Chapter 23 Connecting Your Network to the Internet In This Chapter 䊳 Looking at DSL and cable 䊳 Examining T1 and T3 connections 䊳 Using a router 䊳 Securing your connection with a firewall 䊳 Using the firewall that comes with Windows XP S o you’ve decided to connect your network to the Internet. All you have to do is run to the local computer discount store, buy a modem, and plug it in, right? Wrong. Unfortunately, connecting to the Internet involves more than just installing a modem. For starters, you have to make sure that a modem is the right way to connect — other methods are faster but more expensive. Then you have to select and configure the software you use to access the Internet. And finally, you have to lie awake at night worrying whether hackers are break- ing into your network via its Internet connection. Connecting to the Internet Connecting to the Internet is not free. For starters, you have to purchase the computer equipment necessary to make the connection. Then, you have to obtain a connection from an Internet Service Provider, or ISP. The ISP charges you a monthly fee that depends on the speed and capacity of the connection. The following sections describe the most commonly used methods of con- necting network users to the Internet. Dial-up connections A dial-up connection connects your computer to an Internet provider over a standard telephone connection. A dial-up connection depends on a device called a modem to convert the computer’s digital signals to a form that can be transmitted over a telephone line. When you want to connect to the Internet, the modem accesses the phone line, dials the number for your Internet provider, and connects you. Dial-up connections may be the least expensive way to connect to the Internet, but they’re also the slowest. The standard speed for modems is 56 Kbps, which means that the modem can send about 56,000 bits of information per second over a standard phone connection. Frankly, dial-up connections to the Internet are rapidly becoming a thing of the past. Even home users are replacing their slow dial-up connections by high- speed connections such as cable or DSL. Just as I like to tell my kids about how we used to have “party lines” on our phones, which meant that we could use the phone only if our neighbors weren’t already using it, my kids will someday tell their kids about the good old days when they had “modems” on their phones to connect to the Internet and they could actually hear the modem call the Internet, and how excited they would get when they heard the Internet answer with a screech and a buzz. Ah, those were the days. . . . Connecting with cable or DSL If your network users will use the Internet frequently, you may want to con- sider one of two popular, high-speed methods of connecting to the Internet: cable or DSL. Cable and DSL connections are often called broadband connec- tions, for technical reasons you don’t really want to know. Cable Internet access works over the same cable that brings 40 billion TV channels into your home, whereas DSL is a digital phone service that works over a standard phone line. Both offer three major advantages over normal dial-up connections: ⻬ Cable and DSL are much faster than dial-up connections. A cable con- nection can be anywhere from 10 to 200 times faster than a dial-up con- nection, depending on the service you get. And the speed of a DSL line is comparable to cable. Although DSL is a dedicated connection, cable connections are shared among several subscribers. The actual speed of a cable connection may slow down when several subscribers use the connection simultaneously. 324 Part V: TCPIP and the Internet ⻬ With cable and DSL, you are always connected to the Internet. You don’t have to connect and disconnect each time you want to go online. No more waiting for the modem to dial your service provider and listening to the annoying modem shriek as it attempts to establish a connection. ⻬ Cable and DSL do not tie up a phone line while you are online. With cable, your Internet connection works over TV cables rather than phone cables. And with DSL, the phone company installs a separate phone line for the DSL service, so your regular phone line is not affected. Unfortunately, there’s no such thing as a free lunch, and the high-speed, always-on connections offered by cable and DSL do not come without a price. For starters, you can expect to pay a higher monthly access fee for cable or DSL. In most areas of the United States, cable runs about 50 per month for residential users; business users can expect to pay more, especially if more than one user will be connected to the Internet via the cable. The cost for DSL service depends on the access speed you choose. In some areas, residential users can get a relatively slow DSL connection for as little as 30 per month. For higher access speeds or for business users, DSL can cost substantially more. Cable and DSL access are not available everywhere. If you live in an area where cable or DSL is not available, you can still get high-speed Internet access via a satellite hookup. With satellite access, you still need a modem and a phone line to send data from your computer to the Internet. The satel- lite is used only to receive data from the Internet. Still, a satellite setup like this is much faster than a modem-only connection. Connecting with high-speed private lines: T1 and T3 If your network is large and high-speed Internet access is a high priority, con- tact your local phone company or companies about installing a dedicated high-speed digital line. These lines can cost you plenty on the order of hun- dreds of dollars per month, so they’re best suited for large networks in which 20 or more users are accessing the Internet simultaneously. A T1 line has a connection speed of up to 1.544 Mbps. A T3 line is faster yet: It transmits data at an amazing 44.184 Mbps. Of course, T3 lines are also con- siderably more expensive than T1 lines. If you don’t have enough users to justify the expense of an entire T1 or T3 line, you can lease just a portion of the line. With a fractional T1 line, you can 325

