Secure Your Home Network: What is a Firewall and why do you care?

Forget about the Internet and security for a moment - you already own something with a firewall.  Your car has one between the engine and the passenger compartment, even if your car isn't a sweet 1969 Dodge Charger.

 

The firewall in your car is designed to contain engine fires to the engine compartment, not letting the flames spread to the passengers.  Firewalls have been around cars for a long, long time - certainly since the 1930s, and probably a lot longer.

Now back to the Internet and security.  Internet firewalls are designed to keep bad things (and Bad Guys) out of your network, so they don't burn down all your devices.  Yes, I stretched that metaphor, but that's exactly where the name came from.

An old Internet wag once described a firewall as a device that "keeps the bad guys out while letting the good guys out".  That's a really good description.  Internet firewalls have been around for basically as long as there has been an Internet, say from around 1990.  The technology is very well understood, and very mature.  That's the good news.

The bad news is that there are a million ways to set up your firewall so it's more full of holes than Swiss cheese. This post will try to help you avoid this.

More good news: your Internet Provider almost certainly has a firewall capability in hte box that gives you Internet access.  For example, if you get Internet via cable TV, you have not only a cable box that changes channels, you have a separate box that gives Internet.  That thing has a firewall built in, so yay.

You an check this yourself via a web site that I've linked to a number of times over the years, Steve Gibson's Gibson Research.  You should see something that looks like this:

Green is good. 

So what went on when you ran that?  There are a bunch of Internet services like web, email, and so on.  Each uses a "port" - email is 25, web is 80, there are a bunch of others.  What Gibson's app did was to try to connect to all of these posts on your IP address.  Ideally, your firewall (like mine) dropped these connections in the trash can.

So from a first cut, your firewall is letting you out onto the Internet (so you can read this, hello!) but keeping the Bad Guys out. 

But the devil is in the details of how we (and our devices) use the Internet.  The next post in this series will explore this: Secure Your Home Network: Can (and should) you trust your devices?

Secure Your Home Network: Introduction

This is the beginning of a new series about what (mostly) non-technical readers can do to lock down their home networks to a decent level of security.  I need to start with some caveats here:

1. It's pretty easy to protect yourself from "script kiddies" (Bad Guys who just use canned exploits without knowing much (or anything) about you or your home network.  Hopefully the posts in this series will make you, if not impervious to, at least unreasonably difficult for these attackers.
2. It's harder to protect yourself from a knowledgeable and determined attacker.  Someone with skill, time, and motivation to attack you is a dangerous opponent.  Hopefully the posts in this series will increase the required time, skill, and motivation needed for these Bad Guys to succeed.  Basically, it raises the cost for them to attack you which is A Good Thing.
3. At the end of the day, you can't protect yourself from NSA or FSB (the KGB successor organization).  Or the Chinese, who are quite active and skilled.  Even keeping them from sniffing out your traffic is really, really hard.  If you think that any of these organizations are likely to want to access your computers, then you should unplug from the 'Net right now.  Not kidding.  

So if you're interested in this kind of thing, and are willing to spend a nominal amount of time and money to raise the bar on your home network security, follow along on this series of posts.

Tomorrow's post: What is a Firewall and why do you care? 

 

The 2025 most dangerous software exploits list

 Dad (who was a history professor) liked to say that History repeats itself because nobody listens the first time.  I get an incredible sense of deja vu all over again looking at Mitre's list of top 25 exploits for 2025.

The top 4 are all very, very old.  I myself demonstrated #4 when I taught a computer security class (with corporate IT Security present) back in 1994.  That's three decades ago.

And what's with numbers 11 and 14?  One of the classic papers on software security is Smashing The Stack For Fun And Profit - from 1996.

Numbers 3, 6, and 22 are web server vulnerabilities that are over 20 years old, and I've posted about them before. 

17, 19, and 21 have been known since before I was in this industry.  Call it the 1980s, although it's likely older.

I guess it's nice to see a shout-out to DoS (number 25) although geez, this is depressing.

So that's half the list having been known for literally multiple decades. So what gives?

I blame Agile Software Development.   I guess I'm the cranky old guy yelling at the sky here, because this is how all software is developed these days.  Product Managers (my old field) are to blame here, having spent the last 20 or 30 years pushing Go Ugly Early - get working product shipping as soon as possible and let customers tell you how to improve it.  Essentially, a lot of what you would have the developers spend their time fixing are things that customers just don't care about.

This has led to a pushback of sorts from software professionals, particularly the Software Craftsmanship movement.  Their manifesto is interesting:

As aspiring Software Craftsmen we are raising the bar of professional software development by practicing it and helping others learn the craft. Through this work we have come to value:

• Not only working software, but also well-crafted software
• Not only responding to change, but also steadily adding value
• Not only individuals and interactions, but also a community of professionals
• Not only customer collaboration, but also productive partnerships

So what's missing from this?  How about don't keep making the same dumb security mistakes that people have been making for decades?

