Devices that provide hardware firewalls usually need to be configured. It may be that the default factory settings are OK, and you don’t need to do anything extra. But, it would be good to contact your ISP, and ask if they have instructions for configuring your firewall with high security.
For example, I just installed a wireless router for my mother-in-law. The wireless router ( a ZyXEL PK5001Z) was supplied by and configured by her ISP (CenturyLink). It had a hardware firewall built into it. When I checked the configuration pages, I found that the default security settings were more lax than I would want. To be honest, I can’t remember if it was blocking unsolicited inbound packets or not. But, I do remember that the default security settings were pretty lax. So, I configured it more securely. During some troubleshooting, I had to reset the router to factory settings, and then the security options were lax again. Ugh. Time to reconfigure…
Now, CenturyLink knows about network security (all ISPs do). They have a division of their business that caters specifically to network security. For small businesses, CenturyLink will manage your network. (I found this while googling about other security topics – it was a paid-for banner ad at the top of my search results.) For large businesses, CenturyLink has an entire smorgasbord of network security offerings. But, for the average homeowner just wanting Internet connectivity, it’s harder for CenturyLink to offer the service and stay profitable, so they will opt to configure things so that people don’t complain and call their support desk, and that usually means lax security. If you want more security, you will need to explicitly configure your device to do that.
The US Government CERT website has some really good references here:
- http://www.us-cert.gov/sites/default/files/publications/HomeRouterSecurity2011.pdf
- http://www.us-cert.gov/sites/default/files/publications/Wireless-Security.pdf
What to do:
a) If your ISP provided a hardware firewall (or some other networking hardware that has a firewall built into it), contact them, and ask for instructions for how to securely configure your hardware firewall.
b) If your ISP DID NOT provide you a hardware firewall, call your ISP, and give them an earful for letting your computer get infected. Then, go buy a hardware firewall, or a wireless router that has a firewall built into it.
c) Get someone to help you install it and configure it. You may need your ISP to help you on this one, because router configuration can be tricky.
Recent Comments