In my wired-for-ethernet campus housing, however, all bets were off. I watched people remotely controlling each others’ computers as pranks, or discovering hackers had gotten onto their systems from halfway across the planet, and figured it was safer to use Linux most of the time. This actually got me in trouble with the network admin at one point, who decided I must be running a server and shut off my port. It did at least teach me to disable services that were turned on by default, though I saw no indication that anything on there was actually being abused.*

Then there were firewalled environments. Still back in college, we rigged up my parents’ house for a home network. My brother put together a Linux box to dial into the Internet and act as a gateway, and effectively everything inside the network was safe from direct attacks. No point in internal firewalls, and since everyone was savvy enough to avoid the really nasty stuff (which was easier at the time), virus scanners were only a precaution, rather than a necessity.

For the past few years I’ve mainly worked with firewalled or NAT environments. It’s like having a wall around the city, with a guard at the gate. Miscreants can’t wander in, so they have to try to bluff their way past the guard. “Look, I’m just an ActiveX control on a web page!” “Hey, I’m an e-mail attachment!” “Relax, I’m just an MP3! I know my file extension ends in .exe, but trust me!” So it’s all about keeping the pull traffic secure – the web and email clients, watching what you download, etc. Virus scanners help, but they should be your last line of defense, not your first.

Wireless changes everything, though. You’ve noticed modern cities don’t have walls? There are two reasons for that: The first is the rise of large nations. The walls are at national borders, not city limits (and they’re more likely to be fences or just guards than physical walls). The second: flight. Enemies can jump in an airplane, fly over your walls, and drop bombs anywhere inside until you shoot them down.

Similarly, a wireless access point makes it possible to fly right over that elaborate firewall on your Internet connection — indeed, right past the walls of your building — so it’s critical to secure a wireless network. The first time I turned on AirPort I spotted at least three access points!

So it’s back to treating the network as (potentially) hostile. Keep the patches up, of course — always keep the patches up — but install local firewalls. Turn off unused services. Limit or disable remote logins. And again, secure your wireless network! (See the previous link for some good resources, particularly “Securing Your Wireless Access Point: What Do All Those Settings Mean Anyways?” ) Mac OS X, most Linux distributions, and now Windows XP Service Pack 2 include built-in firewalls (but you have to turn them on), or you can install a product like ZoneAlarm. These days an unpatched Windows system hooked straight up to the Internet is broken into within an average of 20 minutes. This is what firewalls — whether network-level or computer-level — are for!

Just remember: Keeping your computer safe is like defending yourself against the dark arts:

Constant Vigilance!

* Actually there was one instance, but it involved Windows-style file sharing, and since I was actually running Samba under Linux, I was able to use settings that prevented them from really exploiting it. So not only could it have happened on a Windows box, it would have been far worse if it had.

Early in the year, figuring some sort of file-sharing was useful within the house, I set up two public shares, one read-only and one write-only. A folder where I could post things and a dropbox. Within a few months I’d forgotten about the dropbox. Sometime the following year I was cleaning up the system and stumbled across the folder. Embarrassingly, I discovered two very large MPEG files containing Entrapment. Apparently someone had found a writable share, uploaded it with the intent to transfer it somewhere else, and discovered they couldn’t get the file back. (This was exactly why I made it write-only in the first place — so it couldn’t be used as a transfer point). I told my brother about this, and he laughed and said, “At the very least they could have pirated a good movie!”

Do I need to download or install any special software to connect to the T-Mobile network?
The only software you will need is the software driver for your Wi-Fi 802.11b wireless network card and an Internet-ready web browser. The T-Mobile HotSpot service requires no additional software.

So far, so good.

What operating systems are currently compatible with the service?
T-Mobile HotSpot is not OS-specific, and will work with any operating systems as long as there is a compatible, Internet-ready browser such as Internet Explorer or Netscape Navigator.

Excellent! Since I’d never had a reason to research hot spot services before, compatibility in a Windows-centric world was definitely a concern.

Can I connect using a Macintosh computer?
Yes, T-Mobile supports Macintosh users. Macs with AirPort cards installed usually require little or no configuration.

Nice. Very nice!

At some point I’ll have to look into rate plans, see if we can get an existing-customer discount, and do some comparison shopping with other services.

