SRS -

We use the crudest possible setup. Our only concession to the outside world is a separate phone line for our web connection. One machine, that for historical reasons uses Win2K, connects to the web via a standard dial-up modem.

If we did not also have a simple LAN, Win2K - with recent updates - could be set to hide all ports, so that it would not respond to external queries, and would be "invisible" to hackers doing random searches on the web. In order to have the rest of the machinery connected, we do have a simple "workgroup" LAN setup. Other machines connect to the web via the workgroup using Windows "Internet Connection Sharing" (ICS), which is built in since Win98SE. The port that Win2K has to leave "open" in order to respond to internal LAN signals can be "pinged" via the dial-up modem, hence is "visible" to the outside world.

IF I would use a WinXP machine to make the dial-up connection, WinXP - with current updates - can hide the dial-up port from the web while still responding to internal LAN communications. Win2K, and I believe other earlier Win OS, can't do that.

The visible port is occasionally "found," as evidenced by repeated notices from our software firewall (on the Win2K machine, of course) that someone has attempted to send us a "gift" - almost always a W32. worm of some sort. The firewall stops them all. If the notices get annoying, we can just hang up and redial, and the ISP gives us a new DNS address, so they have to find it again - and they seldom do find it very quickly.

With any high-speed connection, you will likely have an "interface" of some sort that should hide the "visible port(s)" on any machines that go through the internet connection device. Any hardware firewall or router should also hide your "internal" machines completely.

There are a few DSL setups that I've seen that don't appear to provide a good interface, with built-in protections. It is possible that the Win2K "open port" might still be visible with some of these, although I don't have any confirmation of cases where it's happened. It's still worth taking a look at the specifics of any new setup you might be considering, and to let one of the security sites test your existing connection periodically. Regardless of how good your system setup is, there is always the possibility that some "crudmaster" may get spyware on your system that will open ports without your knowledge, so occasional rescans from outside your own system are a good idea.

My own primary reason for not going to a DSL connection is that the only provider in my area REFUSES to provide any specifics, or even to show me their contract, unless I agree to installation. When I asked for a copy of their contract, I was told "we'll give it to you when we do the installation."

John