High-speed connections present an easy target for hackers because they are “always on,” thus giving mischief-makers more time to find you and attack your PC. Even though hard numbers don’t exist, the hacker threat is real. Security experts estimate that there are a couple thousand elite hackers around the world, of the sort skilled enough to have created the Code Red II worm that infected 200,000 Web servers last week. Then there are the so-called script kiddies, who merely use hacking tools written by real programmers and are considered the true scourge of home-PC security. These junior hackers number in the tens of thousands and are believed to be predominantly teenage boys.

For them, says Alan Paller of the SANS Institute, hacking “is the videogame of this decade.” Script kiddies are the ones most likely to scan your home PC using automated bots. These bot programs churn away all day and night, prodding at millions of random IP addresses looking for holes to crawl through. “They don’t want your data,” Paller says. “They want to take over your machine and use it to attack other people, because it’s a perfect place to hide.” Big data pipes are prized by hackers because they are better weapons in an attack. “Broadband is like a Gatling gun, whereas a dial-up modem connection is a rifle,” says Paller. “Thousand of bullets versus just a few at a time.”

Meanwhile, the number of broadband users is rising sharply. And although the likelihood of being hacked is probably small, experts say consumers really should take protective measures. According to Cahners In-Stat Group, only 50 percent of broadband users have some form of intrusion protection, whether it be a software firewall program or a hardware box that sits between your modem and your computer.

The privacy risks of Web surfing are well known, but security risks of being online are potentially more dangerous. Your computer becomes vulnerable to outside attack the second it gets hooked up to the Internet, turning a PC’s greatest virtue–connectivity–into its most pernicious liability. PCs communicate with the Internet through data channels called ports, and normally these ports are used for such harmless pursuits as receiving streaming music from Real Networks or downloading photos from a family Web site. But ports can be abused. In a worst-case scenario, hackers may use them to plant malicious programs on your hard drive. Or steal personal information. Or use your machine to launch a denial-of-service attack against eBay–you know, just for kicks.

Steve Gibson, a respected info-security guru, runs a free diagnostic tool called ShieldsUp! that will scan your computer for the most common vulnerabilities. (It’s on the Web at grc.com.) In the two years that he has operated ShieldsUp, some 9.2 million Internet users have tried it; even IBM, he says, uses the tool regularly as a first-run security test for its in-house workstations. Gibson says, “The ShieldsUp test is meant to be a wake-up call to say, ‘Whoops! I know your name. How do you like that?’ "

The personal firewall can ward off these kinds of intrusions. If you lock your front door, the thinking goes, a scanning program will pass over you and look for an easier entry elsewhere. Hardware firewalls are one way to go. They’re small devices that intercept your Internet feed before it reaches your PC; they inspect traffic and let only safe data flow through. Popular models are made by companies like D-Link, Linksys and 3Com and are often labeled Internet “gateways” or “routers” because they double as hubs for networking two or more PCs together. Software firewalls, which are cheaper, include Norton Internet Security ($70), McAfee Internet Guard Dog Pro ($49) and ZoneAlarm Pro ($40). There’s even a popular, free program: Tiny Personal Firewall, dowloadable at tinysoftware.com.

I tried a product called BlackICE Defender, found at my local CompUSA for $40. The installation was simple, and the software worked without my having to reboot. Within 10 minutes an unknown Internet user tried to probe my HTTP port. Yuck! During the next half hour or so, BlackICE Defender registered five more “attacks” on my humble home PC. The kicker? I don’t even have a broadband connection–just plain old 56K dial-up. This immediately sets off all sorts of alarm bells in my head. Am I being hacked? Have I already been hacked? Is some rascally teenage script kiddie capturing my keystrokes from a bedroom in Venezuela?

John Wentzel, director of data network operations for cable giant Cox Communications, told me that most of those hits were probably harmless pings generated by the ISP itself or maybe a 12-year-old looking for an online gaming buddy. He says that Cox, which serves 620,000 high-speed-data customers nationwide, gets “a lot” of distress calls from people who read the logs generated by their firewall software and automatically assume that perps are at work. “We have a secure net-work,” he says.

Steve Gibson would counter that a network is only as secure as the people on it. His concern is that firewall products lull people into a false sense of security and lead to sloppy security habits. He also worries that Microsoft’s integration of a firewall component in its upcoming Windows XP operating system will only compound the problem. “[User] behavior still has to be modified,” says Gibson, who offers safety tips (box). “Ultimately, that’s the only solution.” In other words, you are your home’s best firewall.

Be the Firewall1. Watch your lights:

  1. Download with caution: Be sure all downloads (MP3s, photos, e-mail attachments and especially software) come from sources you know and trust. Even so, they could harbor viruses or Trojan-horse programs.

  2. Give one to the kids: Make it a strict rule that kids use one computer and parents use a different PC, the machine with the family’s data jewels, such as banking and credit-card information. Assume you have no control over where kids surf and what germs they’ll pick up on the way.

  3. Save your records: In case you do get hacked, your firewall’s log may be your best friend if any theft or damage occurs. Report serious hacks to your ISP or local police department.

  4. Go dark: Just because you can be always on doesn’t mean you should be. Shut down your Internet connection when you’re not using it.