Broadband Connectivity
The debate over which is better, DSL or cable modem, still rages on. (These topics are discussed more in Chapter 11.) However, this debate should not stop you from taking whatever broadband connection is available to you and using it to set up your network. For many companies, DSL provides good connectivity that can't be found in the business community by cable modem. For home users, cable modem access is easy to set up and run and is in many places that DSL is not provided. The distance problems that many users face with DSL are not a problem with cable modem. The security measures of each technology have something to be desired. Each is susceptible to attack, and it's up to you to keep your network secure.
Cable modem service does have more security problems initially than DSL. Because you are already connected to a network environment that includes your neighborhood when you use cable modem, you have all the problems that are associated with local network access. We will cover these problems later in the chapter. Windows Network Neighborhood can show you all the computers on your local area network (LAN) if they do not have security measures in place.
Because DSL is akin to dial-up, you are not sharing a LAN when you make a connection. Because of this problem, some cable modem providers assist users with security and provide software to help protect their connections. Most cable modems today also implement the Data Over Cable Service Interface Specification (DOCSIS). DOCSIS includes support for cable network security features, including authentication and packet filtering.
The always-on connectivity of DSL and cable modem connectivity is a blessing and a curse. You can stay logged into the Net indefinitely, but this makes you available to attack indefinitely. The static IP provided by both DSL and cable modems can be a permanent address that can be used to find you. Although it's possible that you will be assigned an IP address via DHCP, if you are online for a day, that one IP address will be used by your computer for that whole day, and it can be attacked throughout the day using that same IP address.
Attacks on your home network over your broadband connections, whether DSL or cable modem, are constant. As you will see when you have your personal firewalls set up and logging enabled, attackers are constantly attempting to penetrate your environment and take control of your computer, steal information, or just wreak havoc. Typically, vulnerable applications include e-mail, Web, instant messaging, multimedia applications, and operating system flaws.
LANs are subject to many problems, one of the most significant being “sniffing” of network traffic. Sniffing gives someone on the local network the ability to see and capture another user's traffic. When a computer on an Ethernet network sends a broadcast packet, every other host on the network automatically receives that packet. Microsoft Windows uses broadcast packets to find the hosts for the Network Neighborhood window. The Internet's Address Resolution Protocol (ARP) uses Ethernet broadcast to determine which computer on a LAN has a particular address.
Sniffing is prevalent in cable modem connections. Cable modems can alleviate this problem by implementing the DOCSIS 1.1 protocol to restrict ARP packets and packets that are not intended for your computer. DOCSIS 1.1 is capable of encrypting all information sent over the cable. These new security measures can help, but you still need further protection.
To protect your broadband connections, you can get hardware and software solutions, but they should be just one part of your overall home network strategy. As we mentioned, operating system security and encryption can keep your network secure. These steps in combination can provide a layered model of security, the Defense in Depth we have talked about, to keep your home network secure from the first attacks against the perimeter (your firewall) to the inner layer if an attacker should get to the actual data beyond the firewall.
We haven't covered wireless access such as satellite connectivity. This is an option, although it is not widely used and not worth in-depth discussion until it becomes used in more homes. Corporations are working through the problems of wireless network, which have different problems than wired networks. Even if you use a wired network connection and then implement wireless LAN in your home, you are opening yourself up for a different type of attack. The privacy problems that are associated with wireless will be covered in Chapter 14, “Securing Your Privacy Using Other Digital Devices.”