Chapter 8
Connecting Your Network to the Internet
In This Chapter
Looking at DSL and cable
Examining T1 and T3 connections
Using a router
Securing your connection with a firewall
Using the firewall that comes with Windows
So you decided to connect your network to the Internet. All you have to do is call the cable company and have them send someone out, right? Wrong. Unfortunately, connecting to the Internet involves more than just calling the cable company. For starters, you have to make sure that cable is the right way to connect. Then you have to select and configure the software you use to access the Internet. Finally, you have to lie awake at night worrying whether hackers are breaking into your network via its Internet connection.
Not to worry. The advice in this chapter helps you decide how to connect to the Internet and, once the decision is made, how to do it safely.
Connecting to the Internet
Connecting to the Internet isn’t free. For starters, you have to purchase the computer equipment necessary to make the connection. Then you have to obtain a connection from an Internet service provider (ISP). The ISP charges you a monthly fee that depends on the speed and capacity of the connection.
The following sections describe the most commonly used methods of connecting network users to the Internet.
Connecting with cable or DSL
For small and home offices, the two most popular methods of connecting to the Internet are cable and digital subscriber line (DSL). Cable and DSL connections are often called broadband connections for technical reasons you don’t really want to know.
Cable Internet access works over the same cable that brings 40 billion TV channels into your home, whereas DSL is a digital phone service that works over a standard phone line. Both offer three major advantages over old-fashioned dialup connections:
Cable and DSL are much faster than dialup connections.
A cable connection can be anywhere from 10 to 200 times faster than a dialup connection, depending on the service you get. And the speed of a DSL line is comparable with cable. (Although DSL is a dedicated connection, cable connections are shared among several subscribers. The speed of a cable connection may slow down when several subscribers use the connection simultaneously.)
With cable and DSL, you’re always connected to the Internet.
You don’t have to connect and disconnect each time you want to go online like you would if you use a modem. No more waiting for the modem to dial your service provider and listening to the annoying modem shriek while it attempts to establish a connection.
Cable and DSL don’t tie up a phone line while you’re online.
With cable, your Internet connection works over TV cables, not over phone cables. With DSL, the phone company installs a separate phone line for the DSL service, so your regular phone line isn’t affected.
Unfortunately, there’s no such thing as a free lunch, and the high-speed, always-on connections offered by cable and DSL don’t come without a price. For starters, you can expect to pay a higher monthly access fee for cable or DSL. In most areas of the United States, cable runs about $50 per month for residential users; business users can expect to pay more, especially if more than one user will be connected to the Internet via the cable.
The cost for DSL service depends on the access speed you choose. In some areas, residential users can get a relatively slow DSL connection for as little as $30 per month. For higher access speeds or for business users, DSL can cost substantially more.
Too, cable and DSL access aren’t available everywhere. But if you live in an area where cable or DSL isn’t available, you can still get high-speed Internet access by using a satellite hookup or a cellular network.
Connecting with high-speed private lines
If your network is large and high-speed Internet access is a high priority, contact your local phone company (or companies) about installing a dedicated high-speed digital line. These lines can cost you plenty (on the order of hundreds of dollars per month), so they’re best suited for large networks in which 20 or more users are accessing the Internet simultaneously.
The following paragraphs describe three basic options for high-speed private lines:
T1 and T3 lines: T1 and T3 lines run over standard copper phone lines. A T1 line has a connection speed of up to 1.544 Mbps. A T3 line is faster yet: It transmits data at an amazing 44.184 Mbps. Of course, T3 lines are also considerably more expensive than T1 lines.
If you don’t have enough users to justify the expense of an entire T1 or T3 line, you can lease just a portion of the line. With a fractional T1 line, you can get connections with speeds of 128 Kbps to 768 Kbps; with a fractional T3 line, you can choose speeds ranging from 4.6 Mbps to 32 Mbps.
You may be wondering whether T1 or T3 lines are really any faster than cable or DSL connections. After all, T1 runs at 1.544 Mbps and T3 runs at 44.184 Mbps, and cable and DSL claim to run at comparable speeds. But there are many differences that justify the substantial extra cost of a T1 or T3 line. In particular, a T1 or T3 line is a dedicated line — not shared by any other users. T1 and T3 are higher-quality connections, so you actually get the 1.544 or 44.184 connection speeds. In contrast, both cable and DSL connections usually run at substantially less than their advertised maximum speeds because of poor-quality connections and because the connections are often shared with other users.
Business-class cable: Cable TV providers (such as Comcast) offer business-class service on their cable network. The price and speed depends on your area. For example, where I live, I can get 100Mbps service for about $400/month.
One drawback of business-class cable service is that upload speeds are usually much slower than download speeds. For example, a typical plan that allows 100Mbps for downloads can support only 10Mbps for uploads. Thus, if you need to upload large amounts of data, you’ll notice the performance drop.
Another drawback of business-class cable service is that it is, well, cable service. Your Internet connection is service by the same people who service cable TV in your community. Although business-class customers get priority service over residential customers, business-class service usually does not include response-time guarantees the way T1/T3 or fiber service does. So if your connection goes down, you might find yourself down for hours or even a few days instead of minutes or, at worse, a few hours.
Fiber optic: The fastest, most reliable, and most expensive form of Internet connection is fiber optic. Fiber optic cable uses strands of glass to transmit data over light signals at very high speeds. Because the light signals traveling within the fiber cables are not subject to electromagnetic interference, fiber connections are extremely reliable; about the only thing that can interrupt a fiber connection is if someone physically cuts the wire.