And what do Product Managers miss in their rush to go ugly early? How about don't keep making the same dumb security mistakes that people have been making for decades?

And so here we are.  The IT infrastructure of the 21st Century has been constructed out of moonbeams and cotton candy.

I don't see anything changing here, as the incentive structures are all stacked against good security. 

Face Vocal Band - The Parting Glass

Adieu, 2025.  This is a fine, traditional song for departing guests.

Here's wishing you a very happy 2026.

2025 Blog stats

This was the best year ever for traffic here: 4.5M page views.  This brings the all-time total to 19.5M.  There's quite a market for free Internet blather.

And this year's over 1000 comments from you is (I think) also a record.  Many thanks to everyone who keeps coming by and especially for commenters.

Top referrers:

1. Knuckledraggin My Life Away (thanks, Wirecutter!)
2.  The Feral Irishman (thanks, blog brother!) 
3.  Raconteur Report (thanks, Aesop!)
4.  Normal American (I hope you haven't hung up your blogging shoes)
5.  Busted Knuckles (thanks, CederQ!)
6. The Silicon Graybeard (thanks, buddy!) 

If anyone cares, here is a list of the top posts for traffic.  It's interesting that most are pretty old:

1. I Am TJIC (after 14 years this still gets a ton of traffic)
2. I Confess, I'm Not Opposed To Gun Control (this was fun to write)
3. This Blog Belches Carbon (from all the way back in 2010) 
4. A Layman's Guide to the Science of Global Warming (needs updating)
5. Dad Joke CCCLVIIII (I have no idea why this got so much traffic)
6. Dad Joke CCCLXII (Tuna is doing most of my Dad Joke blogging)
7. Should You Be A Global Warming Skeptic? (from 2009 but superseded by the Layman's Guide post, above)
8. Aaaaarrrrrrgh, Matey! Don't be shiverin' me timbers! (A blog meet from 2009)
9. Google Play Store filled with malware (a post from 2025!)
10. This.  1000x this. (another post from 2025!  Go figure ...)

So a lot of old posts still drawing traffic.  It's gratifying to read them and see how well they've held up.

So goodbye to 2025 blogging.  On to 2026! 

Glen Campbell plays bagpipes on "Mull of Kintyre"

Who knew? 

Free Open Source3 software without Linux

For years I've touted (and recommended) Linux, the Free Open Source Software (FOSS) that is the heart of Internet servers, Internet routing nodes, and Android.  I have a lot of experience with Linux, having run it since kernel version 0.99 back in 1994 or so.  Slackware on 25 pounds of 3.5" floppy disks FTW.

One question that comes up regularly is what non-technical people can do.  While Linux has become a lot easier to install and run, there are still the occasional weirdnesses that some up, link the Brave Browser's refusal to print to anything other than PDF.  This means that if you live in a Linux world, you regularly have to come figure out workarounds.

And thus, the questions.  It's pretty easy for someone like me with 30 years of Linux experience* (good Lord, can it really be that long???), but for everyday folks who don't dig kernel versions and package dependencies, it's a daunting prospect.

As it turns out, there is a ton of high quality FOSS software for Windows and Mac users, and as your current computer ages and falls out of support, these can be a great way to extend the life of your computer.

I highly recommend this article from The Register on where to find high quality, non-malware FOSS packages.  It's very long and information-rich, so if you have an aging computer and you really don't want to load Linux on it, it's worth 10 minutes of your time.

Strongly recommended for normal computer users. Techie users will stay with sudo apt-get install foo but that just sort of proves my point.

About the only thing you won't get for your old Windows or Mac computer are security updates once the OS is end of life.  That's a big issue these days, and while it is possible to lock down a (say) old Windows OS to minimize your risk, it probably takes more tech savvy that installing Linux.  But if you are still getting security patches, FOSS can help you adapt to your apps demanding you upgrade the OS.  

* Interestingly, each year for the last 20 years has been "This is the year of Linux", and it really hasn't because the workarounds haven't ever gone away.  I'd argue that the only place where Linux is truly easy to use is Android, because Google invested a ton of money smoothing it out.

JS BACH - Jesu, Joy of Man's Desiring

Merry Christmas, everybody.

 

Luciano Pavarotti and Placido Domingo - O Holy Night

The Christmas Truce, World War II version

I had never heard this story, but it's true.  US and German soldiers lost in the Battle Of The Bulge had Christmas dinner together rather than killing each other, all due to a good German Hausfrau who had had enough of war on Christmas.  You have to jump ahead to around 6:30 for the story - before that, it's mincemeat pie recipe from the WWII US Army Field Cookbook (which also seems pretty interesting). 

And while it's not (quite) Christmas yet, Hans Gruber is fixin' to fall off of Nakatomi Plaza.