Firewall Question

[Sandra Grawunder]

Well-am I confused or What! Can someone explain the
firewall process to me?

I thought that with a simple home network all you needed
was protection from access via the Internet. If that be
true then it seems that the Windows XP firewall is all
that is necessary. However, it's seems that you have to
disable the WXP firewall in order to get your network to
set up and work.

If this is so, then what good is the WXP firewall if you
are on a network with access to the Internet? I have
McAfee Virus but I had cancelled my McAfee Firewall
because I thought that WXP firewall would do the job.

At the office we have McAfee Virus and Firewall provided
free by our AOL account so this has not be a big concern.

So, one of my many questions is: Can my home network be
set up and running using WXP firewall when I am using a
cable modem, or do I need to re-activate my McAfee
Firewall account?

If I disable the WXP firewall, will the WXP popup blocker
still work, or do I need to get one of those too?

I'm swimming in murky waters...

TIA,
Sandra G

 

[Chuck]

Well-am I confused or What! Can someone explain the
firewall process to me?

I thought that with a simple home network all you needed
was protection from access via the Internet. If that be
true then it seems that the Windows XP firewall is all
that is necessary. However, it's seems that you have to
disable the WXP firewall in order to get your network to
set up and work.

If this is so, then what good is the WXP firewall if you
are on a network with access to the Internet? I have
McAfee Virus but I had cancelled my McAfee Firewall
because I thought that WXP firewall would do the job.

At the office we have McAfee Virus and Firewall provided
free by our AOL account so this has not be a big concern.

So, one of my many questions is: Can my home network be
set up and running using WXP firewall when I am using a
cable modem, or do I need to re-activate my McAfee
Firewall account?

If I disable the WXP firewall, will the WXP popup blocker
still work, or do I need to get one of those too?

I'm swimming in murky waters...

TIA,
Sandra G

Sandra,

When it comes to protection from hostile incoming network traffic, Windows
Firewall will protect as well as any third party firewall.

Windows Firewall, however, does not protect you against hostile outgoing network
traffic. If you unknowingly install spyware, a trojan, or a virus on your
computer, and it generates outgoing traffic, a third party product such as
McAfee Firewall, if properly configured, will alert you, and hopefully block the
unwanted traffic. Windows Firewall won't do anything to protect you here.

IMHO, if you get as far as allowing hostile outgoing traffic to even exist, you
are not doing all you should be to protect yourself. A layered protection
policy is much better than simply relying upon outgoing filtering.
1) AdAware and Spybot S&D are both free, and both complement each other.
Microsoft AS is currently free, has better detection rate, but false positive
rate also.
2) SpywareBlaster blocks known bad scripts from running.
3) Use an alternate browser, like Mozilla Firefox, as much as possible.
4) When you MUST use IE, block scripting for known bad websites (sourced from
Eric Howes excellent IE-SpyAd).
5) Practice safe hex, enhanced by use of a hosts file to prevent accessing
known bad websites.

AdAware <http://www.lavasoftusa.com/>
CWShredder <http://www.majorgeeks.com/download4086.html>
HijackThis <http://www.majorgeeks.com/download.php?det=3155>
LSP-Fix <http://www.cexx.org/lspfix.htm>
WinsockXPFix <http://www.spychecker.com/program/winsockxpfix.html>
Spybot S&D <http://www.safer-networking.org/index.php?page=download>
SpywareBlaster <http://www.javacoolsoftware.com/spywareblaster.html>
IE-SpyAd <https://netfiles.uiuc.edu/ehowes/www/resource.htm#IESPYAD>
HPGuru's Hosts <http://www.dozleng.com/hpguru/>
MVPS Hosts <http://www.mvps.org/winhelp2002/hosts.htm>

Also, watch what your computer is doing. TCPView (free) from
<http://www.sysinternals.com/ntw2k/source/tcpview.shtml> will let you monitor
what network connections your computer has created at any time. Process
Explorer (also free, and also from SysInternals) is a way better utility than
Task Manager. And AutoRuns (also free, and yet another SysInternals product)
will let you see what programs and services are setup to automatically startup
on your computer.

And Sandra, posting your email address openly will get you more unwanted email,
than wanted email. Learn to munge your email address properly, to keep yourself
a bit safer when posting to open forums. Protect yourself and the rest of the
internet - read this article.
http://www.mailmsg.com/SPAM_munging.htm


--
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
My email is AT DOT
actual address pchuck sonic net.

