The Explorer: Secure Your PC Online, Part Three - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications
12:01 PM
Fred Langa
Fred Langa

The Explorer: Secure Your PC Online, Part Three

Building on Parts One and Two, Fred now shows how to make your PC nearly impregnable.

In Part One, we discussed the four myths of online security and the essential steps you need to take to ensure that your PC doesn't suffer from the worst and most-common online/networking security holes. By itself, Part One gets you a long way towards solid, basic online security.

In Part Two, we looked at "Personal Firewalls" that sit on your PC, and on each PC on a shared Internet connection. These applications work on a local level to block unwanted access to your PC from hackers or other undesirable agents. Even better, some also can block unwarranted accesses that originate from within your own PC -- such as from Trojan Horse and other apps that may secretly "phone home" to send information about you or your PC back to some outside destination.

Combined, Steps One and Two give you a reasonably high level security. In fact, they may provide all the security many people need for casual surfing and routine online activities.

But if you're reading WinMag.Com, you may not fall into the "routine" or "casual" surfer category -- I know I sure don't. So, this column -- Part Three -- discusses additional steps you can take if you want to increase your online security even higher. In fact, these are steps I personally take because (1) I have a 24/7 Internet connection; (2) I run my business and several Web sites online (see; (3) I have a somewhat higher than normal public profile and so may be a more likely target for hackers than others may be; (4) I share my Internet connection among several PCs; and (5) what can I say? -- I'm just a belt-and-suspenders kind of guy!

If any or all of those attributes describe you, then you also may wish to take one or more additional steps to make your PC nearly impregnable from hacker break-ins. Let me describe my own setup as a working example, and then we'll discuss alternatives:

First, I use all the techniques described in Parts One and Two: For example, none of my PCs binds networking clients, NetBIOS or "Print and File Sharing" services to its TCP/IP stack, so all the easy ways in to my system are eliminated. Second, I use a Personal Firewall on each PC (ZoneAlarm from ZoneLabs, while flawed, remains my personal favorite); this helps block both inbound and outbound hacker activity.

That gives me two levels of security so far. But I also take a third large (but easy and inexpensive) additional step: None of my PCs connects directly to the Internet! Instead, I use an old "junker" PC (an ancient 486 system that's too old, slow and RAM-limited for any other use) as an Internet connection server. This PC is a fossil with a cash value of maybe $25 -- the sort of thing you can find at a yard sale. But it runs Windows and Sygate: Sygate is a NAT ("network address translator") that allows a single Internet connection to be shared among several computers but that also features a very good built-in firewall. The way it handles the sharing completely disguises the online (IP) addresses of the PCs sharing the connection; the only PC the outside world can see at all is the junker system. That's worth repeating: None of the other PCs using the shared connection can even be detected from the outside -- and what a hacker can't detect, he can't attack.

Sygate's firewall also does a pretty good job of hiding itself (actually, it hides the PC it's running on) from prying eyes: Sygate swallows "probes" from hackers without any response whatsoever to indicate there's a PC there at all! It's as if it puts your PC in stealth mode. The firewall is actually is a fourth layer of protection.

And this kind of a setup actually adds a fifth, physical layer of defense: If a hacker manages to break in, he'll find himself in an almost empty, very wimpy junker PC with absolutely no interesting or sensitive files on it whatsoever. All the other PCs on my LAN are password-protected, and I've never let Windows save any passwords on the junker PC. So even if the hacker got into the junker PC, he'd have a hard time getting to any other system on the LAN -- what with their passwords, Personal Firewall apps running, and their innately-secure networking setups.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
1 of 2
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

How CIO Roles Will Change: The Future of Work
Jessica Davis, Senior Editor, Enterprise Apps,  7/1/2021
A Strategy to Aid Underserved Communities and Fill Tech Jobs
Joao-Pierre S. Ruth, Senior Writer,  7/9/2021
10 Ways AI and ML Are Evolving
Lisa Morgan, Freelance Writer,  6/28/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Flash Poll