| ||||||||
|
Exploring the Impacts of
Pervasive Computing |
|||||||
 |
||||||||
| |||||||||||||
by Scott Tilley
My Internet Connection
This "always on" aspect is both an advantage and a disadvantage. The advantage is that I don't have to worry about dialing up the ISP every time I want to check my email or browse the Web. The disadvantage is that this type of connection leaves your computer wide-open to hackers. To combat this security problem, I installed a personal firewall: BlackICE from Network Ice. The personal firewall works very well. It's quite educational to see exactly who was trying to hack into your computer, where they were coming from (all over the world), and what they were trying to do. The firewall software alerts you to intrusions and displays the type of attack: UDP port probe, IP fragment overlap, and so on. As an aside, just figuring out what these acronyms mean, what the attacks actually are, and how to deal with them, is an eye-opening experience. If you think you're safe secure because your computer is behind another firewall, think again. I use the same computer at home as at the University. Even at the University, where a different firewall is in place, my computer is probed and attacked almost constantly. The sad fact is that firewalls have holes, some of them made intentionally by system administrators for seemingly legitimate reasons, such as letting remote users access local resources while traveling. Hackers know about these holes, and are always trying to force their way through one into your system. My Local Area Network ConnectionIn my home office, the main Internet signal travels along the cable company's optical/coaxial cables until it reaches my cable modem. The cable modem has a standard Ethernet jack on the back into which you plug your computer. Voila! You're online. But what if you want to share that Internet connection? And have the computers sharing the connection to be able to share resources as well? This is a very common setup in home offices and small businesses, and my situation was no different. There are several software packages that you can buy for setting up proxy servers under Windows, but that seemed too complicated (the client software usually needs to be adjusted to account for the proxy setup). If you're running Windows 2000 or Windows ME, then you can try the built-in Internet Connection Sharing feature of the operating system. In this configuration, one computer on the local area network is connected to the outside world. Other computers connect to this computer, which is now acting as a combination gateway and router. I've heard that many people have had difficulty getting this configuration to work properly, so I decided to keep looking at other options.
In my case, I use the router as a DHCP server, which assigns local IP addresses to the computers on my internal network. As long as the client computer is setup to use DHCP (and many are, mine included), using the router is transparent. The IP address that is provided by the cable modem is assigned to the router, which in turn assigns local (configurable) IP addresses to all clients, of the form 192.168.1.xxx. I connected two computers to the router, a notebook and a desktop, and both were able to access the Internet through the shared connection. For a change, things worked as advertised. Sharing ResourcesOne of the motivations for sharing my Internet connection was due to the recent purchase of a low-cost desktop computer. I've being using a notebook computer alone since 1996, so why the addition? The main reason was for the desktop to function as a file server and backup device. It has two hard drives, one a relatively small 6GB Seagate and another a much larger 60GB Maxtor. The large drive holds backups of my critical data from the notebook computer, and my growing collection of MP3 music. To be able to use the desktop as a file server, the notebook computer must be able to "see" the desktop computer on the network. I also wanted the desktop computer to use a printer connected to a USB hub which was in turn connected to the notebook computer. But no matter what I did, exploring "My Network Places / Computers Near Me" under Windows 2000 either failed with an obscure error message concerning workgroups, or it showed only the notebook computer. From the desktop computer, I couldn't see the notebook computer on the network at all. At this point I was in completely new territory for me. What exactly takes place when you try to see another computer on a local area network in Windows 2000 turns out to be rather complicated. It depends on whether or not you are relying on a Windows 2000 Server to provide name resolution, whether or not you are using TCP/IP and/or NetBEUI protocols for NetBIOS name resolution (and in which order), whether or not you have setup accounts on the machines in question (and have the proper permissions on the devices or files), and so on. Suffice it to say that I spend a lot of time reading about Windows networking, far more than I really should have. Interesting reading, but not really the way I wanted to spend my time. I also asked several people who are much more knowledgeable about networking issues than I am (thanks Howard!). Their suggestions were useful, but as if often the case with all forms of technical support, not directly applicable to my problem. Nevertheless, I eventually did discover what was causing me so much grief: my personal firewall! It seems that the personal firewall software was "operating as designed" in that it was dutifully blocking all requests for access to local resources. This includes blocking all access from the computers on the local area network, since the firewall software had no idea the requests were from trusted internal peers and not malicious external computers. I didn't notice the firewall software had blocked access because I hadn't checked its attack log in a while. I'd become so accustomed to the tiny icon blinking red in the System Tray that I tend to ignore it. In this case, I should have paid attention to the blinking indicator, because it would have told me that a NetBIOS port probe had been detected and rebuffed, but I really wanted the connection to pass through the firewall and be processed. This is a problem with all security devices: too many warning, real or false, and you start ignoring the warnings. Luckily, the firewall software allows you to setup exceptions to total filtering by creating a list of trusted IP addresses. Since the IP addresses for the computers on my local area network are special 192.168.1.xxx addresses, I can be sure that they are trusted clients and not Internet interlopers. Once I setup this list, things worked perfectly. Voila! Resources were shared. Sometimes being paranoid about security on the Internet is a good thing. Sometimes it can make home-office networking complicated. Sometimes it's both. | ||||||
| ||||
Why
does it seem that everyone else can get a home-office network going quite
smoothly, but mine takes forever to sort out? Actually, it seems like this is
the case for most things I do in computing: SCSI adapters, software
installations, digital audio, and so on. In the case of my home-office network,
the problem ironically turned out to be a piece of software that I had installed
to help me deal with nefarious Internet intruders: a personal firewall.
Long-time
readers of SIGPC may remember the article I wrote describing my experience with
a cable modem (
In
the end, I opted for a slightly more sophisticated, but more robust and
expandable, setup. I chose to use the Linksys Etherfast Cable/DSL Router (model
BEFSR41, shown at right). This is in fact a combination router and switch that
also provides firewall protection. It's targeted to consumers facing exactly the
situation I was in: sharing an Internet connection and providing a secure local
area network. It allows up to 253 users to share the same broadband connection
through its built-in 10/100 4-port switch.