1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

networking concerns with firewall, alternatives needed

Discussion in 'Windows - Software discussion' started by magus7091, Jan 8, 2007.

  1. magus7091

    magus7091 Regular member

    Joined:
    Sep 20, 2006
    Messages:
    378
    Likes Received:
    0
    Trophy Points:
    26
    I have 3 computers I'm connecting via a mixed wired/wireless network. All of the computers in question are using Zone Alarm firewall. My problem is this, the only way I could get them to network while still using zone alarm (and allowing file and device sharing over the network) was to set the zone alarm firewall to Off. [​IMG]
    This still allows the firewall to block programs from accessing the internet but I'm otherwise unprotected, so I don't really like the solution. What I'm wondering is do any of the other FREE firewalls (MUST BE FREE) work, maybe be a little better about not bugging you to upgrade to the pro version (if there is one) and allow networking with file sharing? The only other way I've found to do this on zone alarm would be to trust the entire network adapter, which is also something I'm not going to do. Thanks for any suggestions.
     
  2. kateman

    kateman Regular member

    Joined:
    Jul 22, 2006
    Messages:
    574
    Likes Received:
    0
    Trophy Points:
    26
  3. magus7091

    magus7091 Regular member

    Joined:
    Sep 20, 2006
    Messages:
    378
    Likes Received:
    0
    Trophy Points:
    26
    I read through that but I didn't just want to start randomly throwing different firewalls at the system, the reason I posted this is to find if anyone has tried these others with networking, to see if I can get a suggestion. Wouldn't really fit in virus section, because I'm not having any virus/spyware/malware problems I'm just trying to find alternatives.
     
  4. Dunker

    Dunker Regular member

    Joined:
    May 8, 2006
    Messages:
    1,444
    Likes Received:
    0
    Trophy Points:
    46
    FYI, have you tried adding your network to your "trusted zone" i.e. 192.168.0.0/24 works with most non-Linksys routers. For linksys, you'd normally use 192.168.1.0/24 (the /24 is for a netmask of 255.255.255.0).

    You would STILL be unprotected against attacks occurring within your own network though, which is a serious problem because you're using wireless.

    Ideally, you'd want to set each computer to a static IP address and, rather than use the blocks I mentioned, enter individual IPs into the trusted zone instead. Then you'll be adequately protected.

    Comodo and Jetico make some fine firewalls, but they are they take a while to "learn" your system. Comodo has a bizarre activation feature (which they claim they are getting rid of) that requires Internet Explorer. Security professionals should know better than to require people to use possibly the most insecure piece of software in history. But they are great firewalls nonetheless, this aside.
     
  5. magus7091

    magus7091 Regular member

    Joined:
    Sep 20, 2006
    Messages:
    378
    Likes Received:
    0
    Trophy Points:
    26
    I've not found a way to trust individual IP addresses and not just the entire "zone" which since I'm behind a router, wouldn't trusting that adapter/zone be the same as trusting the entire internet? I am using a linksys router, and all the computers but one are wireless, but the network is using a WEP PSK Setup. Is comodo more friendly to networks than zone alarm, because I was thinking of using that one.
     
  6. Dunker

    Dunker Regular member

    Joined:
    May 8, 2006
    Messages:
    1,444
    Likes Received:
    0
    Trophy Points:
    46
    Yes, it's not too difficult for that. Plus, it's got better inter-process management to guard against DLL injection.

    FYI, I forget exactly what format (either CIDR or network/mask) ZA uses but to set a single IP as trustworthy, you can use either a /32 or a netmask of 255.255.255.255. e.g. if you wanted to at 192.168.0.14 as a trusted IP, you can call it 192.168.0.14/32 (CIDR format) or 192.168.0.14 netmask 255.255.255.255 (network/mask format). This will also work for Comodo if you go with it.

    Unfortunately, none of this prevents an attacker from spoofing a "trusted" IP, particularly if the IP being impersonated is offline. Unfortunately, the whole problem with wireless is the inability to adequately secure it.

    As far as trusting an adapter, again, I am not sure as I do not use ZA, but most firewalls require you to trust at least one adapter. It is not usually the same thing as trusting IPs; the purpose of trusting an adapter is if you have multiple adapters installed and want to block or allow one or more. The blocked interfaces essentially won't be able to send or receive anything to the IP layer if they are not trusted, so no.
     
    Last edited: Jan 11, 2007
  7. magus7091

    magus7091 Regular member

    Joined:
    Sep 20, 2006
    Messages:
    378
    Likes Received:
    0
    Trophy Points:
    26
    Getting just a bit over my head there with the types of networking. To be perfectly honest I'm not sure even how I would go about doing that but I've been getting more and more irritated with zone alarm anyway, so If someone can help me with Comodo that would be great, I'd rather be open to one type of attack than open to any type of attack. Secondly, would I have to trust the IPs like you're referring to in Comodo to get it to work, or would it be a little more understanding that we live in time when more and more computers are being networked together? Once again thanks for any help I can get.
     
  8. Dunker

    Dunker Regular member

    Joined:
    May 8, 2006
    Messages:
    1,444
    Likes Received:
    0
    Trophy Points:
    46
    Comodo requires it's own form of a "trusted zone" as well. All firewalls do IF you want the different machines on your LAN to be able to access each other; if they are simply sharing an internet connection, then you don't need to futz around with "trusted zones" at all.

    You can get Comodo at http://www.personalfirewall.comodo.com/
    Just install and let it "learn" its way around your system. It may mention that various applications and processes are trying to connect to the net through Internet Explorer. You might want to deny those (it's a good idea not to use IE anyway - it's by far the biggest security risk on any PC - and not even allow IE to connect to the net!) Otherwise, you generally would want them to connect. If you are really high-strung, you could certainly Google every process that comes up, but kudos to you if you have the patience to do that.
     
  9. magus7091

    magus7091 Regular member

    Joined:
    Sep 20, 2006
    Messages:
    378
    Likes Received:
    0
    Trophy Points:
    26
    I do on any of the ones I don't know but I've been messing around with it for so long that I don't really need to with most of them, and the ones I don't, I google. I use firefox for ALL my computers, don't touch the little blue E. I'll give comodo a shot on my laptop, and see what happens, if I have any more questions I'll post them on here.
     

Share This Page