Cable Modem: WOW!!!!

Steve Feldman · From: Central MA USA

Within the last 7 years, I've worked at universities and 3 different corporate jobs, but I have NEVER seen internet access quicker than this cable modem that was just installed here today. Unbelievable. Pages load with a blink of an eye.

I just downloaded a virus pattern update of 2.3MB in less than 30 seconds. It's $30 per month, but my last (56kbps) ISP charged $20. All factors being equal, this thing is teriffic.

Jim Smith · From: Midlothian, TX, USA

Welcome to the club, Steve. I downloaded service pack 2 for Windows 2000 a couple of days ago, and although the site was busy and slow, I still got 101 MB in 8 min 58 sec @ 192 KB/sec.

I was also reading the forum in one window, checking eBay in another, and getting and answering email at the same time.

Jack Stoner · From: Kansas City, MO

I've got spoiled by my DSL connection. I'm thinking of moving about 50 miles north, in the country. I'll probably have to go back to dial up and being in the boondocks I'll be lucky to get V.34 speed.

I stopped by my old shop last October when I was in Kansas City, Mo and the slowest link they have in their LAN/WAN system is T1, and theirs is, for all practical purposed, instantaneous. I think their internet server(s) is connected to the www via two T3's.

Doug Garrick · From: Grand Junction, CO

The cable modem speed is great but security is really an issue. I am getting intrusion alerts daily at my firewall.

Jim Smith · From: Midlothian, TX, USA

I used to use a hub with ICS (Internet Connection Sharing) to hook up mine and my roommate's computer to the cable modem. CompUSA had a sale on the NetGear RT314 Router with built in firewall. It works great, my connections are faster, and my computer doesn't have to be on for them to connect. I paid $80 for mine after rebate but they had two rebates during a two day Memorial Day sale bringing it down to $50.

Dave Van Allen · From: Souderton, PA , US , Earth

I haven't joined the fortunate fast connected yet, yeat would offer the following advice:

Steve, PLEASE get a personal firewall software package as soon as possible. THere are malicious folk out there with sniffer robot programs looking for unprotected PCs to wreak havok with or upon...
do a search on 'Black Ice" or get Nortons Personal Firewall...others may have more up to date suggestions or personal preferences, but get something ASAP if you do not have such...

Doug Garrick · From: Grand Junction, CO

I picked up a couple of old PCs (P5 166mhz) at an employee bid sale where I work and configured one of them with 2 ethernet cards. I then used FreeBSD 4.1 to configure that machine as gateway and used ipfw ( packet filtering firewall) as a firewall. It took me a little while to get it working but it is extremely reliable and the educational experience was valuable. Plus, I feel a little more secure now.

Steve Feldman · From: Central MA USA

Wow! (again...). I had no idea that cable modem was not as secure as regular dial-up ISP-type service. I had been used to doing a fair amount of online banking (bill paying, and the occasional cc purchase, etc.). So this is now off limits, basically?

Will one of these Firewall/Internet Security packages do the trick or what? What about just pulling the modem plug, or powering it down when you're not using it?

Anyway, thanks fof the tips, guys.

[This message was edited by Steve Feldman on 02 June 2001 at 02:11 PM.]

David Pennybaker · From: Conroe, TX USA

If you live outside an area with DSL or cable access, take a look at
http://www.starband.com

Not cheap, but if ya gotta have high-speed access. . .

------------------
The Unofficial Photographer of The Wilkinsons

David Pennybaker · From: Conroe, TX USA

High-speed access isn't really any less secure than dial-up. But, hackers LOVE to get access to accounts that have high-speed access.

The free software firewall you need is called ZoneAlarm. Get it at http://www.zonealarm.com

Then test your internet security at http://www.grc.com using the ShieldsUp! page.

------------------
The Unofficial Photographer of The Wilkinsons

Jack Stoner · From: Kansas City, MO

The article on the denial of service that is linked on another thread stated Black Ice did not block the trojan that was being used but Zone Alarm did. If anyone wants a copy of Black Ice he has one he'll give away free...

