- PGP Keys
- Vossen's Law
- Firewall Rules
- Home Net Security
- Snort Books
- Sec Tools
- Honeypot Stats
- Firewall Stats
- IP Calcs
- SME Server
- Backup (DI-30)
- Win Tools
- Win. Shell Scripting
- POSIX Redirection
This page is somewhat out-of-date; you'll notice references to floppy drives
and MS Money. The product information is so old it's useless, but the
concepts haven't changed and some sites may still be relevant.
Just take it with a few grains of salt.
With the advent of more widespread broadband (cable modem, xDSL)
Internet access and the greater proliferation of SOHO (Small Office/Home
Office) and Virtual Offices, Information Security is becoming more
important at home as well as at work.
Home Network Designs
Recently the question about how to design a relatively secure home
network has been coming up a lot. So rather than trying to draw the same
thing on whatever napkin happens to be handy, I diagrammed the four most
common home network designs, and wrote some text that fleshes out
the details. See home_networks.html.
now part of Check Point Software
has a similar sort of PDF document.
If you do nothing else, at least grab the free versions of
Why YOU as a home user need a firewall
Do these sound familiar:
"There is nothing on my computer I care about."
"Why would anyone want to hack me?"
"I'm using dial-up so I'm safe."
I hope not, but if you do not have a firewall and you believe any of
the above, you are wrong! Here's why.
- It is possibly true that there is nothing worth stealing on your PC.
But... Do you use Quicken or MS Money? Turbo Tax? The encryption in those
programs is a joke, and if you fill in all the forms them your entire
financial status is a wide open book to anyone who wants to look. Is your
name, address, phone number, credit card information or Social Security
number on your PC? Anywhere? Hum, not so worthless any more, huh?
- Do you have any kind of perr-to-peer or other file sharing software
installed? That would include things like Kazza (AKA KaZaA), Morpheus, or
even distributed computing programs like SETI@home? Even if you did not
install anything like that, did your kids? If so, your entire hard drive
may be open to the Internet. It may not too. The point it, DO YOU
- Why would anyone want to hack you? Good question. No reason--they
wouldn't. It's purely a numbers game. IP Addresses to be precise. If
your IP Address (kind of like your computer's "phone number")
is in the range that some random attacker is scanning, and you are
running a PC that is vulnerable to whatever exploit he's running, and
you are not otherwise protected (like by a firewall), then you are
hacked. Period, end of story. And you probably don't even know it.
- But so what, right? Wrong. If your machine is hacked in the right
(or perhaps wrong) way, the attacker can do anything he wants. Including
launch denial of service attacks against the Whitehouse, bounce
(redirect) web surfing to terrorist sites though your computer, use your
computer hard drive space for storage of illegal software--or worse, use
your computer and bandwidth (Internet connection) to send spam, and the
list goes on.
- Don't believe the problem is that bad? See me firewall stats page. It lists the
number of times my cable modem has been attacked in the last 2 weeks,
and back to early 2002. It isn't pretty!
Hackers steal from pirates, to no good end. The people who design
rogue programs that take over computers from afar are now applying the
tactic that made music pirating programs so effective--and the Internet
may never be the same.
A third of spam spread by RAT-infested PCs. Nearly one-third of
all spam circulating the Web is relayed through PCs that have been
compromised by malicious programs known as Remote Access Trojans,
according to Sophos, an antispam and antivirus company.
SOHO Security Links
See also my SME Server (Free
Linux-based equivalent to MS' Small Business Server) and GNATBox
Firewall Installation Quick Reference pages.
- US-CERT's Home and Business
- US Government's OnGuardOnline.gov site to
"help you be safe, secure and responsible online."
Home Network SecurityABSTRACT: Home computers that are connected
to the Internet are under attack and need to be secured. That process is
relatively well understood, even though we do not have perfect solutions
today and probably never will. Meanwhile, however, the home computing
environment is evolving into a home network of multiple devices, which
will also need to be secured. We have little experience with these new
home networks and much research needs to be done in this area. This paper
gives a view of the requirements and some of the techniques available for
securing home networks.
Protecting the Home Office, 7 "musts" will help extend proection
to home users and road warriers. Aimed at corporate InfoSec people, but
good advice for anyone.
- James Madison University's R.U.N.S.A.F.E. program
(End User tips and awareness).
Microsoft Personal Security Advisor (MPSA) "is an easy to
use web application that will help you secure your Windows NT 4.0 and
Windows 2000 computer system. Simply navigate to the MPSA site and press
the Scan Now button to receive a detailed report of your computer's
security settings and recommendations for improvement." More of a
SOHO than corporate focus. (Curiously, this does not seem to work
too well using Netscape. I wonder why???)
CERT Advisory CA-2001-20: Continuing Threats to Home Users and
Home Network Security (unmaintained). The CERT Coordination Center (CERT/CC)
is a major reporting center for Internet security problems. Staff members
provide technical assistance and coordinate responses to security
compromises, identify trends in intruder activity, work with other
security experts to identify solutions to security problems, and
disseminate information to the broad community. The CERT/CC also
analyzes product vulnerabilities, publishes technical documents,
and presents training courses.
Research Corporation, home of "Shields Up," SpinRite and
other great tools. Interesting, well organized information about SOHO
security and privacy. Check out the Leak Test page for
interesting personal firewall and privacy information. This site can be a
little "over the top" and sometimes gets into hysterical,
media-feeding-frenzy language, but if you take it with a grain of salt and
- A small
write-up about the IIS 4 and IIS 5 Lockdown Tool.
- Ad Aware:
A free tool to detect and remove "Spyware".
List of on-line Security tests (hack yourself)
DSLReports: Info About DSL, availability and security.
Personal Firewalls, DSL and cable modem security from DSLReports.
DSL & Cable modem security info (long).
Excellent DSL & Cable modem security info about NBT
(NetBIOS, AKA Microsoft Networking (sort of)).
O'Reilly: Installing a Home Network: Securing the Network (1/3).
O'Reilly: Installing a Home Network: Securing the Network (2/3).
O'Reilly: Installing a Home Network: Securing the Network (3/3).
Internet Connection Sharing
Cable Modem & DSL Info.
Cable Modem Sharing Info.
- One-way or "
telcoreturn" cable modems.
Linux Firewall On A 486: A Guard-Penguin For Your DSL Or Cable Modem Connection
Security Isn't Just for the Corporate World (February 23, 2001)
a Single Floppy Linux system, for security uses
- Personal Firewalls -- Firewalls that run on your "workstation"
- SOHO Firewall Appliances -- Firewalls that run on an "appliance" (sort of a single-purpose mini-server):
- Other Firewall Appliances
- SOHO Firewall Software:
- Other Lists of Firewall Links
Rik Farrow; 1997: An Analysis of Current Firewall Technologies
As an aside here,I personally use GNATBox Lite. My
requirements were as follows, and that's the only thing I could find that
meets them all. (See also my GNATBox Firewall
Installation Quick Reference page.)
- Run on a 486
- Run from a single floppy disk -- no hard drive needed
- Simple to manage
- Remote syslog logging support
I'd considered using
OpenBSD with IPFilter as well, but it
does not quite meet all of my needs. I am also running a kind of
"virtual" VPN [sic] using ssh from
OpenSSH. I'm in the process of writing
up some documentation about this. I'll put a pointer here when it's
finished. In the meantime, see O'Reilly's
SSH, The Secure Shell: The