As this writer sits here in his Mouser blog writing room (the health pundits tell him that he should be standing), four stories underground in the undisclosed-place troll-proof bunker, basking by the cold fusion-powered packet filter (what the readers may call "firewall"), he looks about at the old-school CRTs casting a warm glow across the room. The screens endlessly scroll up green text of probes fired from the usual domestic and overseas malcontents. Over there, a bank of new-fangled LCD flat screens display the pinging crawlers, the endless data of the internet swirling past and pounding up against the firewall. Outside, it is a sea of digital hostility and shenanigans, relentless and pretty much invisible to most users of the internets and the webtubulars. Which brings us to another take on the word "cybersecurity." As you may have gathered from the previous blog [1], "cybersecurity" is an overloaded word. It is best to make it a state-of-mind. In other words, everything the reader might do with any digital device on any network is done with a cybersecurity state-of-mind. No matter if the readers are making something cool, no doubt with parts from the vast Mouser catalog [2], or just surfing the web and sharing kitten videos with the grandparents down the street, or running a monster graphics rendering farm, the cybersecurity state-of-mind is a useful ever-growing and learning awareness. The vast Mouser catalog is a safe place on the internet. This writer is a big fan of the Mouser catalog, especially all the free stuff they send us erstwhile bloggers toiling in the Mouser blog salt mines. There's not a day that doesn't go by with a truck arriving full of Mouser goodness. For example, the Mouser Technical Content Team just sent this writer an encrypted email affirming the (free) very cool seven-thousand Seeed Studio BeagleBone Green single board computers [1] [2] are on the way. Okay, that shipment is just a hopeful wish and hint. (Such a pile of single board computers will come in handy for the neural net this writer is constructing to automatically write fresh, creative Mouser blogs. But enough about secret schemes and plans.) Let's talk about firewalls. Let's say the reader is working on something very cool in her garage and worried about industrial spies stealing her ideas right off the hard drive. Let's say the reader is ordering pizza with a smartphone app. Perhaps the new TV sitting over there next to the bookcase is one of those smart TVs that can be controlled by voice, which means it is listening all of the time even when "off." (Think about that for a moment with the aforementioned state-of-mind.) All of this stuff should be behind a good, sturdy firewall. A firewall with easily monitored logs. Most hand-held devices don't have firewalls. Desktop computers (a show of hands of those who use such devices -- okay, never mind) usually include a stock over-the-counter firewall but it's usually, often, most likely of the black box software nature, for all intents and purposes. The main firewall is usually part of a gateway which also includes a router. Often, all of this functionality is bundled up in a black box, typically supplied by the ISP (Internet Service Provider). Drop-and-go, it all just works. But does it? That brings us to today's security hint: Friends don't let friends use appliance firewalls and routers. The reader might be stuck with the stock firewall that comes with their mainstream OS desktop computer but that computer, and indeed the entire related network, should be behind the main firewall, the last wall between the barbarians and swirly, twirly vapors of evil ethers misting across the internet. Assignment for today: Think about firewalls and rolling your own. Happy Sidenote: You can do this with even a seven or so year-old desktop now cluttering the closet, queued for the electronics recycler. Or an older, used (read: now amazingly affordable) rackmount server, available from any number of sources. As usual, further exploration is left as an exercise for the reader. To get the reader started down a good path, search for "OpenBSD" in your favorite search engine, ideally Duck Duck Go. Of course, if we are thinking of firewalls, we should also think about DNS -- the Domain Name System. These sorts of things go hand-in-hand. Firewalls protect you from incoming fire (simplistically put). DNS is pretty much the most vulnerable part of the entire internet and web thing and the user is at the mercy of the chosen name servers -- usually name servers not chosen by the user. For example, many ISPs actually intercept name queries, routing them to their own name servers even if the user has laboriously changed the name resolver IP addresses to some cool other public name resolvers. Something else to ponder. There is a way to shore up DNS for the gateway, but such is for a later blog. In the meanwhile, per tradition around here in the blog dungeons, there is additional homework for the reader: Search for "DNS spoofing" and DNSCrypt. That's a good start. So, have to go --- this writer just heard the delivery truck pull up, full of Mouser goods. [1] https://www.mouser.com/blog/time-to-talk-about-that-word-cybersecurity [2] https://www.mouser.com/Electronic-Components/