terms the phrase is also a pejorative among computer and
network security engineers, having the same definition but
interpreted as a dangerous fallacy not to be relied upon under any
circumstances.
The reason for that is very simple: there doesn't actually have to
be anything of value on a network or a computer to make it a target;
access alone is reason enough to justify an attack.
That basic truth is why we go to so much effort in protecting our
computers; why we keep the OS and apps up-to-date with respect to
security patches and bug-fixes, why we run anti-virus and malware
suites, and why security awareness extends not just to software but
also to hardware.
These steps, combined with safe Internet use as well as common
sense precautions, represent standard proactive and responsible
efforts for establishing and maintaining a safe computer system and
environment, but there is still the matter of securing your network
to be considered.
The Network Connection
Modern network architecture consists of a 'net connection using a
modem (for DSL) or a router (for cable or fiber) connected to which
are one or more computers, network appliances, and 'net-aware
consumer electronics like network-ready TVs and DVRs.
Assigned a valid IP address by your Internet service provider, the
modem or router functions as the gateway device allowing every system
on your network to communicate with the Internet, and vice versa
using a scheme called Network Address Translation, or NAT.
Without NAT every device on a network needs a valid IP Address to
access the Internet. With NAT any number of computers or devices can
be connected to the world beyond, requiring only a single valid IP
Address.
In the time that it took me to write this, according to the
security logs on my firewall it was scanned by ten different
potential attackers.
The fact that they were not targeting me specifically offers very
little comfort; they were scanning the block of IP Addresses owned by
my ISP to see which customers are connecting without basic security
protection.
This sort of approach works because the function of the
modem/router is to pass traffic to and from the Internet, and it will
do that without any consideration for whether that traffic is
legitimate or hostile. It is only a matter of time then, before
they locate a weakness in a system on the network and compromise it.
Once that happens, in addition to the most obvious targets like
banking and credit information, they can also turn the resources of
the network to a variety of purposes -- like hosting pirated software
or porn, or using it as a launch-point for attacking other networks
and computers.
The Firewall
While the mix of anti-malware and virus programs, keeping your
systems patched and up-to-date, and taking care to surf responsibly
are a good start, the foundation of your network security is found in
a device called a firewall-router.
Named for the partition wall used in commercial buildings to
prevent the spread of fire, a network firewall is a hardware device
whose function is very much like the moat and gate of a castle. It
sits between your network and the Internet, serving as a gatekeeper
for all of the traffic passing between them.
It has two basic jobs to perform: the first is to ensure all of
the traffic coming in is legitimate, while making your network
invisible from the Internet side. The second is providing a level of
convenient connectivity to you.
If the modem or router you received from your ISP is the only
device between your network and the Internet, you need to buy and
deploy one today. The good news is that you can do this yourself
because the arcane has been engineered out of these devices.
Installing a firewall on your network requires no technical
knowledge beyond the ability to follow basic directions, swap network
cables, and use a web browser-- nearly anyone can install and
configure one.
Healthy competition among manufactures has also resulted in
something of a boon for consumers, because the current generation of
firewall-router happens to be a feature-rich and interesting one.
And they have never been as inexpensive as they are today.
Intended to replace other older devices on your network --
particularly WiFi routers and network-accessible storage devices --
they sport features like traffic shaping and offer a measure of
control over your network and how it can be used that may surprise
you.
Most include a minimum of four wired ports as well as WiFi
service, USB ports, and the best standard encryption and speeds
available, so deciding which firewall-router you need is down to
determining what added features you want -- and then selecting from
the models that provide them.
Security for Gamers
If you have gamers in the house -- and on your network -- D-Link
makes a line of firewall-routers that are engineered specifically
with them in mind. The DGL-5500 / AC1300 Gaming Router is designed
to detect when gaming devices are used and optimize traffic in
support of that activity.
Its tube-like form naturally blends into the background, while its
Streamboost feature and advanced UPnP support manages the traffic on
your network to ensure that your PC and Console gamers get the
bandwidth priority that they need for lag-free play.
With full support for the 802.11a/b/c/g/n WiFi standards, the
AC1300 offers concurrent dual-band connectivity at some of the
highest speeds currently available, but more important it supports
both the established WiFi standards as well as the newest.
Basic security features include WPA/WPA2 wireless encryption, an
SPI firewall, and anti-spoof checking, while its robust parental
controls offer an added measure of convenience. Parents can specify
-- device by device -- when games can be played and when they cannot,
and the parental controls even permit site blocking.
Security plus Storage
For network security that also offers network-accessible backup
storage, Netgear's Centria N900 (WNDR4700) neatly fits the bill.
Touted as an “All-in-One” solution, the N900 functions as a
WiFi Firewall-router, Media Server, and Automatic Back-up Server
supporting 802.11 b/g/n WiFi standards as well as Wireless N Dual
Band.
The N900 fits into the new range of firewall-routers called
“Storage Routers” thanks to the hard drive slot concealed behind
a door in the side and its ReadyShare timed back-up App. Consumers
have the option of adding their own SATA2 hard drive in sizes up to
2TB (the WNDR4720 model comes with a 2TB drive pre-installed).
The N900 supports WPA/WPA2 encryption and provides backup services
to a wide variety of WiFi equipped devices, including notebook
computers, tablets, PCs and Macs, and your iPad or smart phones.
Security plus Media
With the Internet now into traditional entertainment media thanks
to streaming movies and TV, the WD My Net N750 HD Dual-Band Router
from Western Digital is a stand-out firewall-router for networks
heavy on media.
The N750 offers full support for 802.11 a/b/g/n WiFi standards
with speeds up to 750 Mbps. With its WPA/WPA2 encryption and SPI
firewall, the low-profile form blends into any entertainment center,
and includes four Gigabit wired ports for connecting game consoles,
DVRs and other media devices.
Smart HD streaming allows you to watch videos with accelerated
steaming via its FasTrack technology, which delivers HD streams to
multiple devices at the same time with combined speeds of up to 750
Mbps.
Firewall Protection
Each of these routers feature easy to use web-based configuration
interfaces, with basic setup instructions that anyone can follow to
quickly and conveniently get them working with the hardware already
on a network.
While they differ in terms of special network and entertainment
focus, each supports the standard set of security features, offering
a level of protection you should expect from what is, after all, the
foundation of your broadband network security.
The criteria now used for selecting a model tends to focus on what
extra features and services you most desire -- and to some degree how
your network is used -- so in the final analysis with security
through obscurity no longer an option (if it ever was), adding a
firewall-router to your network is the best path to ensuring its
protection now and in the future.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Final Notes
I apologize sincerely to my readers who may have found the path in
the version that appeared in the paper a bit circuitous and I
apologize to my editor for my failure to make clear the purpose and
the direction that I intended to take.
From here on I will endeavor to prevent those mistakes from
ever happening again.
Cheers!
No comments:
Post a Comment