December 12, 2000, 1:27 PM — There is little argument over the need to protect and keep enterprise networks out
of harm's way. However SOHO sites are often just as vulnerable to security breaches.
Strangely SOHO sites are often overlooked when it comes to security. And the security
risks, as we just saw from the Microsoft break in, are not just to the SOHO site -- an
invasion into the home or branch office can be just as serious to the enterprise
Connections to SOHO sites are typically made through ISDN, DSL or Cable Modem systems.
ISDN and DSL are point-to-point services. This tends to make remote access somewhat
secure, but it doesn't do much to protect the enterprise from attack by the remote
For example, a while back a nephew visiting a staff worker's home attempted to hack the
WVU enterprise network. This occurred even though CHAP (Challenge Handshake
Authentication Protocol) was turned on in the ISDN router in addition to a password
network login. How did the young nephew accomplish this amazing feat? It was all too
easy -- the youngster simply wandered into his uncle's den. The network access password
was neatly written on a sticky note attached to the uncle's PC, which was already
authenticated on the network.
Cable modems are a shared technology, which means that packets are easy sniffed by
others on the same Cable Modem Terminating System (CMTS.) Encryption can be helpful in
protecting information from prying eyes, but do yourself a favor and buy a "personal"
firewall for your cable modem connection. Since the cable modem is shared, anyone on
your system can hack into your PCs and you may never know it. (It's all one big happy
connection after all.) A firewall allows you to hide your PCs from the other
In fact, no matter what the connection your remote site, a personal firewall can offer
some protection from outside hackers. Software-based firewalls, as their name suggests,
are software applications that run on a computer, typically a Windows or Linux
machine. Because of their modest cost, software firewalls are very popular. For
example, Norton Personal Firewall
2000 is available at street prices ranging $40 to $60. Other software firewalls,
such as Network Ice Corp.'s BlackIce
Defender, are equally low priced at $39.95 per seat.
Unfortunately, software firewalls tend to be slow. That makes it hard for them to keep
up especially on faster networks like 100-Base-T. In addition, the firewall must
process packets in the PC's CPU making its performance CPU specific. They can also have
significant impact the PC performance.