Why Do I Even Need Network Security in the First Place?

We promised not to jump on the fear-mongering bandwagon, but we do need to help you 1) recognize that threats do exist and 2) understand the nature of the threats so that you can adequately protect yourselves against them. First things first: the threats.

Unless you have been living in a cave for some time (and even then, maybe), you have surely heard about the threat of computer viruses, worms, hackers, scams, and identity thefts. Internet security is big news, and also big business. On a corporate level, companies must protect themselves against intrusion attempts aimed at gaining secret information, and against attempts to shut down corporate websites that provide both the face of a company and a revenue conduit. On the home network side, individuals must protect their personal information, protect their computers from corruption or from being taken over, and protect against others accessing their networks to download illegal or illicit material (or just annoying the heck out of you with endless spam).

If you do connect to the Internet, sooner or later you will see every threat and hack attempt there is. Well, you'll see it if you take no precautions. If you follow the steps we lay out, you will either stop them in the act by recognizing the threat and acting accordingly or prevent them from happening at all and not even be bothered by it.


Threat Categories

One of the things that we have noticed in most of the books and articles on home network security is a lack of any explanation of the different types of security threats. This is a pretty serious issue because many nonexperts lump every type of threat into something called "security," which often leads people into thinking that one type of security solution, say a firewall, will protect them from all the bad stuff out there. This is a big mistake. There are several different types of security threats and one or two things that you can and should do for each type of threat. To help you sort it out, we have grouped threats into four basic categories: connection-based threats, access-based threats, software-based threats, and victim-enabled threats. Each threat category is described here.

Connection-Based Threats
A connection-based threat is an attack that is directed through your Internet connection. This threat exists because high-speed Internet is always on (unlike dialup, which you set up, use, and then break the connection when finished). Hackers typically look for open IP addresses (which represent your location on the Internet) using tools that randomly look for an open connection into an unprotected home network. When hackers find an open network, they can do a number of bad things, including but not limited to, searching through and possibly deleting personal information and files; or using your computer to launch attacks against other home, commercial, or government networks. This latter form of activity is called a redirect attack, a tactic hackers use to protect their own identity and location.

Access-Based Threats
An access-based threat usually results from using a wireless networking device in your home. Just about every wireless router on the market today is made to work right out of the box. This is great for getting your wireless networking up and running quickly, but the only way to make it that easy for you is to turn off all the security features, which makes is easy for everyone else in range of the router to gain access to your network, too. The usual result of not guarding against this threat is that you end up providing all the people around you with free Internet access. This may or may not be an issue for you, but you are also vulnerable to some hackers who can access your files or monitor your network traffic looking for passwords and personal information such as credit card numbers. There is also the risk that someone might be looking to download illicit, indecent, or illegal (sometime all three simultaneously) material from the Internet through your network rather than their own, just in case the feds or someone else come looking for them.

Software-Based Threats
This is probably the threat most people are familiar with. The category includes viruses, worms, spam, spyware, adware, and Trojan horses. Most of the time, these types of attacks are more of an inconvenience than anything else, but the annoyance factor gets pretty high when you get 100 or so unsolicited e-mails every day or if a virus copies your entire contacts list and starts sending copies of itself to everyone you know. Some viruses, though, can damage your computer or files, or worse, deposit a Trojan horse that enables a hacker to take remote control of your computer. All should be guarded against.

Victim-Enabled Threats
The Internet is a scam artist's paradise. Along with the usual array of rip-off scams, the Internet allows thieves to wrap themselves in legitimate-looking letters, web pages, and other wrappers that make it hard for the casual observer to tell the difference between legitimate and illegitimate sites and sources. The good news is that it takes a victim's participation to enable these threats. Unlike the other threats that require hardware or software, this type of threat can usually be solved with a simple set of rules for answering account questions and some education on how to avoid biting on the bait. In addition to identity theft, there is also good old-fashioned theft (someone taking your laptop), so we also provide you with some tips on how to keep folks from cracking your passwords.

Some of the threats we discuss actually fall into more than one category, and we point those out to you as we go. In addition, we have put a little summary box at the beginning of each chapter that describes the threat, what the issues are, and what you can do about it.