I use Zone Alarm with my DSL connection.

Doug Garrick · From: Grand Junction, CO

I guess the characteristic of the cable modem that bothered me the most was the 'always online' feature. If you have a home network and need to be persistently online then a firewall is a must. If your machine is only online while you are at the keyboard then I think the danger dimishes somewhat.

David Pennybaker · From: Conroe, TX USA

You can also buy a hardware firewall for about $100.

Most of the cable-router/hubs for connecting multiple machines (via ethernet) to one cable modem (or DSL) have a built-in firewall.

They won't stop those outgoing bots (or zombies), though.

ZoneAlarm is the best bet. I use it in addition to the firewall built into my router.

------------------
The Unofficial Photographer of The Wilkinsons

Jack Stoner · From: Kansas City, MO

Doug, wrong. As long as it's on-line there is a potential for intrusion. And not just with the wideband services. Dial up is just as vulnerable.

I installed Zone Alarm while I was still on dial-up, to check it out since I was getting ready to switch to DSL and while I was on line (with the dial-up) I got an intrusion alarm. That satisfied me that it worked, and I now recommend to my clients to install the firewall on dial-up links.

Steve Feldman · From: Central MA USA

Interesting discussion...but I ask again:

1) there is no problem if you power down your computer after every session (something that I typically DO NOT do...), right? and

2) do you all think it safe to do on-line banking with this cable modem and, say 'Zone Alarm' or something equivalent.

I also have a laptop on my new job, so I am actually online via a dial-up phone line right next to the desktop cable modem system. Any way to use the laptop to test things out with the cable modem system?

Thanks.
Steve

[This message was edited by Steve Feldman on 03 June 2001 at 07:25 AM.]

David Pennybaker · From: Conroe, TX USA

Doug Garrick · From: Grand Junction, CO

Your absolutely right Jack, and I agree completely. My point was, if a person opted not to use a firewall of some type, to try to limit the window of vulnerability to that time that the computer physically powered on. I would never try to encourage anyone into NOT using some sort of firewall or at very least 'hardening' their computer by disabling all 'listening' ports and services.

David Pennybaker · From: Conroe, TX USA

Doug Garrick · From: Grand Junction, CO

Steve, I would recommend 'powering down' the unit until you get some sort of protection.

I can't speak much about the online banking, I'm not too familiar with that yet.

To answer your question about the work laptop... I use my work laptop in exactly that fashion. When I am working at home (which is all to often) then I use the dial-up networking to connect to the office. When I want to use the internet for non-work related stuff and I can't fight my way to one of my home computers (too many teenagers!) then I connect it to my home network and hit the internet via the cable modem. The only difference is that I run a firewall on that FreeBSD box instead of using a personal firewall.

If your laptop also has an ethernet adapter then you could configure that interface/adapter to work with the cable modem as well. Your laptop may already be configured. If you use the laptop at the office and the ethernet interface is configured to "Obtain IP address automatically" i.e. DHCP, then you should be able to take the cable that goes between your home computer and the cable modem and switch it that ethernet card on the laptop. If the laptop is configured with a static IP address then it gets a little more involved. With all said, please check with your I/T guys before you do either one. If it's ok with them, see if they'll put the Zone Alarm on it for you also.

Doug

Steve Feldman · From: Central MA USA

Good advice, fellers. I'll check it out with the I/T boys (and girls). Thanks.

One more question, though: DP said:

Jack Stoner · From: Kansas City, MO

Anytime you go on line, with whatever link method (dialup, DSL, Cable Modem, LAN Link, etc) you are at equal risk, while you are on line.

However, the "always on" links such as DSL or Cable are more at risk because as long as you are powered up (and the modem powered up) you are "on line" regardless if you have the browser or e-mail application running. Just as long as it's powered up it's "on line".

