[Wolves] simple network question please
James Turner
james at turnersoft.co.uk
Sun Jun 26 01:11:34 BST 2005
On Saturday 25 Jun 2005 15:49, Baza wrote:
> On 25 Jun 2005, at 12:18, Bobby Singh wrote:
> > Hello,
> >
> > Can anyone answer just this simple question.
> >
> > SETUP:
> > I have a modem/router on my computer (host). And in
> > another room a wireless enabled computer. Everything
> > works, both computers or just 1 computer can access
> > the internet.
> >
> > QUESTION:
> > I have a firewall/anti-virues on my computer and all
> > OS. Now does the other computer need its own firewall
> > or does my computer being the host with its firewall
> > protects it (when its on of course).
> > The router has option for a firewall. If i enabled it
> > i assume it will protect the other computer. However
> > will there be conflict with the firewall i have on my
> > computer (guarddog and zonealarm).
A firewall generally consists of a set of criteria (or "policy") by which
network traffic is either accepted or denied (or routed, in the case of a
firewall router). If there are two layers of firewalling one within the other
(i.e. Zone Alarm/Guard Dog and the broadband router) then they will both need
to accept any given type of traffic in order for it to get through.
In practice, many "firewalls" on broadband routers are basically just that
they provide NAT (network address translation) routing, and as a "happy"
byproduct of which do not allow inbound connections unless explicitly
configured by means of port forwarding. Outgoing connections are often
completely unrestricted by default, though this varies depending on the
router vendor.
> I have a Windows box on my network, yes I know. It runs zone alarm as
> it's firewall. My router is a belkin 54G with firewall. The router
> firewall has no effect on zone alarm, other than look at the za log
> before turning on the router firewall, then look when it's on. The ZA
> log will be empty of incoming problems.
Empty log of attacks via inbound connections will almost certainly be due to
the use of NAT on the router - see above.
> Even though your XP box won't be at as much risk once the router
> firewall is on, in fact,very little risk at all, I'd still keep za
> running, after all, it's windows 'init. :)
The level of protection depends on the router firewall. I wouldn't say that
Windows boxes are necessarily at "very little risk at all" even behind NAT -
my observation of Windows users on the Internet confirms this.
Use of NAT and thus preventing any inbound connections to the machine (as a
"happy" side effect, sold as a "firewall") will protect against many types of
network-level attack, but beware that many other types of attack are against
higher layers of the protocol/application stack - such as those received via
e-mail or attacking browser or plugin vulnerabilities via web sites that you
visit. A solely packet filtering firewall will not be effective against these
(although blocking certain outgoing traffic could be useful for damage
limitation/detection).
I haven't used it myself, but I presume that Zone Alarm (etc) provides some
sort of application level protection/filtering - as such I'd recommend
keeping it as an additional layer of protection. Don't bother using Internet
Explorer as web browser - go streight for the latest version of Firefox for
everything. Alternatively, I guess you could run browse the web on the
Windows machine via a browser running on Linux via remote X.
Hope this message isn't too incoherent - just got back from Lugradio Live.
Regards,
James
More information about the Wolves
mailing list