Use Firewalls

Examples of Threats:

• Unauthorized access to your home network or a computer on your home network through your Internet connection
• Unauthorized installation of software programs onto a computer or device on your home network
• Unauthorized access by a computer or software program to the Internet, exchanging unintended information
• Using compromised computers on your home network as anonymous sources for launching attacks on others

Our Tips:

• Install a stateful-packet-inspection firewall between your broadband Internet connection and home network.
• Install personal firewall software on each of the computers in your home network.
• Periodically monitor access logs and firewall rules to ensure continued protection.

The term firewall is borrowed from the construction industry, where a hardened fire-proof material, such as cinder block, is built between two sections of a building so that if one catches on fire, the other might not.

A firewall in computer terms provides similar protection, by shielding one part of a network (say, your home network) from another part (say, the Internet) that may be "on fire." Now, the Internet is not exactly in flames, but it is a "dirty" network, meaning few rules and regulations apply, and those that do exist are often circumvented by some folks. You can view the Internet kind of like the Wild West of networks.

Firewalls are one of the most important lines of defense you need for your home network. You may ask yourself, "Why are firewalls so important? After all, I have been using the Internet for years with a dialup connection and never needed one before."

The answer is simple. If you only have to go into a bad part of town occasionally, maybe you can just be careful. If you have to live in that part of town all the time, it is probably wise to lock the doors and carry some type of protection.

With high-speed broadband service, your Internet connection is always on, meaning as long as your broadband modem is connected to your home network and it is powered on, your home network and all the computers on it have a connection to the Internet. You are no longer just visiting the bad side of town; with broadband, you are now living there.

Unchecked, hackers, bored or mischievous neighbors (or their kids), or just other people with too much time on their hands can try to access your home network through your broadband connection from anywhere in the world. Broadband also provides hackers with high-speed connections to do a lot more hacking. Once hacked, you cannot undo what you may lose, such as personal data, access to financial accounts, and so on. So, the only real option is to prevent yourself from being hacked in the first place.

Firewalls provide a means to block unwanted visitors from gaining access to your home network, the computers on it, and the information those computers contain.

Why Do I Need Firewalls?

Why would someone want to access your home network? Well, for a lot of reasons, ranging from simple theft of the information on your computers to hijacking your computers and using the anonymity they can provide to conduct other illegal activities. It is impossible to list here all the examples, but let's consider two common ones.

First, most people regularly store information, such as e-mail, spreadsheets, and even passwords to online accounts (eBay and PayPal, for example) on their computers. Figure 1-1 shows how a hacker can launch what is called a brute-force attack to gain access to one of your computers. Tools to perform such attacks, which are easily available on the Internet, use dictionary files to repeatedly attempt to guess your password to remotely log in to your computer or to access a shared drive.


If left unchecked, hackers can attempt thousands of times until they succeed. When into the computer, they can simply help themselves to whatever information you have stored there.

In the second example, it is not the information itself on the computers the hacker is interested in, but enlisting your computer (probably along with hundreds or thousands of others) into what is called a bot army. Bot armies are when a hacker has taken over control of many computers and then uses the computers for illicit means, such as to attack other computers or corporate websites. Figure 1-2 shows an example of using a bot army to conduct a distributed denial-of-service (DDoS) attack.


By exploiting a security flaw in the computer's operating system, hackers can install a small program to take remote control of your computer. After doing so on hundreds or thousands of other computers, hackers can then go after their target with a DDoS attack by instructing all the remote-control computers in the bot army to start sending web page requests to a website such as Microsoft.com and repeat the requests as often as possible. If successful, the tens of thousands of requests can cause a spike in the web server and possibly cause it to fail because of overloading. If they cannot cause the server to fail entirely, it might be possible to disrupt or slow down the service to legitimate folks who are trying to access the website.

This is called a DDoS attack. If the attack were conducted from a single computer, the website owners might be able to recognize a pattern and simply block that computer from making future requests. However, if the attack is coming from thousands of people's home computers, how can the website owner distinguish legitimate requests from an attack? That's the point of a bot army: scale, anonymity, and stealth.

We do not pretend to have the answers to why people do such things. Quite frankly, many of them are highly intelligent folks, who for whatever reason have decided to run against society's grain. Regardless of why, they do it; so, it is important for you not to be a victim.