With a (good quality) firewall, you don't have to be constantly powering equipment down and up with these services. I shudder everytime someone says they power their equipment off and on frequently. My DSL modem is powered on all the time. My PC is left on all day (from the time it's initially powered on till it's powered off at night). There are exceptions, when I will be gone for 4 or more hours, but otherwise it's left on.

Bobby Lee · From: Cloverdale, California, USA

Internet banking, shopping, etc. is no less secure with a cable modem, Steve. The important thing, as always, is to make sure you have a secure socket layer (the padlock icon in the status bar) before sending sensitive information, and of course NEVER send sensitive information by email.

Jeff Agnew · From: Dallas, TX

There are two components to Steve's questions.

First, I'm going to disagree slightly with b0b's conclusion, though not with the specifics.

An SSL connection to an online banking server, or an eCommerce site, is fine if a hacker is trying to intercept your data/passwords from a remote location with a packet sniffer. That's because there's an encrypted connection between your computer and the server.

But the real problem is whether a cracker has installed a trojan on your system. Many popular variants, such as the sub7 bots, capture your passwords, account numbers, and other personal data as you type them. They send this information in the background to a central server where a cracker can retrieve them. Unless you have an effective tool to scan your system for trojans, you'll never know this is happening. Anti-virus software, BTW, does not provide effective protection against trojans.

A personal firewall such as Zone Alarm will detect the trojan attempting to make an outbound connection and, depending on how you set its preferences, alert you to the attempt. But it's better and more foolproof to block the trojan obtaining access to your system in the first place. Use a dedicated trojan sniffer, such as BOClean.

The second issue is whether cable modems are inherently less secure connections than dial-ups or DSL. They are, and for two reasons:

Cable modems use a shared connection between your computer and your cable provider. In effect, your PC is part of a large Local Area Network. If you have a cable modem, try this experiment: Open your Windows Explorer and click Network Neighborhood, then click Entire Network. You may be surprised to find other PCs listed. If they are there, they belong to your neighbors' PCs. Which leads to the second reason...
The default Windows network installation enables several security hazards. Now that you've seen your neighbors' PCs on the network, it's almost laughably trivial to crack them. How? By exploiting any of the myriad known Windows weaknesses. Most prominent of which is the fact that, again, the default Windows TCP implementation leaves your PC open to the world.

I'm not suggesting you do so, but an unscrupulous cracker could click on any of the other PCs visible in you Network Neighborhood and there's an almost certain chance at least one of them is wide open. That is, you can examine the PC's entire contents simply by using Explorer to snoop through the directories.

Obviously this is a Windows problem and isn't the fault of the cable modem itself. But coupled with the default Windows networking insecurities, the shared nature of a cable modem connection makes it imperative you secure your PC.

Dial-up and DSL connections, unlike cable modems, use dedicated connections between the PC and their service provider. Think of it as the difference between a telephone party line (if anyone is old enough to remember such things) and a private line.

Once a DSL/dial-up user gets past their provider and on the net, however, they are subject to the same security issues as the cable modem user.

Cable modem users should at a minimum:

Turn off Windows File/Printer Sharing. If you don't do anything else, do this. If you have it enabled, anyone can find your PC in Network Neighborhood and browse your hard drive. If you must enable sharing, set a password. It won't be impossible to break but it will deter casual snoopers.
Disable NetBIOS over TCP/IP. It's a huge security hole. Check out Steve Gibson's site at grc.com for instructions on how to do so.
Install a personal firewall. Zone Alarm is free, and it's effective.
Install anti-virus and anti-trojan software. And, most important, keep the virus/trojan definitions up to date. If you haven't done so since you purchased the software, you are essentially unprotected. New viruses and trojans appear every day.

Jeff Agnew · From: Dallas, TX

Sorry to be so long-winded but I forgot one other point.

Dave Van Allen · From: Souderton, PA , US , Earth

Thank You Jeff!!!

Forum Index > Computers	Goto page 1, 2 Next	Next oldest topic :: Next newest topic