Page 1 of 2 12 LastLast
Results 1 to 15 of 16
  1. #1
    Uranium Lounger CWBillow's Avatar
    Join Date
    Jul 2002
    Location
    Las Vegas, NV USA
    Posts
    6,370
    Thanks
    78
    Thanked 12 Times in 11 Posts

    ZA & XP Firewall (XP Pro SP-2)

    I'm running on a pc connected via wireless to another (home) computer that is (cable) connected to the internet. It uses an MN-700 router, which, as I understand it, has a firewall built in. (?)

    I just installed Zone Alarm on my PC. When I installed ZoneAlarm, it disabled the Windows firewall as default. This would seem OK, as it probably is to avoid conflicts by running two (firewalls) at once.

    ZA found my wireless connection upon startup. I was then "asked" if I wanted this as part of the trusted zone, or the internet. I was not, and am not sure how to answer that.

    Is my internal (home) network "safe", or is it in fact just an extension of the internet, and all the dangers therein contained?

    Regards,
    Chuck Billow
    -------------------------------------------------
    "Good judgment comes from experience, and experience - well, that comes from poor judgment."

    ~ A(lan) A(lexander) Milne (1882-1956)- "House at Pooh Corner"

  2. #2
    Super Moderator
    Join Date
    Dec 2000
    Location
    Renton, Washington, USA
    Posts
    12,560
    Thanks
    0
    Thanked 4 Times in 4 Posts

    Re: ZA & XP Firewall (XP Pro SP-2)

    If you do NOT trust the wireless Network, how do you expect use it?

    Now running HP Pavilion a6528p, with Win7 64 Bit OS.

  3. #3
    Uranium Lounger CWBillow's Avatar
    Join Date
    Jul 2002
    Location
    Las Vegas, NV USA
    Posts
    6,370
    Thanks
    78
    Thanked 12 Times in 11 Posts

    Re: ZA & XP Firewall (XP Pro SP-2)

    Dave:

    I do / did trust the network... I mean, I trust my own family...

    I guess the thing I wondered was: if *I'm* wirleless, can someone tap in, like they can on cell phones, or is the router firewall protection from such things?

    Regards,
    Chuck
    -------------------------------------------------
    "Good judgment comes from experience, and experience - well, that comes from poor judgment."

    ~ A(lan) A(lexander) Milne (1882-1956)- "House at Pooh Corner"

  4. #4
    Plutonium Lounger
    Join Date
    Nov 2001
    Posts
    10,550
    Thanks
    0
    Thanked 7 Times in 7 Posts

    Re: ZA & XP Firewall (XP Pro SP-2)

    > can someone tap in, like they can on cell phones, or is the router firewall protection from such things?

    The firewall provides no protection at all from other things on the same Wireless network. You need to use something like WPA which provides strong encryption and prevents connection by devices that don't know the correct pass-phrase. Any decent Wireless Network Access Point will support this. The only Windows version that supports WPA is Windows XP, if you are using Windows 2000 or Windows 9x you have to use the older WEP standard which is fairly easy to hack.

    StuartR

  5. #5
    Uranium Lounger CWBillow's Avatar
    Join Date
    Jul 2002
    Location
    Las Vegas, NV USA
    Posts
    6,370
    Thanks
    78
    Thanked 12 Times in 11 Posts

    Re: ZA & XP Firewall (XP Pro SP-2)

    Stuart:

    I use XP SP-2, but wasn't that a WEP key that I had to enter on install and setup of the network card? I think so... And a 26 digit number...

    As this is a MS router (MN-700) and wireless (MN-730), shouldn't that all have been accounted for?

    Where do I verify, add, change, or fix?

    Regards,
    Chuck
    -------------------------------------------------
    "Good judgment comes from experience, and experience - well, that comes from poor judgment."

    ~ A(lan) A(lexander) Milne (1882-1956)- "House at Pooh Corner"

  6. #6
    Uranium Lounger CWBillow's Avatar
    Join Date
    Jul 2002
    Location
    Las Vegas, NV USA
    Posts
    6,370
    Thanks
    78
    Thanked 12 Times in 11 Posts

    Re: ZA & XP Firewall (XP Pro SP-2)

    Stuart:

    When I just checked my Network Connection in the Control Panel, it *is* showing as WEP...

    So now what? And do I need to change it on the base station as well?

    Chuck
    -------------------------------------------------
    "Good judgment comes from experience, and experience - well, that comes from poor judgment."

