Just about every computer connected to the Internet is probed methodically many times every day.

You wouldn't think of leaving your office for the night without setting the security alarm and making sure all the doors are locked. But when it comes to your company's computer network, you might be leaving it wide open to thieves. The solution? Install a firewall.

A firewall is nothing more or less than a gatekeeper—software that insulates your company's computers from outside intrusion via the Net. Firewalls work most of the time, but not always. Nonetheless, you need firewall protection—for your network and your individual or home PC.

Data on the Internet travels in packets: A computer sending data over the Net is responsible for breaking the data into small packets and wrapping them in electronic delivery envelopes; the receiving computer opens the packets and reassembles the contents into the original data stream. Firewalls look at the envelopes surrounding the packets—a fast but permissive approach. They also look inside some of the packets to analyze the contents—a slow but thorough task. Firewalls balance the equation by examining the contents of the first few packets in a stream and, if there appear to be no irregularities, taking just a cursory glance at most of the rest of the packets as they pass by.

Just about every computer connected to the Internet is probed methodically many times every day; hackers make a game out of poking into randomly selected PCs, just to see what they can find. Automatic port-scanning software can probe hundreds of thousands of computers in an hour, reporting back on each individual computer's vulnerabilities. Dozens of port scanners are available at any major software download site—many are also free. While there are legitimate uses for port scanners—network administrators use them to analyze their servers—an alarming number of them are used to crack systems. Even if hackers don't do any damage, the fact that they can discover your server's weaknesses in seconds should send you running for cover.

Which firewall is best for you? Protect your network with CommandView Firewall from Elron (NT version starts at $1,495; www.elronsw.com). Of all the firewalls we've tested, CommandView reigns supreme thanks to its straight forward interface and high level of sophistication. Two others that work well for companies with larger networks are Computer Associates eTrust Intrusion Detection System (formerly SessionWall-3; www.sessionwall.com), which starts at $1,945, and Check Point Software Technologies Firewall-1 (www. checkpoint.com), which starts at $7,995 for 100 users.

If your network is Windows-based, chances are good you've enabled File and Printer Sharing. But did you know that the default installation of Windows shares printers and files across the Internet too? That makes it trivially simple for an intruder to crack your company's network: With no firewall in place, your passwords are the only thing keeping the content on your system out of prowlers' clutches. And passwords can be cracked with any of hundreds of free tools.

The best way to protect your business is to install a firewall immediately, but you can also patch the hole manually. Before you make the fix in Windows 95 or 98, check with your system administrator to make sure the change won't conflict with any settings specific to your company. From the Start menu, choose Settings, Control Panel, then Network. On the Configuration tab, make sure you have NetBEUI installed (if not, click the Add button to install it).

If you're using a dial-up modem, double-click on the Dial-Up Adapter and make sure it's bound to NetBEUI and TCP/IP, but nothing else. For a DSL or cable modem, double-click on its adapter and check for the same things. Then double-click on each TCP/IP binding (for example, TCP/IP -> Dial-Up Adapter), select the Bindings tab, and uncheck all of the boxes (in particular those labeled Client for Microsoft Networks and File and Printer Sharing for Microsoft Networks). Finally, double-click on one NetBEUI binding (for example, NetBEUI -> Dial-Up Adapter), and make sure all of the boxes on the Bindings tab are checked.

For more details on this process—or to fix the problem in Windows NT—check out security ace Steve Gibson's detailed instructions, which begin at grc.com/su-fixit.htm.

 

Solution: Boost Your Firewall 1. Immediately after you install a network firewall, check the manufacturer's Web site for updates. Download and install them before you assume your network is secure. 2. Most firewalls contain a log in the admin utility that warns you about attempted break-ins. Leave the warning beep on for a day or two—just to drive home that someone is randomly trying to get into your system on a regular basis. 3. When you do disable the warning sound, be sure to keep the log active. This will help you track down the culprit if you're attacked. 4. To keep your security airtight, cycle the log files, back them up, and most of all don't allow anyone to overwrite them.