Shake that false sense of security

Fact or fiction: The Internet is teaming with hackers ready to pounce on your insecure broadband connection?

Not sure? Ask Bill Laberis. Four days after cable modem service was installed on his home office system, a hacker broke in, dumped thousands of Linux and MP3 files onto his hard disk, and changed the extensions of his JPEG files to Linux ones, rendering them unusable.

Laberis, who runs a small custom publishing firm in Holliston, Mass., and is former editor in chief of Computerworld, was lucky. "Seems it was just a prank," he says. "But if the hacker had been malicious, he could have really hurt my business."

Before the incident, Laberis had never questioned the security of his dial-up connection. Long before, he had configured his three systems to share printers and files by enabling Windows Share-level access security -- with full read and write access -- and established no passwords. But when he switched to cable, he didn't realize that such an open configuration allowed anyone on the local subnet -- neighbors, or anyone with access to neighbors' machines -- to pop open the Network Neighborhood and access his files.

While Laberis admits his mistake, he was surprised by the swiftness of the attack. "There are people just camped out on your line waiting to grab your IP address. That really surprised me," Laberis says.

In the natural order of connectivity, analog modems are the most secure since you have to dial up to make the connection. Next secure is DSL. While its always-on architecture ups the chances a hacker will get in, the configuration resembles an octopus, with individual phone lines connecting to the providers central office. But cable is by far the most vulnerable. Not only is it always-on like DSL, but because one cable connection is shared among several local users, if you enable file and printer sharing like Laberis did, you're sharing with the whole neighborhood.

Modem manufacturers have no plans to stamp their cable modem boxes with big red exclamation point warning to "Use only with firewall." And the technician who visits your home or business to install an internal modem or network card in your PC isn't about to start checking your Network Neighborhood settings. But there is a deal in the works that's a big step in the right direction.

Checkpoint Technologies subsidiary Sofaware just announced a partnership with Ericsson to integrate its Safe@Home firewall technology -- based on Checkpoint's Firewall-1 product -- into its PipeRider HM204c/HM205c cable modems. Rather than protecting each PC on your home LAN with a desktop firewall, putting the firewall in the cable modem protects all your systems in one shot, saving money and hassle. And Ericcson's recently announced partnership with heavyweight Time Warner Cable means the first secure cable modems should be available by April.

And while Checkpoint proper focuses primarily on protecting the enterprise with integrated VPN and firewall products, it's making inroads into the small and mid-sized business market. Recent deals with harrdware vendors Ramp Networks (recently acquired by Nokia) and mean small businesses can now buy security appliances with Checkpoint's integrated desktop firewall and VPN technology built in.

This story, "Shake that false sense of security" was originally published by Network World.

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon