[Wolves] simple network question please

Sun Jun 26 01:11:34 BST 2005

On Saturday 25 Jun 2005 15:49, Baza wrote:
> On 25 Jun 2005, at 12:18, Bobby Singh wrote:
> > Hello,
> >
> > Can anyone answer just this simple question.
> >
> > SETUP:
> > I have a modem/router on my computer (host). And in
> > another room a wireless enabled computer.  Everything
> > works, both computers or just 1 computer can access
> > the internet.
> >
> > QUESTION:
> > I have a firewall/anti-virues on my computer and all
> > OS.  Now does the other computer need its own firewall
> > or does my computer being the host with its firewall
> > protects it (when its on of course).
> > The router has option for a firewall.  If i enabled it
> > i assume it will protect the other computer.  However
> > will there be conflict with the firewall i have on my
> > computer (guarddog and zonealarm).

A firewall generally consists of a set of criteria (or "policy") by which 
network traffic is either accepted or denied (or routed, in the case of a 
firewall router). If there are two layers of firewalling one within the other 
(i.e. Zone Alarm/Guard Dog and the broadband router) then they will both need 
to accept any given type of traffic in order for it to get through.

In practice, many "firewalls" on broadband routers are basically just that 
they provide NAT (network address translation) routing, and as a "happy" 
byproduct of which do not allow inbound connections unless explicitly 
configured by means of port forwarding. Outgoing connections are often 
completely unrestricted by default, though this varies depending on the 
router vendor.

> I have a Windows box on my network, yes I know. It runs zone alarm as
> it's firewall. My router is a belkin 54G with firewall. The router
> firewall has no effect on zone alarm, other than look at the za log
> before turning on the router firewall, then look when it's on. The ZA
> log will be empty of incoming problems.

Empty log of attacks via inbound connections will almost certainly be due to 
the use of NAT on the router - see above.

> Even though your XP box won't be at as much risk once the router
> firewall is on, in fact,very little risk at all, I'd still keep za
> running, after all, it's windows 'init. :)

The level of protection depends on the router firewall. I wouldn't say that 
Windows boxes are necessarily at "very little risk at all" even behind NAT - 
my observation of Windows users on the Internet confirms this.

Use of NAT and thus preventing any inbound connections to the machine (as a 
"happy" side effect, sold as a "firewall") will protect against many types of 
network-level attack, but beware that many other types of attack are against 
higher layers of the protocol/application stack - such as those received via 
e-mail or attacking browser or plugin vulnerabilities via web sites that you 
visit. A solely packet filtering firewall will not be effective against these 
(although blocking certain outgoing traffic could be useful for damage 
limitation/detection).

I haven't used it myself, but I presume that Zone Alarm (etc) provides some 
sort of application level protection/filtering - as such I'd recommend 
keeping it as an additional layer of protection. Don't bother using Internet 
Explorer as web browser - go streight for the latest version of Firefox for 
everything. Alternatively, I guess you could run browse the web on the 
Windows machine via a browser running on Linux via remote X.

Hope this message isn't too incoherent - just got back from Lugradio Live.

Regards,

James