 

[Jack]

Hi
It some what depend on your surfing habits.

However many savvy users actually use.

1.. A Router that provides Hardware firewall
2.. A Software firewall
3.. AntiVirus Progarm
4.. AntiSpy Program. (You can try Microsoft AntySpy for free:
http://www.microsoft.com/downloads/details.aspx?FamilyId=321CD7A2-6A57-4C57-
A8BD-DBF62EDA9671&displaylang=en
If you care to know Why? Follow this easy reading.
Internet - Basic protection: http://www.ezlan.net/firewall.html
Internet Infestation: http://www.ezlan.net/infestation.html
Basic Steps in cleaning Internet "Junk" - http://www.ezlan.net/clean.html
Jack (MVP-Networking).

 

[Robert L [MS-MVP]]

you can enable the file and printer sharing in windows firewall. this step
by step how to may help. http://www.howtonetworking.com/Windows/xpicf1.htm

--
For more and other information, go to http://howtonetworking.com and
http://ChicagoTech.net

Don't send e-mail or reply to me except you need consulting services.
Posting on MS newsgroup will benefit all readers and you may get more help.

Bob Lin, MS-MVP, MCSE & CNE
How to Setup Windows, Network, Remote Access on
http://www.HowToNetworking.com
Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on
http://www.ChicagoTech.net

 

[Doug Sherman [MVP]]

You've been given some excellent advice on network security, and there is no
need for me to add to it. However, you should know that your confusion is
justiable for at least two reasons:

1. XP changed. With XP and Service Pack 1 it was common to hear that you
had to disable the firewall in order to have file and printer sharing on
your network. This wasn't exactly true because you could manually open
ports to allow FPS - see:

http://ecross.mvps.org/howto/icf.htm

With the advent of SP2 you can now configure an exception for file and
printer sharing which applies only to the machines on your internal network.

2. The Internet changed. Traditionally you used a single perimeter
firewall on the Internet router/gateway or somewhere between it and the
internal LAN to protect the entire network. Individual machines on such
networks rarely had firewalls, and it was common to hear that such
protection was unnecessary. However, the Internet has become a much more
dangerous place in the past two or three years. It has now become
fashionable and wise to implement firewall protection on individual machines
in addition to the perimeter firewall.

Doug Sherman
MCSE Win2k/NT4.0, MCSA, MCP+I, MVP

 

[Leythos]

When it comes to protection from hostile incoming network traffic, Windows
Firewall will protect as well as any third party firewall.

Sandra and Chuck - the above has not been proven by any reputable means
that I've read to date.

If you have Cable or DSL and have ANY computer system you should install
a simple NAT router (Linksys, D-Link, NetGear) to protect your computer
(s) as a first line of defense.

A NAT box will block inbound connections from the internet BEFORE they
reach you computers and any security flaws that may still exist in
Windows (or any other OS). The router also reduces the need for your
computer to do anything to protect you - meaning that it's not running a
firewall rejecting thousands of connections per day.

A NAT box will also, depending on the version, allow you to block
outbound port connections - such as blocking outbound to destination
ports 135~139 and 455 and to 1026/1027. Those features can help slow the
spread of worms around the net if your machine does get compromised.

As for the Windows Firewall - and don't get me wrong, I have more than
20 Windows computers in my home - why would you trust XP SP2 Firewall to
save you when nothing put out to date as secured anyones computers
against attacks. At least wait for CERT to review and rule on it's
protection ability, wait until simple interactions with the desktop
can't disable or punch holes through it......

A router is a great first barrier, you can still run SP2 Firewall, but
the router will be there in case you screw up and compromise the
Firewall.

 

[Chuck]

Sandra and Chuck - the above has not been proven by any reputable means
that I've read to date.

If you have Cable or DSL and have ANY computer system you should install
a simple NAT router (Linksys, D-Link, NetGear) to protect your computer
(s) as a first line of defense.

A NAT box will block inbound connections from the internet BEFORE they
reach you computers and any security flaws that may still exist in
Windows (or any other OS). The router also reduces the need for your
computer to do anything to protect you - meaning that it's not running a
firewall rejecting thousands of connections per day.

A NAT box will also, depending on the version, allow you to block
outbound port connections - such as blocking outbound to destination
ports 135~139 and 455 and to 1026/1027. Those features can help slow the
spread of worms around the net if your machine does get compromised.

