The basic Internet-based
"Broadband" is the general term used to refer to high-speed
network connections. In this context, Internet connections via
cable modem and Digital Subscriber Line (DSL) are frequently referred
to as broadband Internet connections. "Bandwidth" is the
term used to describe the relative speed of a network connection --
for example, most current dial-up modems can support a bandwidth of
56 kbps (thousand bits per second). There is no set bandwidth threshold
required for a connection to be referred to as "broadband",
but it is typical for connections in excess of 1 Megabit per second
(Mbps) to be so named.
Cable modem access
A cable modem allows a single computer (or network of computers) to
connect to the Internet via the cable TV network. The cable modem
usually has an Ethernet LAN (Local Area Network) connection to the
computer, and is capable of speeds in excess of 5 Mbps.
Typical speeds tend to be lower than the maximum, however, since cable
providers turn entire neighborhoods into LANs which share the same
bandwidth. Because of this "shared-medium" topology,
cable modem users may experience somewhat slower network access during
periods of peak demand, and may be more susceptible to risks such
as packet sniffing and unprotected windows shares than users with
other types of connectivity.
Digital Subscriber Line (DSL) Internet connectivity, unlike cable
modem-based service, provides the user with dedicated bandwidth. However,
the maximum bandwidth available to DSL users is usually lower than
the maximum cable modem rate because of differences in their respective
network technologies. Also, the "dedicated bandwidth" is
only dedicated between your home and the DSL provider's central office
-- the providers offer little or no guarantee of bandwidth all the
way across the Internet.
DSL access is not as susceptible to packet sniffing as cable modem
access, but many of the other security risks we'll cover apply to
both DSL and cable modem access.
The difference between broadband services and traditional dial-up
Traditional dial-up Internet services are sometimes referred to as
"dial-on-demand" services. That is, your computer only connects
to the Internet when it has something to send, such as email or a
request to load a web page. Once there is no more data to be sent,
or after a certain amount of idle time, the computer disconnects the
call. Also, in most cases each call connects to a pool of modems at
the ISP, and since the modem IP addresses are dynamically assigned,
your computer is usually assigned a different IP address on each call.
As a result, it is more difficult (not impossible, just difficult)
for an attacker to take advantage of vulnerable network services to
take control of your computer.
Broadband services are referred to as "always-on" services
because there is no call setup when your computer has something to
send. The computer is always on the network, ready to send or receive
data through its network interface card (NIC). Since the connection
is always up, your computer’s IP address will change less frequently
(if at all), thus making it more of a fixed target for attack.
What’s more, many broadband service providers use well-known IP addresses
for home users. So while an attacker may not be able to single out
your specific computer as belonging to you, they may at least be able
to know that your service providers’ broadband customers are within
a certain address range, thereby making your computer a more likely
target than it might have been otherwise.
The difference between broadband access and the network I use at work
Corporate and government networks are typically protected by many
layers of security, ranging from network firewalls to encryption.
In addition, they usually have support staff who maintain the security
and availability of these network connections.
Although your ISP is responsible for maintaining the services they
provide to you, you probably won’t have dedicated staff on hand to
manage and operate your home network. You are ultimately responsible
for your own computers. As a result, it is up to you to take reasonable
precautions to secure your computers from accidental or intentional
A protocol is a well-defined specification that allows computers to
communicate across a network. In a way, protocols define the "grammar"
that computers can use to "talk" to each other.
IP stands for "Internet Protocol". It can be thought of
as the common language of computers on the Internet. There are a number
of detailed descriptions of IP given elsewhere, so we won't cover
it in detail in this document. However, it is important to know a
few things about IP in order to understand how to secure your computer.
Here we’ll cover IP addresses, static vs. dynamic addressing, NAT,
and TCP and UDP Ports.
IP addresses are analogous to telephone numbers – when you want to
call someone on the telephone, you must first know their telephone
number. Similarly, when a computer on the Internet needs to send data
to another computer, it must first know its IP address. IP addresses
are typically shown as four numbers separated by decimal points, or
“dots”. For example, 10.24.254.3 and 192.168.62.231 are IP addresses.
If you need to make a telephone call but you only know the person’s
name, you can look them up in the telephone directory (or call directory
services) to get their telephone number. On the Internet, that directory
is called the Domain Name System, or DNS for short. If you know the
name of a server, say www.cert.org, and you type this into your web
browser, your computer will then go ask its DNS server what the numeric
IP address is that is associated with that name.
Every computer on the Internet has an IP address associated with it
that uniquely identifies it. However, that address may change over
time, especially if the computer is
dialing into an Internet Service Provider (ISP)
connected behind a network firewall
connected to a broadband service using dynamic IP addressing.
Static and dynamic addressing
Static IP addressing occurs when an ISP permanently assigns one or
more IP addresses for each user. These addresses do not change over
time. However, if a static address is assigned but not in use, it
is effectively wasted. Since ISPs have a limited number of addresses
allocated to them, they sometimes need to make more efficient use
of their addresses.
Dynamic IP addressing allows the ISP to efficiently utilize their
address space. Using dynamic IP addressing, the IP addresses of individual
user computers may change over time. If a dynamic address is not in
use, it can be automatically reassigned to another computer as needed.
Network Address Translation (NAT) provides a way to hide the IP addresses
of a private network from the Internet while still allowing computers
on that network to access the Internet. NAT can be used in many different
ways, but one method frequently used by home users is called "masquerading".
Using NAT masquerading, one or more devices on a LAN can be made to
appear as a single IP address to the outside Internet. This allows
for multiple computers in a home network to use a single cable modem
or DSL connection without requiring the ISP to provide more than one
IP address to the user. Using this method, the ISP-assigned IP address
can be either static or dynamic. Most network firewalls support NAT
TCP and UDP Ports
TCP (Transmission Control Protocol) and UDP (User Datagram Protocol)
are both protocols that use IP. Whereas IP allows two computers to
talk to each other across the Internet, TCP and UDP allow individual
applications (also known as "services") on those computers
to talk to each other.
In the same way that a telephone number or physical mail box might
be associated with more than one person, a computer might have multiple
applications (e.g. email, file services, web services) running on
the same IP address.
Ports allow a computer to differentiate services such as email data
from web data. A port is simply a number associated with each application
that uniquely identifies that service on that computer. Both TCP and
UDP use ports to identify services. Some common port numbers are 80
for web (HTTP), 25 for email (SMTP), and 53 for Domain Name System
A firewall is "a system or group of systems that enforces an
access control policy between two networks." In the context of
home networks, a firewall typically takes one of two forms:
Software firewall - specialized software running on an individual
Network firewall - a dedicated device designed to protect one or more
Both types of firewall allow the user to define access policies for
inbound connections to the computers they are protecting. Many also
provide the ability to control what services (ports) the protected
computers are able to access on the Internet (outbound access). Most
firewalls intended for home use come with pre-configured security
policies from which the user chooses, and some allow the user to customize
these policies for their specific needs.