ZIFFPAGE TITLEHome LAN Security

 
 
By Loyd Case  |  Posted 2003-01-03 Email Print this article Print
 
 
 
 
 
 
 


Irrespective of what piece of networking gear you have or are looking to buy, there are some standard rules of the road that you should follow to avoid having one, or possibly all of the machines on your home network get trashed by some no-account script kiddie. For starters, all the routers tested here support the DMZ feature, which essentially makes one machine on your network completely open to the Internet. Game servers left unprotected in DMZs are usually brought crashing down by gamer/crackers with more time than sense. So unless you like to watch a carcass get picked over by scavengers, dont ever put an unprotected game server box into the DMZ. Even so, some games simply require DMZ to operate.
Software firewalls like ZoneAlarm can protect a DMZed system well, and you can setup specific settings to ensure that most ports are locked down to prevent unwelcome visitors from making a mess of things. ZoneAlarm is still free after all these years, although the Pro version will run you $50 bucks. The free version gives you a very good working set of features, while the Pro version adds more enhanced email attachment threat quarantine and protection. The free version only quarantines VB scripts.
Another solid software firewall app is BlackIce, which is shareware, and a registered version goes for about $40. Note that the reviewed routers have basic firewall filtering built-in, but the software firewalls tend to fill in some important gaps. For an in-depth discussion on software versus hardware firewalls, check out PC Magazines recent story. Features like port-triggering and port-forwarding are much better ways to put a multiplayer game server up on the Net, while at the same time minimize the threat to your server and other machines. Even so, you should run ZoneAlarm on any server box you let outsiders access. This requires some initial tweaking and permission giving to get working, but its a minimal fuss compared to a potentially massive calamity. ZoneAlarm uses two simple sliders to set internal and external security levels. We played with ZoneAlarms settings for UT, and wound up having to dial down the external security setting from High to Medium, since the High setting essentially makes your machine invisible on the Net.
We liked these sliders so much, we think they would make a great addition to the broadband routers we tested. While the routers Web-based interfaces provide very granular control, they can be intimidating to network newbies. A simple slider would be a helpful addition. Three of the four of the reviewed routers lack Stateful Packet Inspection (SPI), also referred to as dynamic packet filtering. In an opinion piece penned a while back, Bill Machrone explained SPI:
[With Stateful Packet Inspection,] the router is trying to be intelligent about correlating behavior over time. It rejects packets that dont conform to expected behavior. SPI also knows about common exploits, broken and incomplete packets, and a bunch of other hacks. It rejects these packets, too. The downside of SPI is that the routers are more expensive and they tend to be slower, too. The dinky little microcontrollers that run inexpensive routers are hard-pressed to keep up with the data stream, much less examine every packet heuristically and logically.
While SPI, despite the somewhat ironic acronym, would be a good added feature to the routers weve looked at here, for many it would seem to be overkill. The combination of a NAT router, good firewall policies, and software firewall apps like ZoneAlarm, you can have your network secure enough to keep out all but the most determined crackers, and your game servers should be protected as well.


 
 
 
 
Loyd Case came to computing by way of physical chemistry. He began modestly on a DEC PDP-11 by learning the intricacies of the TROFF text formatter while working on his master's thesis. After a brief, painful stint as an analytical chemist, he took over a laboratory network at Lockheed in the early 80's and never looked back. His first 'real' computer was an HP 1000 RTE-6/VM system.

In 1988, he figured out that building his own PC was vastly more interesting than buying off-the-shelf systems ad he ditched his aging Compaq portable. The Sony 3.5-inch floppy drive from his first homebrew rig is still running today. Since then, he's done some programming, been a systems engineer for Hewlett-Packard, worked in technical marketing in the workstation biz, and even dabbled in 3-D modeling and Web design during the Web's early years.

Loyd was also bitten by the writing bug at a very early age, and even has dim memories of reading his creative efforts to his third grade class. Later, he wrote for various user group magazines, culminating in a near-career ending incident at his employer when a humor-impaired senior manager took exception at one of his more flippant efforts. In 1994, Loyd took on the task of writing the first roundup of PC graphics cards for Computer Gaming World -- the first ever written specifically for computer gamers. A year later, Mike Weksler, then tech editor at Computer Gaming World, twisted his arm and forced him to start writing CGW's tech column. The gaming world -- and Loyd -- has never quite recovered despite repeated efforts to find a normal job. Now he's busy with the whole fatherhood thing, working hard to turn his two daughters into avid gamers. When he doesn't have his head buried inside a PC, he dabbles in downhill skiing, military history and home theater.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...

 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel