SOHO Information Security

This page is somewhat out-of-date; you'll notice references to floppy drives and MS Money. The product information is so old it's useless, but the concepts haven't changed and some sites may still be relevant. Just take it with a few grains of salt.

With the advent of more widespread broadband (cable modem, xDSL) Internet access and the greater proliferation of SOHO (Small Office/Home Office) and Virtual Offices, Information Security is becoming more important at home as well as at work.

Home Network Designs

Recently the question about how to design a relatively secure home network has been coming up a lot. So rather than trying to draw the same thing on whatever napkin happens to be handy, I diagrammed the four most common home network designs, and wrote some text that fleshes out the details. See home_networks.html. Zone Labs, now part of Check Point Software has a similar sort of PDF document.

If you do nothing else, at least grab the free versions of Zone Alarm, Ad-aware and Spybot.

Why YOU as a home user need a firewall

Do these sound familiar:
"There is nothing on my computer I care about."
"Why would anyone want to hack me?"
"I'm using dial-up so I'm safe."
"Who cares?"

I hope not, but if you do not have a firewall and you believe any of the above, you are wrong! Here's why.

  • It is possibly true that there is nothing worth stealing on your PC. But... Do you use Quicken or MS Money? Turbo Tax? The encryption in those programs is a joke, and if you fill in all the forms them your entire financial status is a wide open book to anyone who wants to look. Is your name, address, phone number, credit card information or Social Security number on your PC? Anywhere? Hum, not so worthless any more, huh?
  • Do you have any kind of perr-to-peer or other file sharing software installed? That would include things like Kazza (AKA KaZaA), Morpheus, or even distributed computing programs like SETI@home? Even if you did not install anything like that, did your kids? If so, your entire hard drive may be open to the Internet. It may not too. The point it, DO YOU KNOW?
  • Why would anyone want to hack you? Good question. No reason--they wouldn't. It's purely a numbers game. IP Addresses to be precise. If your IP Address (kind of like your computer's "phone number") is in the range that some random attacker is scanning, and you are running a PC that is vulnerable to whatever exploit he's running, and you are not otherwise protected (like by a firewall), then you are hacked. Period, end of story. And you probably don't even know it.
  • But so what, right? Wrong. If your machine is hacked in the right (or perhaps wrong) way, the attacker can do anything he wants. Including launch denial of service attacks against the Whitehouse, bounce (redirect) web surfing to terrorist sites though your computer, use your computer hard drive space for storage of illegal software--or worse, use your computer and bandwidth (Internet connection) to send spam, and the list goes on.
  • Don't believe the problem is that bad? See me firewall stats page. It lists the number of times my cable modem has been attacked in the last 2 weeks, and back to early 2002. It isn't pretty!
  • Hackers steal from pirates, to no good end. The people who design rogue programs that take over computers from afar are now applying the tactic that made music pirating programs so effective--and the Internet may never be the same.
  • A third of spam spread by RAT-infested PCs. Nearly one-third of all spam circulating the Web is relayed through PCs that have been compromised by malicious programs known as Remote Access Trojans, according to Sophos, an antispam and antivirus company.

SOHO Security Links

See also my SME Server (Free Linux-based equivalent to MS' Small Business Server) and GNATBox Firewall Installation Quick Reference pages.

SOHO Firewalls

As an aside here,I personally use GNATBox Lite. My requirements were as follows, and that's the only thing I could find that meets them all. (See also my GNATBox Firewall Installation Quick Reference page.)

  • Free
  • Run on a 486
  • Run from a single floppy disk -- no hard drive needed
  • Simple to manage
  • Remote syslog logging support

I'd considered using OpenBSD with IPFilter as well, but it does not quite meet all of my needs. I am also running a kind of "virtual" VPN [sic] using ssh from OpenSSH. I'm in the process of writing up some documentation about this. I'll put a pointer here when it's finished. In the meantime, see O'Reilly's SSH, The Secure Shell: The Definitive Guide.