OR WAIT null SECS
Paul Bleicher examines the pros and cons of broadband Internet technology and explains how to build a home network and make it secure.
Since the bursting of the dotcom bubble, recreational technology users have had a lot less fun. Our favorite Web sites have disappeared, news magazines are no longer filled with technology toys that we want to buy, and our attention is focused on technologys practical business uses, which demonstrate return on investment. This column will change all that and more. Lets examine a relatively new bit of personal technology for your home that is relatively inexpensive, practical, time-saving, fun to install and use (at least for techies like me!), and very important for protecting the security of your datathe home network. Let me demystify home networks and convince you of their value and their ease of use. Along the way, I hope you learn a bit about networks, firewalls, security, virtual private networks, and configuring a clinical site for optimal data security.
Broadband Internet connection
Before we get to home networks, we have to discuss a bit about broadband Internet connections. Broadband Internet connectivity is rapidly replacing dial-up connections in many homes. Internet connections through broadband most commonly include standard cable lines (the same ones from which you get your cable TV) and cable modems or digital subscriber line (DSL) connections through specialized telephone lines. The data transmission speeds for downloads in a broadband connection typically range from 128 kilobits per second (kbps) up to, theoretically, 6100 kbps for DSL and 384 kbps to 2000 kbps for cable modems, compared with the typical 33 kbps to 52 kbps for a dial-up modem. Information moves 10 to 100 times faster with a broadband connection compared with a dial-up. For those who havent experienced it, such a connection is breathtakingly fast. A 10 MB file download that takes an hour on a dial-up connection can happen in less than a minute, and Web site access is more or less instantaneous.
Internet connections through broadband bring many advantages. Your home Internet connection will be as fast, or faster, than your work Internet connection. You can use a virtual private network (VPN) to access your work computers at the same speed that you do at work, giving you complete access to your work computer network from home. This makes it possible to telecommute without any data disadvantage. Broadband connections are usually $39 to $75 per month and currently are available in a very large percentage of the area of the United States. Balance this against the cost of an Internet service provider (ISP; from $10 to $20 typically) and a second phone line, both of which are unnecessary with broadband connectivity. Furthermore, with broadband Internet access your computer can be always onno log-ins or dial-ups are needed, so you can view a Web page at a moments notice, or check your email regularly. With instant Web access, family members who couldnt be bothered dialing in will soon be shopping, looking up phone numbers, or paying bills.
Now that you are sold on broadband connectivity and have your computer online, you need to know the bad news. You are now part of a large wide area network (WAN) and completely vulnerable to having all the data on your computerpersonal or work-relatedexamined, copied, erased, altered, or otherwise vandalized. Many people are shocked to learn this. They blissfully called their cable company, added broadband connectivity, and went about their business. As did I, until I heard about my friend David (the name has been changed to protect the innocent).
Davids story. David is a home-based consultant who had a broadband Internet connection to his home computer through his cable company. One evening, his neighbor down the street called him and began relaying his knowledge of personal details concerning finances. His neighbor was also a cable Internet subscriber and had clicked on his Network Neighborhood icon and discovered Davids computer right there, next to his. So, the neighbor clicked on the hard disk and found that Davids hard disk was now a folder on the neighbors desktop. Any and all of Davids files were viewable, editable, and deletable. Although this scary scenario is now less likely than in the last few years, a hacker can gain access to your computer with little more effort than that taken by Davids neighbor.
Hackers. Perhaps you are not worried about hackers looking at your home computeryou figure that it would be too much bother for them to find you and figure out how to break in. Unfortunately, there are many high school and college-age hackers with powerful tools (downloaded for free from the Internet) that allow them to automatically search for vulnerable computers and hack into them for fun. The programs systematically ping a range of Internet Protocol (IP) addresses by sending a packet of data and then waiting for the automatic response that all computers are programmed to send out. When they get a response, these programs log the address of the responding computer for the hacker to examine later. In fact, these ping sweeps happen constantly, and your computer has probably been pinged in the last 24 to 72 hours if it is online. After finding a vulnerable home computer, a hacker often can enter without any passwords at all.
Do the security issues of broadband keep me from having my home computer on 24/7/365? No, I have a home network with appropriate security set up. Countless variations on home networks are available. The purpose of this article is not to go through the spectrum of such networks. You can, for example, find a great amount of basic information and home network product reviews at www.practicallynetworked.com.
Setting up a home network
I will summarize an easy-to-set-up, wireless home network that can cost less than $200, allows you to legally (if concerned, consult your local broadband provider) share your broadband connection, and provides effective security for your data.
Remember, there is no such thing as absolute security. If someone wants to break into your house, it doesnt matter how many alarms, armed guards, and locks you haveif they want to bad enough and have the resources, they can break in. The same applies to any computer network.
The core of the home network is a network router, firewall, and Dynamic Host Configuration Protocol (DHCP) server (often termed broadband router). Dont be put off by the technical wordsthey are simple to understand. Physically, these three things come together as a small box the size of a paperback book that costs from $89 to $179. They are manufactured by companies such as SMC, 3Com, Orinoco (Lucent), and LinkSys among many others. You have probably seen them and walked right past them in your local computer store. When you install one of these boxes, the cable wire comes into your house, connects to a modem, and the output line of your modem connects to the broadband router. We will now discuss each of these three basic functions in turn.