    ~ A(lan) A(lexander) Milne (1882-1956)- "House at Pooh Corner"

  7. #7
    Plutonium Lounger
    Join Date
    Nov 2001
    Posts
    10,550
    Thanks
    0
    Thanked 7 Times in 7 Posts

    Re: ZA & XP Firewall (XP Pro SP-2)

    Chuck,

    Don't worry too much. WEP can be cracked by a competent hacker with the right equipment if they are close enough to pick up your wireless signal - but it is adequate to protect you from neighbours who are not computer experts.

    If you want to change from WEP to WPA then you need to
    1. <LI>Make sure that you have the instruction manual for your Network Access Point
      <LI>Make sure that you have the instruction manual for every Wireless network card that you use
      <LI>Connect to your Network Access Point and write down the current settings. Especially the type of encryption (probably WEP), the key length (64 or 128 bits) and the key itself (a very long hexadecimal number)
      <LI>Make sure that your Wireless Network Access Point supports WPA-PSK encryption
      <LI>Make sure that every computer you plan to connect to the wireless network is running Windows XP SP2 with up to date critical patches
      <LI>Make sure that the Wireless Network card in every computer supports WPA-PSK encryption (you can usually tell this by visiting the window where you would change the key and looking to see what is on the drop down list.
      <LI>Choose a pass phrase to use with WPA
      <LI>Change the encryption settings on your network access point to use WPA with the new pass phrase
      <LI>Change the wireless network settings on one of your computers to use WPA with the new pass phrase
      <LI>Make sure that the Wireless network still works, if not then revert to your original WEP configuration
      <LI>Change the wireless network settings on all other computers to the new WPA configuration
      <LI>Test that everything still works
      <LI>Breathe a sigh of relief
    regards,

    StuartR

    Edited to add...
    According to Microsoft...
    <hr>Note The Microsoft Wireless Base Station (MN-700) offers both WPA and WEP, but you cannot enable both WEP and WPA on your network. If you decide to enable WPA on your wireless base station MN-700, make sure all the computers on your network meet the specified system requirements<hr>
    and the Microsoft page on the MN-730 also says that it supports WPA

  8. #8
    Uranium Lounger CWBillow's Avatar
    Join Date
    Jul 2002
    Location
    Las Vegas, NV USA
    Posts
    6,370
    Thanks
    78
    Thanked 12 Times in 11 Posts

    Re: ZA & XP Firewall (XP Pro SP-2)

    So now I'll set up my network... But first, where DID I put that vodka?...

    Chuck
    -------------------------------------------------
    "Good judgment comes from experience, and experience - well, that comes from poor judgment."

    ~ A(lan) A(lexander) Milne (1882-1956)- "House at Pooh Corner"

  9. #9
    Plutonium Lounger
    Join Date
    Nov 2001
    Posts
    10,550
    Thanks
    0
    Thanked 7 Times in 7 Posts

    Re: ZA & XP Firewall (XP Pro SP-2)

    One last word of advice. When you choose a pass phrase, make sure that it is good and unguessable. Here are some good and bad examples, I will leave you to guess which are good and which are bad <img src=/S/evilgrin.gif border=0 alt=evilgrin width=15 height=15>
    <UL><LI>Chuck Billow
    <LI>For tonight only 32 fairies dance within Eric's unusual printer
    <LI>The quick brown fox jumps over the lazy dogs back
    <LI>This is a secret
    <LI>Wee3 q9lv 23aa jj7A so there
    <LI>Wireless password[/list]Clue - 4 of those are very bad pass phrases.

    StuartR

  10. #10
    Uranium Lounger CWBillow's Avatar
    Join Date
    Jul 2002
    Location
    Las Vegas, NV USA
    Posts
    6,370
    Thanks
    78
    Thanked 12 Times in 11 Posts

    Re: ZA & XP Firewall (XP Pro SP-2)

    Can't i just use "gum ball"?

    Chuck
    -------------------------------------------------
    "Good judgment comes from experience, and experience - well, that comes from poor judgment."

    ~ A(lan) A(lexander) Milne (1882-1956)- "House at Pooh Corner"

  11. #11
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: ZA & XP Firewall (XP Pro SP-2)

    It has been a while since I've used ZoneAlarm, but here is my understanding:

    "Trusted" = share my computer with others in my network by default

    "Internet" = close off my computer from others by default

    If you don't plan to let others on your home network access the hard drive or connected printers on the computer running ZA, choosing "Internet" is simpler.

