1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

About to get Broadband : Adequate Firewall protection

Discussion in 'PC hardware help' started by brian100, Aug 5, 2004.

  1. drchips

    drchips Active member

    Joined:
    Nov 29, 2003
    Messages:
    870
    Likes Received:
    0
    Trophy Points:
    66
    [bold]chthomson[/bold],

    A quick extract from my database gives:
    http://www.securitytracker.com/archives/vendor/988.html

    That being said, ZoneAlarm PRO (note the PRO - paid for version), is one of the better ones, and with your setup (assuming you have the Linksys configured correctly) you are operating at a considerably lower threat level.

    [bold]To everyone[/bold]:
    The use of a router AND a personal firewall greatly improves your security - the problems really come about when you are reliant upon one layer/device.

    In general there is no security (as an absolute), every device has the potential for exploits (actualised or not).

    Setting up a multi-layered approach to security means that the chances of a single exploit gaining access to your systems are considerably reduced (getting past one level, easy - getting past 2, hard - past 3, the bad guy will give up & go find an easier target).

    That is the main principle of security nowadays, make it so hard for the bad guy to get through, as a consequence he goes away to find an easier target.

    A truly DETERMINED bad guy WILL eventually get through (he is not after an easy target, he has chosen a PARTICULAR target - a grudge maybe).

    That is one of the main reasons why I dislike monolithic security products (Norton Internet Security, for example) - if ONE module of the suite "trusts" something, ALL modules "trust" it, therefore wide open.

    With a seperate, multi-layer approach, with each module/layer being paranoid (not trusting), it is safer.

    That being said, the easiest exploits are those based on "Social Engineering", "User Stupidity/Lack or Care or Attention" or "Browser Exploits" (IE ActiveX/JScript etc).

    So we are all still at risk...

    If you sit behind your multi-layered, fortress-like sucurity and think "I am safe", you are open to attack.

    Be PARANOID, people.

    Have Fun...
     
  2. chthomson

    chthomson Regular member

    Joined:
    Nov 26, 2003
    Messages:
    203
    Likes Received:
    0
    Trophy Points:
    26
    Hi drchips
    Please excuse my limited understanding of firewall setups. How does one correctly configure a Linksys router.
    I have 3 home computers connected to a 8 port ethernet switch. The router is plugged into port 1 of the switch. In configuring the router I selected

    1 Connect on demand to limit exposure time on the Internet
    2 Enabled block wan request
    3 Disabled Remote Management
    4 Disacbled remote upgrade

    I have tried to be paraniod in choosing settings

    The same applies to Zone Alarm Pro.

    Sometimes I am unsure of the correct choices and put myself at risk. So any assistance in making better choices would be greatly appreciated.
    Once again thanks for the assistance



     
  3. Praetor

    Praetor Moderator Staff Member

    Joined:
    Jun 4, 2003
    Messages:
    6,830
    Likes Received:
    1
    Trophy Points:
    118
    What exactly are you looking to configure it for? :) What you've go there is pretty decent.

    As for software firewalls, dunno (it's been awhile since i used ZA maybe circa v4) but does it show ports in use? Inbound requests etc? If not, i'd reccomend you get a beefier firewall :)

     
  4. drchips

    drchips Active member

    Joined:
    Nov 29, 2003
    Messages:
    870
    Likes Received:
    0
    Trophy Points:
    66
  5. DMW

    DMW Regular member

    Joined:
    Jun 23, 2003
    Messages:
    596
    Likes Received:
    0
    Trophy Points:
    26
    hi Dr.Chips,
    earlier in this thread you said...
    I have seen your posts plenty of times and you have helped me out on a couple of occasions. therefore I respect your opinion.

    I use the above mentioned firewall as part of my setup. You have me worried...are there major problems?
    I have my network behind smoothwall also, but believe in having more than one form of protection..ie software also. But now I feel I have made the wrong choice.

    i looked on the site you linked to about ZA and found 3 exploits which didnt seem to apply to my system. Are there severe flaws I should consider.

    Yours worringly
    DMW.

    cheers
     
    Last edited: Aug 18, 2004
  6. drchips

    drchips Active member

    Joined:
    Nov 29, 2003
    Messages:
    870
    Likes Received:
    0
    Trophy Points:
    66
    Hiya DMW,
    Good on ya, a nice bit of primary protection - that alone has lowered your threat level considerably.
    The major problems have been taken care of by the Smoothwall - just review your firewall rules every now and then to make sure you have not "accidentally" allowed something you shouldn't.
    Fear not..

    With a multi-layered setup it is difficult to make a "bad" choice.

    If each layer is a different technology (manufacturer/supplier) it becomes considerably more difficult for the "bad guys" to break in, an exploit for one layer is ineffective on other layers.

    The possible exploits for AGNITUM are covered by the Smoothwall.

    The problems come about when you are using such a product as your one-and-only protection...

    Carry on the way you are in the knowledge that you are considerably more secure than the vast majority of the world.

    It is not perfect, but it IS way better than "good enough".

    Have Fun..
     

Share This Page