Why you shouldn’t use the ‘firewall’ that your ISP gives you? More than 4.5 million DSL modems attacked and breached, resulting in viruses and stolen information.

Just this week (or was it last week?) I was asked again by a client why he needed to purchase a firewall when his ISP was going to give him one for free.  This can sometimes be a difficult thing to explain to someone trying to get the most bang for their IT buck and their ISP is telling them that they’re getting a ‘firewall’ for free (while their IT guy is trying to sell them one) but the fact is, you need one.  There are several reasons (most are noted on the US CERT website) but the one that we’re going to focus on here is the easy one, they aren’t secure.  The device that you get from your ISP is a device that they can / will ‘manage’ for you.  They ‘manage’ it by logging into it remotely when you have problems to do things like get statistics, reset it, etc.  Now, as long as that remote access is secure and the credentials / authentication methods aren’t leaked by the thousands of random people hired to ‘maintain’ the equipment at call centers across the United States, India, Pakistan, etc., you’re good to go.  However, if something goes wrong, it can get ugly.  A perfect example is this story from Ars Technica about more than 4.5 million DSL modems being compromised, leading unsuspecting DSL users to fake copies of sites like Google and Facebook where malicious content was installed.  The attackers changed the DNS information (Think of DNS as the yellow pages of the phone book.  When you ask for Google.com, your computer looks to DNS to ‘translate’ that into an IP address) on the DSL modems to redirect users to malicious sites.  The short story?  Get a firewall and lock it down.  For a home network, a sub $100 Netgear or Linksys router from Staples, Radio Shack, Wal Mart, etc. is just fine.  Configure it with *known good* DNS servers and disable remote management.  Beyond that, stay on top of firmware updates and you should be good to go with it.