  12. #12
    Uranium Lounger CWBillow's Avatar
    Join Date
    Jul 2002
    Location
    Las Vegas, NV USA
    Posts
    6,370
    Thanks
    78
    Thanked 12 Times in 11 Posts

    Re: ZA & XP Firewall (XP Pro SP-2)

    Jefferson:

    That makes sense...

    But what then, if I do want to share? We use shared folders to transfer files between the two pc's, and printers are shared.

    The router is supposed to have a firewall... But from what I'm hearing, it's next to pointless.

    It seems that the IP (?) Address between the two is always (192.168.2.0?)... Wouldn't/couldn't I set up the network so that that one IP is a trusted source? If I did that at both ends, wouldn't that allow shared access while still blocking outside intrusions?

    Regards,
    Chuck
    -------------------------------------------------
    "Good judgment comes from experience, and experience - well, that comes from poor judgment."

    ~ A(lan) A(lexander) Milne (1882-1956)- "House at Pooh Corner"

  13. #13
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: ZA & XP Firewall (XP Pro SP-2)

    A lot of questions.

    First, most routers don't actually have a firewall, but they disguise your internal addresses using NAT (network address translation), which is better than nothing. Some routers do have a firewall; your instruction manual should tell you what features it offers. A software firewall has more intimate knowledge of the applications requesting outbound connections, so it offers many more possibilities.

    Second, ZA might let you open up folder sharing to your local network even if you designate it as Internet rather than trusted. You will need to explore the various tabs. Windows file sharing uses the NetBIOS ports in the range of 135-138, and maybe some others. It should not be too difficult to allow those if you want. However, if ZA blocks them for networks considered to be "Internet," then you can choose "Trusted." You then could be attacked by another computer on your internal network if, for example, it contracted a trojan. To protect against that, you can set a password on the folders you are sharing and only connect when needed so that the vulnerability is temporary.

  14. #14
    Uranium Lounger CWBillow's Avatar
    Join Date
    Jul 2002
    Location
    Las Vegas, NV USA
    Posts
    6,370
    Thanks
    78
    Thanked 12 Times in 11 Posts

    Re: ZA & XP Firewall (XP Pro SP-2)

    Jefferson:

    >>
    To protect against that, you can set a password on the folders you are sharing and only connect when needed so that the vulnerability is temporary
    <<

    That seems the best idea. If I don't set the folders etc. for sharing, then, even if the network is trusted, nobody can "get in" anyway, can they?

    'Cause our need of this is not too often, and that would certainly make life easier -- and safer.

    Regards,
    Chuck
    -------------------------------------------------
    "Good judgment comes from experience, and experience - well, that comes from poor judgment."

    ~ A(lan) A(lexander) Milne (1882-1956)- "House at Pooh Corner"

  15. #15
    Plutonium Lounger
    Join Date
    Nov 2001
    Posts
    10,550
    Thanks
    0
    Thanked 7 Times in 7 Posts

    Re: ZA & XP Firewall (XP Pro SP-2)

    > If I don't set the folders etc. for sharing, then, even if the network is trusted, nobody can "get in" anyway, can they?

    If you configure ZoneAlarm to treat your wireless network as "trusted", then people who connect to your wireless network will be able to exploit any Windows security loophole that you haven't patched.

    That's why security experts always recommend having multiple layers of security, like an onion, each one can help to defend against things that slipped through the others.

    In your case you should probably be using
    <UL><LI>WEP Encryption (keeps most non-expert hackers off your wireless network)
    or
    <LI>WPA Encryption (keeps almost all hackers off your wireless network)

    <LI>Hardware firewall in the router (keeps internet users away from your internal network)
    <LI>ZoneAlarm (Blocks many outgoing exploits, helps to protect you from exploits originating inside your network or things the hardware firewall missed)
    <LI>Regular Windows Update (ensures you have patched any known windows security loopholes)
    <LI>Anti Virus software (protects you from nasties in things that you download or that get past other defences)
    <LI>Anti adware software (protects you from other nasties that you might inadvertantly download)

    If you have all of those in place then you are pretty safe, you could also use

    <LI>Password protection on your shares (yet one more onion layer to protect your data, especially if Zone Alarm is set to trust users on your Wireless network)
    <LI>Disable sharing when you're not using it (makes sure that people can't connect to the shares when you're not using them)[/list]These last two are less critical, they just add a couple more layers to your onion.

    StuartR

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •