jpsdomain.org: SOHO Information Security

SOHO Information Security

About
Karen
Sam
JP
- PGP Keys
- Vossen's Law
- Firefox
- MythTV
Photos
- Deck
- SCUBA
- Dolphins
Security
- Firewall Rules
- Flypaper
- GNATBox
- Home
- Home Net Security
- Principles
- Snort
- Snort Books
- Sec Tools
- GenPass
- Honeypot Stats
- Firewall Stats
Source
- Perl
Networking
- Time
- NAT
- IP Calcs
Linux
- apt
- Edutainment
- SME Server
- Backup (DI-30)
Windows
- Win Tools
- Voodoo
- Win. Shell Scripting
- POSIX Redirection
- Winlogcheck
What's New

Email me
Email Form

This page is somewhat out-of-date; you'll notice references to floppy drives and MS Money. The product information is so old it's useless, but the concepts haven't changed and some sites may still be relevant. Just take it with a few grains of salt.

With the advent of more widespread broadband (cable modem, xDSL) Internet access and the greater proliferation of SOHO (Small Office/Home Office) and Virtual Offices, Information Security is becoming more important at home as well as at work.

Home Network Designs

Recently the question about how to design a relatively secure home network has been coming up a lot. So rather than trying to draw the same thing on whatever napkin happens to be handy, I diagrammed the four most common home network designs, and wrote some text that fleshes out the details. See home_networks.html. Zone Labs, now part of Check Point Software has a similar sort of PDF document.

If you do nothing else, at least grab the free versions of Zone Alarm, Ad-aware and Spybot.

Why YOU as a home user need a firewall

Do these sound familiar:
"There is nothing on my computer I care about."
"Why would anyone want to hack me?"
"I'm using dial-up so I'm safe."
"Who cares?"

I hope not, but if you do not have a firewall and you believe any of the above, you are wrong! Here's why.

It is possibly true that there is nothing worth stealing on your PC. But... Do you use Quicken or MS Money? Turbo Tax? The encryption in those programs is a joke, and if you fill in all the forms them your entire financial status is a wide open book to anyone who wants to look. Is your name, address, phone number, credit card information or Social Security number on your PC? Anywhere? Hum, not so worthless any more, huh?
Do you have any kind of perr-to-peer or other file sharing software installed? That would include things like Kazza (AKA KaZaA), Morpheus, or even distributed computing programs like SETI@home? Even if you did not install anything like that, did your kids? If so, your entire hard drive may be open to the Internet. It may not too. The point it, DO YOU KNOW?
Why would anyone want to hack you? Good question. No reason--they wouldn't. It's purely a numbers game. IP Addresses to be precise. If your IP Address (kind of like your computer's "phone number") is in the range that some random attacker is scanning, and you are running a PC that is vulnerable to whatever exploit he's running, and you are not otherwise protected (like by a firewall), then you are hacked. Period, end of story. And you probably don't even know it.
But so what, right? Wrong. If your machine is hacked in the right (or perhaps wrong) way, the attacker can do anything he wants. Including launch denial of service attacks against the Whitehouse, bounce (redirect) web surfing to terrorist sites though your computer, use your computer hard drive space for storage of illegal software--or worse, use your computer and bandwidth (Internet connection) to send spam, and the list goes on.
Don't believe the problem is that bad? See me firewall stats page. It lists the number of times my cable modem has been attacked in the last 2 weeks, and back to early 2002. It isn't pretty!
Hackers steal from pirates, to no good end. The people who design rogue programs that take over computers from afar are now applying the tactic that made music pirating programs so effective--and the Internet may never be the same.
A third of spam spread by RAT-infested PCs. Nearly one-third of all spam circulating the Web is relayed through PCs that have been compromised by malicious programs known as Remote Access Trojans, according to Sophos, an antispam and antivirus company.

SOHO Security Links

See also my SME Server (Free Linux-based equivalent to MS' Small Business Server) and GNATBox Firewall Installation Quick Reference pages.

US-CERT's Home and Business security resources.
US Government's OnGuardOnline.gov site to "help you be safe, secure and responsible online."
Home Network SecurityABSTRACT: Home computers that are connected to the Internet are under attack and need to be secured. That process is relatively well understood, even though we do not have perfect solutions today and probably never will. Meanwhile, however, the home computing environment is evolving into a home network of multiple devices, which will also need to be secured. We have little experience with these new home networks and much research needs to be done in this area. This paper gives a view of the requirements and some of the techniques available for securing home networks.
Protecting the Home Office, 7 "musts" will help extend proection to home users and road warriers. Aimed at corporate InfoSec people, but good advice for anyone.
James Madison University's R.U.N.S.A.F.E. program (End User tips and awareness).
Microsoft Personal Security Advisor (MPSA) "is an easy to use web application that will help you secure your Windows NT 4.0 and Windows 2000 computer system. Simply navigate to the MPSA site and press the Scan Now button to receive a detailed report of your computer's security settings and recommendations for improvement." More of a SOHO than corporate focus. (Curiously, this does not seem to work too well using Netscape. I wonder why???)
CERT Advisory CA-2001-20: Continuing Threats to Home Users and Home Network Security (unmaintained). The CERT Coordination Center (CERT/CC) is a major reporting center for Internet security problems. Staff members provide technical assistance and coordinate responses to security compromises, identify trends in intruder activity, work with other security experts to identify solutions to security problems, and disseminate information to the broad community. The CERT/CC also analyzes product vulnerabilities, publishes technical documents, and presents training courses.
Gibson Research Corporation, home of "Shields Up," SpinRite and other great tools. Interesting, well organized information about SOHO security and privacy. Check out the Leak Test page for interesting personal firewall and privacy information. This site can be a little "over the top" and sometimes gets into hysterical, media-feeding-frenzy language, but if you take it with a grain of salt and Don't Panic...
A small write-up about the IIS 4 and IIS 5 Lockdown Tool.
Ad Aware: A free tool to detect and remove "Spyware".
List of on-line Security tests (hack yourself)
DSLReports: Info About DSL, availability and security.
Personal Firewalls, DSL and cable modem security from DSLReports.
Excellent DSL & Cable modem security info (long).
Excellent DSL & Cable modem security info about NBT (NetBIOS, AKA Microsoft Networking (sort of)).
O'Reilly: Installing a Home Network: Securing the Network (1/3).
O'Reilly: Installing a Home Network: Securing the Network (2/3).
O'Reilly: Installing a Home Network: Securing the Network (3/3).
How to secure your home wireless network
Cable Modem & DSL Info.
Cable Modem Sharing Info.
One-way or " telcoreturn" cable modems.
Linux Firewall On A 486: A Guard-Penguin For Your DSL Or Cable Modem Connection
Security Isn't Just for the Corporate World (February 23, 2001)
Trinux, a Single Floppy Linux system, for security uses

SOHO Firewalls

Personal Firewalls -- Firewalls that run on your "workstation" PC:
- ZoneAlarm for Windows®. (See also the free version.
- BLACKIce for Windows® 9x, ME, 2000 and NT4.0.
- Sybergen Personal Firewall
- SunScreen Lite (For Solaris 8 only)
- Tiny Personal Firewall for Windows® 9x, ME, 2000 and NT4.0.
SOHO Firewall Appliances -- Firewalls that run on an "appliance" (sort of a single-purpose mini-server):
- WatchGuard SOHO
Other Firewall Appliances
- GNATBox Lite
- Mandrake's Multi Network Firewall. This is very cool!
SOHO Firewall Software:
- Linux Firewall On A 486: A Guard-Penguin For Your DSL Or Cable Modem Connection
- Securepoint Free Firewall, does not support DHCP [Is installed on a "standard PC" (300Mhz, 64MB, 4GB)]
- Smoothwall, a Free RedHat-based Linux firewall, but not stateful :-( (ISO Image)
- Astaro Security Linux, Stateful firewall, etc. on a Hardened Linux. Free for non-commercial use, but no DHCP (in Beta as of 2002-04-24). (FAQ and Support site)
- floppyfw, a Linux Firewall on a Floppy
Other Lists of Firewall Links
- Good list of firewalls, IDS, Sniffers, etc. many of which are free.
- Rik Farrow; 1997: An Analysis of Current Firewall Technologies

As an aside here,I personally use GNATBox Lite. My requirements were as follows, and that's the only thing I could find that meets them all. (See also my GNATBox Firewall Installation Quick Reference page.)

Free
Run on a 486
Run from a single floppy disk -- no hard drive needed
Simple to manage
Remote syslog logging support

I'd considered using OpenBSD with IPFilter as well, but it does not quite meet all of my needs. I am also running a kind of "virtual" VPN [sic] using ssh from OpenSSH. I'm in the process of writing up some documentation about this. I'll put a pointer here when it's finished. In the meantime, see O'Reilly's SSH, The Secure Shell: The Definitive Guide.