The DHCP server. The first function is that of a DHCP server. For those of you who currently have cable modems without a broadband router, your computer is hooked directly to the cable modem and is automatically assigned an IP address by your cable company or ISP. The IP address is a simple number that looks like this: 188.8.131.52. This address uniquely identifies your computer on the Internet, much as your home address uniquely identifies your home. Without an IP address, you cannot access the Internet or be a part of a network. IP addresses sometimes change from week to weekbut that is beyond this discussion. In any case, the IP address is the unique address that can tell hackers where your computer is and also serves as your front door. When you install the broadband router, you replace your computer with this small box. The box itself is assigned the IP address and communicates back and forth with your ISP. Installing this device can now be done in a few minutes, with little or no knowledge of computers, through new wizards that come packed with the boxes.
So, you may be asking, where does my computer fit into all this? Quite simply, one of the outbound ports on your router (typically there are 3 to 12 wired ports) is plugged directly into your computer with an Ethernet wirethe same one that you used to plug your computer to the cable modem. All that is left is getting your computer an IP address, a necessary requirement to being on the Internet or part of a network. This is done automatically by the DHCP server. This part of the box creates a set of private internal IP addresses. Not only are these addresses not visible to the outside world, but they are a special type of address that will only work in a local area network. You cant use them to reach a remote computer across the Internet even if you knew what the private IP address was. The DHCP server leases and assigns an IP address to each computer that gets hooked up to one of its ports and requests an IP address to be assigned. Once this internal IP address is assigned and automatically installed on the computer, the computer can be a part of the network. For the sake of argument, lets say that you hook up three computers to the router/firewall/DHCP server, and that each is assigned an internal IP address.
The network router. The next function is the router function. A router is a device that connects at the gateway between two networks. The router receives packets of data from one computer, determines the next point where they should be forwarded, and forwards them. The router acts like a postal sorting machine, which reads zip codes on letters and automatically sends them to the next sorting facility or postal carriers bag.
In the case of the home network we are building, the router is located at the gateway between the outside networks or WAN (in this case, the Internet) and the internal network or local area network (LAN). If you start to download a file from the Internet, your computer with an internal IP address makes a request in the form of packets of data and sends it to the router. The router understands that the request is intended for a Web server (say www.tucows.com) and forwards the packets to it. When the file begins to download from the server, the router receives the packets of downloaded data, and routes them to your computer alone, and not the other two computers on the network. This type of routing happens all along the path of data, but only your local router is relevant to this discussion. Alternatively, the router can receive a download request from one computer on the internal network to another computer on the same network. It channels these packets and the responses between the two internal computers.
One of the advantages of having private IP addresses is that these are not known to the outside, and cant be easily addressed by outside IP addresses. Therefore, your internal computer exists in stealth mode, invisible to the outside world. When your router sends packets from your computer to the outside world, it also changes the return IP address on the packet to match its own IP address and not the address of the original computer, using a method called Network Address Translation (NAT). One secure side effect of NAT is that the outside world never knows the actual internal IP address of your computers, making attacks by hackers even more difficult. In addition, your router can be set to ignore pings rather than reply to them as usually done. This simple measure will prevent your network from appearing on a list of ping sweeps by a hacker. Between these two functions, you have come a long, long way in protecting your data and privacy. To go further requires an active firewall.
The firewall. While excellent software firewalls exist (one of the best is actually free at www.zonealarm.com), the easiest and most effective firewall is one that is part of a hardware router. Firewalls are programs that examine each packet of data before routing it. They examine incoming and outgoing packets of data. Firewalls follow rules to determine whether to forward a packet or not. For example, a firewall can be set up to disallow any incoming packets that dont represent Web page traffic. Or they can be set up to disallow any packets that might be communicating on the port that allows downloading access to your computer.
Going outbound, a firewall can easily be set up to prevent specific computers on your network from accessing particular Web pages. Particular computers can be blocked from Internet access between 6 p.m. and 9 p.m. on weekdays (homework timeare you getting some ideas?) and can be set up to similarly exclude things like game traffic and Instant Messenger traffic. The usefulness of a firewall is only limited by the creativity and thoroughness of the network administrator (you, on your home network). Be warned, though. It is easy to change the default setting of the firewall, but to do so you will need to first educate yourself to understand some technical jargon.
Wireless communication. Finally, most of the inexpensive routers now come with a built-in wireless access point. This means that the router and DHCP server can also route packets and assign IP addresses to laptop computers and desktop machines that are connected through wireless data transmission that is almost as fast as wired linkups. Operating more or less like a cordless telephone, your router can communicate with a wireless card on each computer for $50 to $80 and connect them to the Internet and your internal network without any wires. The ability to connect to your local network without wires can be a godsend for the home or office that lacks network cabling installed in the walls. Most wireless routers/ DHCP servers can handle over 200 wireless computers. If you are going the wireless route, you will need to use data encryption that is built into these devices.
To set up an internal network you will also need to make a few setting adjustments on your individual computers so that they can communicate with one another. These are easily done, but are beyond the scope of this article. Information and resources can be found at various sites, including the Practically Networked site mentioned earlier.
Finally, if you decide to be a real network pro, you can buy a slightly more expensive broadband router that can act as a VPN endpoint. Using software built into the operating system, you can create a completely encrypted, secure pipeline between any computer (at work, a laptop in hotel, and so on) and your computer at home. This VPN gives you complete access to all the files on your home network (as long as the computers are turned on) with great security.
The principles discussed in this article are completely applicable to a physician group practice or clinical trial site. With a minimum of fuss you can set up a network for your clinical trial site, and have wireless laptops available in your exam rooms for collecting subject data. The future is yours. Carpe diem!