Fiber is also very expensive. A 20 Mbps fiber connection can cost well over $1,000 per month. However, the connection is extremely reliable, and response time to service interruptions is measured in minutes instead of hours.
Sharing an Internet connection
After you choose a method to connect to the Internet, you can turn your attention to setting up the connection so that more than one user on your network can share it. The best way to do that is by using a separate device called a router. You can pick up an inexpensive router for a small network for less than $100. Routers suitable for larger networks will, naturally, cost a bit more.
Because all communications between your network and the Internet must go through the router, the router is a natural place to provide the security measures necessary to keep your network safe from the many perils of the Internet. As a result, a router used for Internet connections often doubles as a firewall, as described in the section “Using a firewall,” later in this chapter.
Securing Your Connection with a Firewall
If your network is connected to the Internet, a whole host of security issues bubbles to the surface. You probably connected your network to the Internet so that your network’s users could get out to the Internet. Unfortunately, however, your Internet connection is a two-way street. It not only enables your network’s users to step outside the bounds of your network to access the Internet, but it also enables others to step in and access your network.
And step in they will. The world is filled with hackers who are looking for networks like yours to break into. They may do it just for the fun of it, or they may do it to steal your customers’ credit card numbers or to coerce your mail server into sending thousands of spam messages on behalf of the bad guys. Whatever their motive, rest assured that your network will be broken into if you leave it unprotected.
Using a firewall
A firewall is a security-conscious router that sits between the Internet and your network with a single-minded task: preventing them from getting to us. The firewall acts as a security guard between the Internet and your local area network (LAN). All network traffic into and out of the LAN must pass through the firewall, which prevents unauthorized access to the network.
Some type of firewall is a must-have if your network has a connection to the Internet, whether that connection is broadband (cable modem or DSL), T1, or some other high-speed connection. Without it, sooner or later a hacker will discover your unprotected network and tell his friends about it, and within a few hours, your network will be toast.
You can set up a firewall in two basic ways:
Firewall appliance: The easiest way, and usually the best choice. A firewall appliance is basically a self-contained router with built-in firewall features.
Most firewall appliances include web-based interfaces that enable you to connect to the firewall from any computer on your network by using a browser. You can then customize the firewall settings to suit your needs.
Server computer: Can be set up to function as a firewall computer.
The server can run just about any network operating system, but most dedicated firewall systems run Linux.
Whether you use a firewall appliance or a firewall computer, the firewall must be located between your network and the Internet, as shown in Figure 8-1. Here, one end of the firewall is connected to a network hub, which is, in turn, connected to the other computers on the network. The other end of the firewall is connected to the Internet. As a result, all traffic from the LAN to the Internet (and vice versa) must travel through the firewall.
The term perimeter is sometimes used to describe the location of a firewall on your network. In short, a firewall is like a perimeter fence that completely surrounds your property and forces all visitors to enter through the front gate.
In large networks, figuring out exactly where the perimeter is located can be a little difficult. If your network has two or more Internet connections, make sure that every one of those connections connects to a firewall — and not directly to the network. You can do this by providing a separate firewall for each Internet connection or by using a firewall with more than one Internet port.
Figure 8-1: A firewall router creates a secure link between a network and the Internet.
Some firewall routers can also enforce virus protection for your network. For more information about virus protection, see Chapter 22.
The built-in Windows firewall
Windows includes a built-in firewall that provides basic packet-filtering firewall protection. In most cases, you’re better off using a dedicated firewall router because these devices provide better security features than the built-in Windows firewall does. Still, the built-in firewall is suitable for home networks or very small office networks.
Here are the steps that activate the built-in firewall in Windows XP or Vista:
1. Choose Start⇒Control Panel.
2. In the Control Panel, click the Windows Firewall icon.
This step opens the Windows Firewall dialog box. Figure 8-2 shows the Windows Vista version.
3. Select the On (Recommended) option.
This option enables the firewall.
4. Click OK.
That’s all there is to it.
Figure 8-2: The Windows Vista Firewall dialog box.
For Windows 7 or 8, the procedure is a bit different:
1. Open the Control Panel.
• Windows 7: Choose Start⇒Control Panel.
• Windows 8: Choose Settings⇒Control Panel from the Charms bar.
2. Click the System and Security link.
The System and Security page appears.
3. Click the Windows Firewall link.
The Windows Firewall page appears.
4. Click the Turn Windows Firewall On or Off link.
The page shown in Figure 8-3 appears.
5. Select the Turn on Windows Firewall option.
Note that you can independently turn the firewall on or off for public network — that is, for your connection to the Internet — and for your home or work network — that is, if you have a network that connects other computers in your home or office. I recommend you either turn the firewall on for both or turn it off for both. Turn the firewall off if you’re using a separate firewall built into the router that connects your computer or home or work network to the Internet. Turn the firewall on if you don’t have a separate firewall.
Figure 8-3: Activating the firewall in Windows 7 and 8.
I also recommend leaving the Notify Me When Windows Firewall Blocks a New Program option enabled. That way, you’ll be notified when the firewall blocks a suspicious program.
6. Click OK.
The firewall is enabled.
Note that the firewalls included with Windows Vista and Windows 7 have additional options you can configure. However, I recommend against fiddling with those options unless you’ve taken an upper-division college course in computer security.
Do not enable the Windows Internet firewall if you’re using a separate firewall router to protect your network. Because the other computers on the network are connected directly to the router and not to your computer, the firewall doesn’t protect the rest of the network. Additionally, as an unwanted side effect, the rest of the network will lose the capability of accessing your computer.