Archive for August, 2008

Several people have asked me to describe how I would go about building a sensible home network that would be highly functional, inexpensive, and teach them a bunch about networking technologies while they did it.  Since this is a very do-able project and has several real benefits, I’ve decided to take it on.  So I’ll be writing a few posts to walk you through the process; it’s easier than you might think but of course it can always be made easier, and I’ll try to do that.

What I’ll describe is modular — you can do all of it, or a part of it, depending on your interests.  This isn’t the easiest way to bring the Internet into your home, because I’m assuming that you’ld like to learn how things really work.  But follow this through, and you’ll end up with an industrial-strength bastioned netowrk that looks like it belongs in a company.  And, it’ll be (relatively) cheap.  And I promise, (relatively) easy.

We’ll be using almost exclusively open-source software, relatively generic PCs of whatever vintage you can afford, and some cheap networking components like switches from Best Buy or whoever.  You’ll be running things like Ubuntu Linux, an Astaro firewall, the famous Apache web server (which powers over half the websites on the Internet), the Postfix mail server, and the Bind DNS server.  Cool stuff!

Why do this?  Here’s what the typical “home network” looks like, out of the box:

Not very exciting, nor capable, and actually not very secure as the “firewall” generally blocks incoming traffic but allows rather promiscuous outgoing connections, thus restricting almost nothing, and has no attack detection and prevention beyond blocking “ping of death” and the like attacks.  Plus, of course, the router / AP / firewall is also handling DHCP, DNS caching, and all manner of other things, so if it gets penetrated, everything’s there, you’re toast.

What things will look like when we’re through with our efforts will be like this:

The key here is that the Serious Firewall Gateway will really let you get granuar about which machines in your network get to do what, and to mount some industrial-strength penetration-protection, and by having a DMZ port on that machine you can separate the Internet-facing machine, your web server and mail server, from your internal network.

And on the logical inside, you can have a small server supporting shared files, a caching DNS server, DHCP, shared printing, and whatever else suits your fancy.


You will have to buy a few things.  There are three PCs, plus one or two little Linksys or whatever 4-port switches, and some wire.  The switch might also be your access point (AP) for the wireless access.  The modem will be furnished by your ISP.

The PCs need not be particularly powerful or have double-oodles of disk space, necessarily.  Relatively generic grey boxes will do, I’ve used Compaq Penium 3s and Dell Pentium 4s with clock speeds ranging from 700 MHz to 2.8 GHz.  The biggest disks should go on the shared-file server, the fastest machine should be the firewall machine, and hte web / mail server can be surprisingly light.  All this stuff is available on eBay or from the Dell factory store.  Newer desktop PCs in the $500 price range work just fine.  If you can spring for a real server with RAID-5 and so on, how much the better.  But they’re not all that necessary.

A Domain Name

Before you do anything else, get yourself a domain name, like joedoaks.com or the like.  Register it through GoDaddy, very straightforward and $10 / year.  For a setup like this, you deserve your own domain!

What you should already know and have

I’m kind of assuming you already know a little about TCP/IP, DNS, and the rudiments of Internet technology.  But part of this exercise is to help you learn more, so just brief yourself on the basics and you’ll be ready to go.  So, you probably have your personal PC and some way to connect to the Internet.  The first thing we’ll do is build a better firewall, so go shopping for that machine first.  This machine needs to be fairly fast, have as much memory as you can afford, but probably doesn’t need more than 30 GB of disk space.  AND, importantly, it needs to have expansion slots where you can put in two more LAN cards, this is a must.

More in the next installment, where we’ll build the firewall on this machine.

Read Full Post »

I’ve written a series on Internet malware (see the tags), during which I’ve gotten progressively more pessimistic about the state of the Internet as regards increasingly aggressive malware infections. I’m concluding that people aren’t worried enough about what their computer is up to behind their back. But now I want to spend a moment debunking at the other end of the scale — the currently received wisdom that our kids are at the mercy of Internet-based pedophiles, molesters, rapists, and kidnappers. If you have a short attention span, here’s the answer: they aren’t in any such danger, and they’re skillful enough to defend themselves from these vermin with no difficulty.

Now, part of the reason for this is that today’s younger generation, and I’m talking about kids from 10 to young adults of 25 or so, have an Internet-mediated life that is unbelievably rich and varied, and which they control and manage with considerable skill. If you’re a parent, and you email, fine, but they are light-years ahead of you. They consider email rather dull and lifeless; they text-message with their camera cell phones, they user services like Twitter to broadcast what they’re up to, they forward pictures back and forth from computer to cell phone and back, they have websites and (more importantly) FaceBook sites, they instant message with each other from a variety of devices . . . the list goes on and is actually evolving and expanding as we sit here. And you, who think email is pretty exciting, are going to be able to assess risk for them, and control the situation? Do you Tweet? Come back and see me when you do.

Are they going to be willing to give this rich social environment up because there are a few creeps out there? They are not. At the upper end of this age spectrum, these facilities help kids keep in touch when they go off to college, and then when they graduate, as they again disperse to go find jobs. These kids are keeping in touch on a daily basis, around the world, around the clock, and they love it. At the bottom end, 10 and 11-year-olds far from retreating into their computers, are richening their social environment via the Internet as we used to do, in the days of the ancients, by telephone after school. But they keep it up at their brother’s sports practices, while shopping with their parents, and even right in movies.  They’re glued into multiple social contexts and they shift back and forth instantly.

And at all ages, they experiment with their “selves.”  Here in meatspace, where we are only who we are, we can’t escape ourselves.  But online, kids can, if they’re clever, reinvent themselves — kids make themselves older, or boys try being girls and vice-versa, or pretend to be very much cooler than they are, convince others that they’re really braniacs interested in chess . . .  without having to really be that, or carry it off in real life.  What’s so bad about that?  Just another kind of growing up, I would say.

I think most studies have shown that kids who run off and meet unknown people they’ve come in contact with over the Internet are kids who are already engaging in risky or even self-destructive behavior in real life — the real world drives their Internet bahavior, not the other way around.

So buck up.  Basically, until you are enrolled in Twitter, it’s your kids who are going to be protecting YOU online.

Read Full Post »

The Russian bear comes roaring back, 15 years after the collapse of the Soviet Union, with an unprovoked attack on the Republic of Georgia to ostensibly look after the interests of the ethnic Russian population of the province of South Ossetia.  This is a conflict that has been brewing since the demise of the USSR, as Georgia has attempted to forge links with Europe and to follow a democratic path to an open, westernized society.  Unfortunately, the Russians still find that kind of thinking unacceptable and decided to act.

And, the worst part is, we can’t do anythinig at all about it, thanks to our misguided advernturism in Iran and Iraq.  Our military is stretched to the breaking point in those two wars, we’re out of money, and — worst of all — the Bush Administration has squandered our moral authority to even decry their little war.  After all, if we can just go and attack a country because we’re wheezed off at their leader and his ideas, why can’t the Russians do the same to a country that borders them?  They’re just imitating us, we who “won” the Cold War.

What have we become, but the old-style Imperialists that the Communists always decried?  Cheny and his henchmen believe that because we won, and because of 9/11, and for whatever other reasons they choose to use, there is some kind of “new reality” that allows these things.  Now, in a most unpleasant manner, we have been introduced to the new reality.

As Pogo the Possum once said, “we have met the enemy and he is us.”  Or, the old saying “power corrupts, and absolute power corrupts absolutely.”

Read Full Post »