First: familiarity. Since I hadn’t researched specific models, I wanted a brand I knew or had used before. This meant Netgear, Linksys, or Belkin.

Belkin was out of the question. In fact, I was muttering about how I’d never buy a Belkin router, when I was approached by a Belkin representative who proceeded to explain about how much better their product was than any of the others. The problem is that Belkin lost my trust last year when they set their routers to redirect web requests to their own advertisement page. (Basically one every eight hours until you bought the filtering service or clicked on an opt-out link on that web page). Aside from the annoyance factor, there’s a lot of web traffic that isn’t actually trying to load a web page. It could be your antivirus program trying to download new definitions, or your news reader updating an RSS or Atom feed. It could be Windows Update. Sure, they eventually disabled the “feature”, but come on!

So at that point it basically a toss-up between Netgear and Linksys. The Netgear packaging was more focused on the networking capabilities, and the Linksys packaging was more focused on the parental controls, so I went with the Netgear.

• It adds wireless capability.
• It can replace our hub.
• It can replace our router.
• We don’t need to find any more outlets or power strips. In fact, the end result is we’ve freed up an outlet.
• We don’t need to buy wireless cards for the computers we already have.

The AirPort Express looked nice, mainly for AirTunes, but we would have had to put it in the other room with the stereo anyway. And besides, none of Apple’s Airport stations have more than one LAN port – the assumption is you’re either going all-wireless or you’ve already got equipment for your wired systems.

So I should have thought of the hub immediately when the network started acting up today.

I had been on and off the computer and the net all morning with no noticeable problems, and Katie had been on for just a few minutes when it stopped loading websites.

The players involved:

• My computer, the homebrew Linux system
• Katie’s computer, the Mac G4
• The shared laptop (a PowerBook, not hooked up initially)
• The DSL modem
• The consumer-grade mini-router
• The ethernet hub
• Lots of cables

Initial troubleshooting:

1. Modem lights: all good.
2. Load a site from homebrew: check.
3. Ping G4: check.
4. Reset router: check.
5. Connect to router config: uh…. come on…

It was about that point that I looked at the hub and saw the insane amount of traffic apparently going between one of the computers and the router, along with a high number of collisions. Powering the hub off and back on didn’t seem to make a difference. Once I determined it was my computer, I disconnected it from the hub, and Katie was able to reach the web.

OK, so I’d found out what was preventing the G4 from connecting. Now I had to figure out what was going on. The traffic didn’t show up on any network monitors, and nothing seemed to be running to generate it. I started shutting services down one by one. No change. I logged off. No change. I deactivated the network and dropped to single-user mode. No change.

So I turned the machine off. Traffic stopped. (Good.) But the network card was chattering even when it was supposed to be inactive, which suggests either it was in some funny mode or it was broken. I hoped it was just some funny mode, because I really didn’t want to have to replace it. Aside from the whole disassembly process, it’s a combination USB2/Firewire/Ethernet card, so I’d need to either find another with the same combination or get a separate USB2/Firewire card… and I couldn’t remember whether there were enough free slots.

Power on. The insane network chatter started up during the BIOS check! There was no operating system running, and it was saturating the connection! Fine, I disconnected the computer and started trying to figure out whether it was something I could fix, or whether I’d have to replace the card.

At this point I pulled out the laptop and hooked it up so that I’d be able to do some troubleshooting online. But the weird thing was, the same bizarre traffic pattern was going on between the router and the laptop. Again, no sign of any network hogs actually on the system. I started to get suspicious.

I hooked my system back up to the network, watched the hub go insane, and then disconnected the router. Now, the ridiculous traffic was going between my computer and the laptop!

So here’s the situation:

• One device (the G4) seems okay.
• Of three other devices (including the connection to the Internet), any two cause the network to be flooded.
• What’s left that hasn’t been changed? The hub

Fortunately, I never got rid of the old 10-baseT hub when we went to 10/100. I dug it out of the closet, hooked up all the computers to it instead of the faster one, and you know what? Everything worked.

So now we need to head over to Fry’s or someplace and pick up a new hub. I’m hoping to find a wireless access point that has enough physical ports, because then we only need to get one device. (We want to go wireless for the laptop, but the other machines — with the possible exception of the G4 — still need cables.)