A Little Box of Broadband Safety

A company's virtual private network may be as ineffective as the Maginot Line if its telecommuters remain unprotected.

A companys virtual private network may be as ineffective as the Maginot Line if its telecommuters remain unprotected.

Networking vendors have rushed to fill the breach with a host of firewalls that sell for between $100 and $200. These devices will protect remote computers, allow multiple users to share a single Internet Protocol address and still pass VPN traffic to a corporate network.

One of the more popular players is Netgears RT314, a 10-by-7-inch firewall with four Fast Ethernet ports designed for broadband Internet connections. Similar systems are available from D-Link Systems, Linksys Group, SOHOware and SonicWall, among others. All of them use Network Address Translation to hide computers by assigning them nonroutable IP addresses, which means they cant be reached from the public Internet. Fancier protection features are available on the more expensive models.

To practice safe computing, I popped several firewalls onto my network. The Netgear RT314 was among the easiest to install: It took 10 minutes to unbox, install and configure. All you typically need to install it is information from your broadband service provider and some very limited networking skills. Plug the cable or DSL modem into the connection marked "WAN," plug your computer into one of the four marked "LAN" and fire up the computer. Open a browser, type in the IP address of the RT314 and run the setup wizard.

Some Internet service providers assign dynamic IP addresses using a name, which is very easy to set up on the RT314. Others, including some Road Runner cable modem service providers, use the unique Media Access Control address of your PCs network adapter, so slipping in a firewall can involve a lengthy call to the ISPs tech support department. The Netgear software can spoof that address, fooling the ISPs Dynamic Host Configuration Protocol server into thinking its talking directly to the original computer.

The RT314 can dynamically assign 32 internal IP addresses. It lets you use up to 252 addresses, but setting them up gets more complicated. Ditto for configuring the firewall to allow a machine on the local area network to function as a File Transfer Protocol server or Web server. Also, running an FTP or Web server may violate the ISPs regulations, so check your paperwork.

Although basic configuration can readily be handled through a browser, some more esoteric functions are best configured through a telnet session or through the units serial port. Your corporate IT department can also log in remotely via telnet, but only if the default configuration is changed to allow such a connection.

The RT314 does have some drawbacks, but for cash-strapped IT departments, its a quick fix for the increasingly vulnerable PCs of remote users.