As for the Windows Firewall - and don't get me wrong, I have more than
20 Windows computers in my home - why would you trust XP SP2 Firewall to
save you when nothing put out to date as secured anyones computers
against attacks. At least wait for CERT to review and rule on it's
protection ability, wait until simple interactions with the desktop
can't disable or punch holes through it......

A router is a great first barrier, you can still run SP2 Firewall, but
the router will be there in case you screw up and compromise the
Firewall.

Thank you Mark, for pointing out what I omitted to mention - that a dedicated,
external NAT router is better protection, against incoming threats, than a
personal firewall installed on the computer that it's protecting. I was focused
on explaining the functional difference between Windows Firewall, and third
party products like McAfee Firewall.

Sandra, Mark is right - a dedicated external device like a NAT router is
preferable to a personal firewall on your computer - McAfee or Windows Firewall.
Here's hoping that your cable modem has an Ethernet port, not a USB port.

Your personal firewall (MPF, WF, or whatever) is only as strong as the computer
(and operating system) that it runs on. If you surf to a website with malicious
code, and your browser downloads that code, your personal firewall on your
computer could be compromised. If you're also protected by an external NAT
router, the chances for your browser compromising your defenses is greatly
reduced.

His second, implied point is also worth considering. I would instinctively
trust McAfee Firewall more than Windows Firewall, as an inner layer of
protection also.

Just please don't stop there. You still need anti-virus and anti-spyware
protection. Solely depending upon MPF to alert you when spyware is installed,
by expecting MPF to detect spyware based upon unexpected outgoing traffic, is
not good security. That's like depending upon the cops to tell you when your
kids are malfunctioning. Keep track of your kids, and your computer, by layered
defenses, and by activity monitoring.

--
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
My email is AT DOT
actual address pchuck sonic net.

 

[Chuck]

Sandra and Chuck - the above has not been proven by any reputable means
that I've read to date.

If you have Cable or DSL and have ANY computer system you should install
a simple NAT router (Linksys, D-Link, NetGear) to protect your computer
(s) as a first line of defense.

A NAT box will block inbound connections from the internet BEFORE they
reach you computers and any security flaws that may still exist in
Windows (or any other OS). The router also reduces the need for your
computer to do anything to protect you - meaning that it's not running a
firewall rejecting thousands of connections per day.

A NAT box will also, depending on the version, allow you to block
outbound port connections - such as blocking outbound to destination
ports 135~139 and 455 and to 1026/1027. Those features can help slow the
spread of worms around the net if your machine does get compromised.

As for the Windows Firewall - and don't get me wrong, I have more than
20 Windows computers in my home - why would you trust XP SP2 Firewall to
save you when nothing put out to date as secured anyones computers
against attacks. At least wait for CERT to review and rule on it's
protection ability, wait until simple interactions with the desktop
can't disable or punch holes through it......

A router is a great first barrier, you can still run SP2 Firewall, but
the router will be there in case you screw up and compromise the
Firewall.

Thank you Mark, for pointing out what I omitted to mention - that a dedicated,
external NAT router is better protection, against incoming threats, than a
personal firewall installed on the computer that it's protecting. I was focused
on explaining the functional difference between Windows Firewall, and third
party products like McAfee Firewall.

Sandra, Mark is right - a dedicated external device like a NAT router is
preferable to a personal firewall on your computer - McAfee or Windows Firewall.
Here's hoping that your cable modem has an Ethernet port, not a USB port.

Your personal firewall (MPF, WF, or whatever) is only as strong as the computer
(and operating system) that it runs on. If you surf to a website with malicious
code, and your browser downloads that code, your personal firewall on your
computer could be compromised. If you're also protected by an external NAT
router, the chances for your browser compromising your defenses is greatly
reduced.

His second, implied point is also worth considering. I would instinctively
trust McAfee Firewall more than Windows Firewall, as an inner layer of
protection also.

Just please don't stop there. You still need anti-virus and anti-spyware
protection. Solely depending upon MPF to alert you when spyware is installed,
by expecting MPF to detect spyware based upon unexpected outgoing traffic, is
not good security. That's like depending upon the cops to tell you when your
kids are malfunctioning. Keep track of your kids, and your computer, by layered
defenses, and by activity monitoring.

And, BTW, as you also asked (and which I repeatedly forgot to answer) - The
popup blocker provided by Microsoft is for Internet Explorer in Windows XP SP2
only. If you use Mozilla Firefox, which you should, you will have a popup
blocker, regardless of what operating system / SP level you have.

--
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
My email is AT DOT
actual address pchuck sonic net.