{"id":590,"date":"2014-06-02T17:07:16","date_gmt":"2014-06-02T22:07:16","guid":{"rendered":"http:\/\/www.webadminblog.com\/?p=590"},"modified":"2014-06-02T17:56:49","modified_gmt":"2014-06-02T22:56:49","slug":"rise-of-the-personal-firewall","status":"publish","type":"post","link":"https:\/\/www.webadminblog.com\/index.php\/2014\/06\/02\/rise-of-the-personal-firewall\/","title":{"rendered":"Rise of the Personal Firewall"},"content":{"rendered":"<p>The other day I read that Comcast is launching <a href=\"http:\/\/articles.chicagotribune.com\/2014-03-05\/business\/chi-chicago-public-wifi-comcast-20140304_1_xfinity-wi-fi-moffettnathanson-public-wi-fi-hot-spots\" target=\"_blank\">a new plan<\/a> to turn home internet users into unwilling participants in their new global wifi strategy.\u00a0 I&#8217;m sure that they will soon be touting how insanely awesome it will be to get &#8220;full strength&#8221; internet access virtually anywhere just by subscribing to this service.\u00a0 Other than the issues with taking a service that the consumer already pays for and carving out their bandwidth for other people, the security practitioner in me can&#8217;t help but wonder what the security ramifications of sharing an internet connection like this actually means.\u00a0 Combine this with the default access to your cable modem that your service provider already has, and it paints a very scary picture of network security for the home user.\u00a0 It is no longer sufficient (if it ever was) to rely on your cable modem for network access controls.\u00a0 Thus, I am advocating in favor of placing a personal firewall between your cable modem and your network for all home internet setups.<\/p>\n<p>Now, it&#8217;s not as bad as you may think.\u00a0 It doesn&#8217;t have to be some crazy expensive piece of equipment like you&#8217;d purchase for a business.\u00a0 Even the basic home gateways come with the ability to do Network Address Translation (NAT) which effectively turns your internet connection into a one-way pipe.\u00a0 All I&#8217;m saying is that instead of plugging your network devices directly into the cable modem for Internet access, you should use your own hardware and draw a clear &#8220;line in the sand&#8221; between your equipment and theirs.\u00a0 In addition, I would advocate that you should no longer consider the wifi access provided by the cable modem device as safe and should use your own equipment for this access.\u00a0 In other words, treat anything on the WAN side of your home gateway\/personal firewall as untrusted and protect against it accordingly.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The other day I read that Comcast is launching a new plan to turn home internet users into unwilling participants in their new global wifi strategy.\u00a0 I&#8217;m sure that they will soon be touting how insanely awesome it will be to get &#8220;full strength&#8221; internet access virtually anywhere just by subscribing to this service.\u00a0 Other [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[71,70,28,19],"tags":[576,577,467,574,575,24,500,505,73,622,578,124],"class_list":["post-590","post","type-post","status-publish","format-standard","hentry","category-firewalls","category-networking","category-security","category-wireless-networks","tag-abuse","tag-address","tag-cable","tag-comcast","tag-home","tag-internet","tag-modem","tag-nat","tag-network","tag-security","tag-translation","tag-wifi"],"aioseo_notices":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/pfI0c-9w","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/posts\/590","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/comments?post=590"}],"version-history":[{"count":1,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/posts\/590\/revisions"}],"predecessor-version":[{"id":591,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/posts\/590\/revisions\/591"}],"wp:attachment":[{"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/media?parent=590"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/categories?post=590"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/tags?post=590"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}