Chapter 23: Connecting Your Network to the Internet

get connections with speeds of 128 Kbps to 768 Kbps, and with a fractional T3 line, you can choose speeds ranging from 4.6 Mbps to 32 Mbps. Setting up a T1 or T3 connection to the Internet is stuff best left to profession- als. Getting this type of connection to work is far more complicated than set- ting up a basic LAN. You may be wondering whether T1 or T3 lines are really any faster than cable or DSL connections. After all, T1 runs at 1.544 Mbps and T3 runs at 44.184 Mbps, and cable and DSL claim to run at comparable speeds. But there are many differences that justify the substantial extra cost of a T1 or T3 line. In particular, a T1 or T3 line is a dedicated line — not shared by any other users. T1 and T3 are higher-quality connections, so you actually get the 1.544 or 44.184 connection speeds. In contrast, both cable and DSL connections usu- ally run at substantially less than their advertised maximum speeds because of poor-quality connections. Sharing an Internet connection After you have chosen a method to connect to the Internet, you can turn your attention to setting up the connection so more than one user on your network can share it. The best way to do that is by using a separate device called a router. An inexpensive router for a small network can be had for under 100. Routers suitable for larger networks will, naturally, cost a bit more. Because all communications between your network and the Internet must go through the router, the router is a natural place to provide the security mea- sures necessary to keep your network safe from the many perils of the Internet. As a result, a router used for Internet connections often doubles as a firewall, as described in the section “Using a firewall” later in this chapter. Securing Your Connection with a Firewall If your network is connected to the Internet, a whole host of security issues bubble to the surface. You probably connected your network to the Internet so your network’s users could get out to the Internet. Unfortunately, however, your Internet connection is a two-way street. Not only does it enable your network’s users to step outside the bounds of your network to access the Internet, it also enables others to step in and access your network. And step in they will. The world is filled with hackers who are looking for net- works like yours to break into. They may do it just for the fun of it, or they 326 Part V: TCPIP and the Internet may do it to steal your customers’ credit-card numbers or to coerce your mail server into sending thousands of spam messages on behalf of the bad guys. Whatever their motive, rest assured that your network will be broken into if you leave it unprotected. Using a firewall A firewall is a security-conscious router that sits between the Internet and your network with a single-minded task: preventing them from getting to us. The firewall acts as a security guard between the Internet and your LAN. All network traffic into and out of the LAN must pass through the firewall, which prevents unauthorized access to the network. Some type of firewall is a must-have if your network has a connection to the Internet, whether that connection is broadband cable modem or DSL, T1, or some other high-speed connection. Without it, sooner or later a hacker will discover your unprotected network, tell his friends about it, and within a few hours your network will be toast. You can set up a firewall using two basic ways. The easiest way is to purchase a firewall appliance, which is basically a self-contained router with built-in fire- wall features. Most firewall appliances include a Web-based interface that enables you to connect to the firewall from any computer on your network using a browser. You can then customize the firewall settings to suit your needs. Alternatively, you can set up a server computer to function as a firewall com- puter. The server can run just about any network operating system, but most dedicated firewall systems run Linux. Whether you use a firewall appliance or a firewall computer, the firewall must be located between your network and the Internet, as shown in Figure 23-1. Here, one end of the firewall is connected to a network hub, which is, in turn, connected to the other computers on the network. The other end of the fire- wall is connected to the Internet. As a result, all traffic from the LAN to the Internet and vice versa must travel through the firewall. The term perimeter is sometimes used to describe the location of a firewall on your network. In short, a firewall is like a perimeter fence that completely sur- rounds your property and forces all visitors to enter through the front gate. In large networks, it is sometimes hard to figure out exactly where the perimeter is located. If your network has two or more WAN connections, make sure that every one of those connections connects to a firewall and not 327

Chapter 23: Connecting Your Network to the Internet

directly to the network. You can do this by providing a separate firewall for each WAN connection or by using a firewall with more than one WAN port. Some firewall routers can also enforce virus protection for your network. For more information about virus protection, see Chapter 16. The built-in firewall in Windows XP If you are using a Windows XP as a router to share an Internet connection for a small network, you can use the built-in firewall feature to provide basic packet-filtering firewall protection. Here are the steps that activate this fea- ture in Windows XP:

1. Choose Start➪Control Panel.

The Control Panel appears.

2. Click the Network Connections link.

If Control Panel appears in Classic view rather than Category view, you won’t see a Network Connections link. Instead, just double-click the Network Connections icon.

3. Double-click the Local Area Connection icon.

A dialog box showing the connection’s status appears. Hub Firewall Router The Internet Figure 23-1: A firewall router creates a secure link between a network and the Internet. 328 Part V: TCPIP and the Internet

4. Click the Properties button.

The Connection Properties dialog box appears.

5. Click the Advanced Tab; then check the Protect My Computer option.

This option enables the firewall.

6. Click OK.

That’s all there is to it. Do not enable the Windows Internet firewall if you are using a separate fire- wall router to protect your network. Because the other computers on the net- work are connected directly to the router and not to your computer, the firewall won’t protect the rest of the network. Additionally, as an unwanted side effect, the rest of the network will lose the capability of accessing your computer. 329

Chapter 23: Connecting Your Network to the Internet