A simple, inexpensive means of improving network security--
A topic that has been discussed several times in this forum, and at the
AMMRL meeting at the past ENC at Asilomar, is security of spectrometer
(and other) computers that are on LANs connected to the Internet. Many
of us have had the mortifying experience of having one of our computers
cracked into by an outsider bent on making trouble. The standard
response to such an invasion is: "undo the network connection, reformat
the disk, reinstall the OS, reinstall the application software." And
get everything working again. Computer networking and security are
complex matters, and most of us have little understanding of these
things, and little inclination to learn more about this stuff than we
must to keep our spectrometers operating and get our work done.
Fortunately there is a simple and inexpensive step we can take to
greatly improve the security of our computers.
This solution is to connect our laboratory network (or even a single
computer) to our enterprise network through a "Cable/DSL Gateway
Router." These devices were designed to allow a cable or DSL subscriber
to connect a small local network of computers to the service, using only
a single IP address from the service provider. The devices use a method
called network address translation (NAT) to allow multiple computers on
a private network to connect to the outside using a single globally
unique or registered IP address. They provide firewall features, in
that outside computers are unable to learn of the existence of the
private network addresses, some of the routers offer various packet
filtering schemes, and the routers also provide for servers to run on
the private network using "port mapping." Depending on the model, up to
253 private network addresses can be accommodated (that's a lot of
spectrometers), and some include 10/100 switches. They are easily set
up and administered, with Web browser or Telnet connections. Best of
all, they are inexpensive - $100 to $250 or so. Manufacturers of these
devices include:
Netgear (RT311, RT314)
http://www.netgear.com/
Linksys (BEFSR11, 41, 81)
http://www.linksys.com/
SMC Networks (Barricade)
http://www.smc.com/
I am sure there are others. This is a rapidly growing market, with the
proliferation of cable modem and DSL users across the country. The WWW
sites offer data sheets and manuals for the gateway routers, and some
have tutorials as well. The routers are available from most of the
usual catalog vendors, such as PC Connection, Mac Warehouse, etc. I
have been using a Netgear RT311 for a short while, and it seems to work
as advertised. In addition to the security provided, we can now connect
as many devices as we want, creating our own private IP addresses,
paying the University for one registered address, and generally
simplifying the network hassle. In our department, we plan to take most
of the 400 or so computers off the 130.132. Yale domain and put them
behind these gateway routers on private networks.
Ben Bangerter
Received on Thu Nov 30 2000 - 17:20:12 MST