The
quest continues. How do you make your machine safe on an open network?
Well I actually got an answer from Commander Chris Wagoner over at
All Experts:
All you really need to have is a good firewall, a good virus software, and one or two malware programs. I use AVG Anti-virus Pro, Spy Bot Search and Destroy (free), AdAware 2007 (free), and Tiny Personal Firewall. And I run them religiously every week...
I run the same freeware apps so I seem to be on the right track. Plus I run
PeerGuardian2 which is for people who are paranoid but still want to use Bittorrent.
He also put me on to software than can watch the activity on my network. There are a few recommended apps out there, top ones seem to be
Wireshark and
NetworkProbe. Wireshark is probably better but it's very geeky requires more exertise than NetworkProbe which has a nice graphical user interface. Watching Wireshark is a bit like watching The Matrix data stream by.
For more network montiroing apps - check out
this link.
Labels: network, security
As part of my
quest to figure out how to run an open home network safely, I've come across this useful tidbit worth passing on:
The Sygate Firewall (amongst others) has a vulnerability.
My IT put me on to this (this is a funny guy who is Chinese but speaks with a Russian accent because he comes from some far off province on the Russian border).
Your computer should be invisible to "pings" (messages from cyberspace which essentially say "knock, knock - are you there?"). Everyone should ensure that their firewall stops responses to these signals. In this way, your computer will remain invisible to sniffers.
For
Sygate, this vulnerability is easily corrected as follows:
Click Tools, Advanced Rules and click the Add button. At Rule Description you enter ICMP (Internet Control Message Protocol). The Action has to be Block this traffic. At the tab Ports and Protocols you select ICMP from the combo box, and then the Select All button. Furthermore change the Traffic Direction in Incoming and click OK. - source
Labels: firewall, network, security
Security guru
Bruce Schneier did a piece a while back about how his home network is not locked:
Steal this Wifi.
The bottom line for him is that his computer should be secure on any open network outside the home so why not open the home network? The man has a point. But of course the obvious question is: how do you secure your computer for an open network?
Simply asking the question gets people quite excited. It hints at
heresy and insanity and it seems I should be locked up for my own good. I asked my office IT guy and he suddenly became extremely amused like I'd just won the freak of the day contest.
For the record I'm not a complete moron (IMHO). I'm protected by:
What else do I need to safely open my network? It seems that short of writing Bruce himself I will not get an answer
because those who know will not tell me.
I would also like an application that will tell me who is using my network so I can actually see if there is anyone using my network. IE something that updates in
real time so I don't have to keep refreshing the router's connection
webpage.
The only sensible advice I've had so far is to ensure that I change my router's password from the default password.
Labels: computer, network, security, wifi
