D
Daniel Royer
I just installed a Netopia 3347 router (XP SP2). Do I need a firewall
like ZA ?
Daniel
like ZA ?
Daniel
R
Rock
Daniel said:
Without knowing more about the configuration and use, it is a good idea
to have a software firewall in addition to the hardware router. I don't
know about that router in particular but many routers provide NAT, but
are not firewalls, and they don't block outbound traffic.
S
steam3801
Check the website for this brand of router. What doesi t say about the
f/wall capabilities for the model you are using?
P
Plato
Rock said:
I tend to agree.
G
Guest
Probably do not need XP firewall active.
Do Start -> Run and enter firewall.cpl to disable.
Be vigilant.
Do Start -> Run and enter firewall.cpl to disable.
Be vigilant.
D
Daniel Royer
Good idea! thankssteam3801 said:
Daniel
--
_____________________________________
Daniel Royer
University of Geneva
daniel at royer dot ch
S
Sigmundur Jonsson
rhodes2010 said:
Firewalls like Zone Alarms blocks OUTGOING connections too so i would
recommend you get Zone Alarm Security Suite, EVEN IF YOU HAVE A ROUTER.
It stops trojans and backdoors listening on your computer (or any
program that you do not want to become a server or connect to the
internet) and blocks a lot more things.
The counter said that Zone Alarm have stopped about...
50 hackers after 1 WEEK. I even have a router with firewall ON.
The log showed port in the destination(this case, my IP) ports that are
NOT natted/open, wtf. NOONE is safe exept if you have triple defense
1. Router, 2. Firewall, 3. Personal Firewall(OTHER THAN THE XP!, it's junk).
G
Glen
Why do you say other than XP firewall! its junk? The XP firewall is just as
strong as zonealarm for incoming connections. It stealths all ports just the
same. If you know your computer is clean then you might not need any other
firewall. Most people I know (and I install ZoneAlarm on most of my
customers computers) either click yes to everything or click no to
everything and have problems. They just dont understand the concepts even
though I try my hardest to explain.
strong as zonealarm for incoming connections. It stealths all ports just the
same. If you know your computer is clean then you might not need any other
firewall. Most people I know (and I install ZoneAlarm on most of my
customers computers) either click yes to everything or click no to
everything and have problems. They just dont understand the concepts even
though I try my hardest to explain.
M
Manny Borges
Hehe, total agreement. Users are monkeys sometimes. Ok a lot of the time.
It is not they can't understand, they just think that our job is to
understand for them. Which is not entirely wrong.
I don't want to sound like an a$$, but I just don't work on small netorks
much so I have developed a major bias against any kind of client controlled
and maintained software. I am much more comftorable with centralized
applications and ironfisted network management.
That is why it is my opinion that any solution that has the user make a
choice that could affect thier computers security is the incorrect option.
--
Manny Borges
MCSE NT4-2003 (+ Security)
MCT, Certified Cheese Master
There are 10 kinds of people in the world. Those who do understand binary
and those who don't.
It is not they can't understand, they just think that our job is to
understand for them. Which is not entirely wrong.
I don't want to sound like an a$$, but I just don't work on small netorks
much so I have developed a major bias against any kind of client controlled
and maintained software. I am much more comftorable with centralized
applications and ironfisted network management.
That is why it is my opinion that any solution that has the user make a
choice that could affect thier computers security is the incorrect option.
--
Manny Borges
MCSE NT4-2003 (+ Security)
MCT, Certified Cheese Master
There are 10 kinds of people in the world. Those who do understand binary
and those who don't.
B
Bruce Chambers
Daniel said:
I'd say "Yes," others may disagree.
If you use a router with NAT, it's still a very good idea to use a
3rd party software firewall. Like WinXP's built-in firewall,
NAT-capable routers do nothing to protect the user from him/herself
(or any "curious," over-confident teenagers in the home). Again --
and I cannot emphasize this enough -- almost all spyware and many
Trojans and worms are downloaded and installed deliberately (albeit
unknowingly) by the user. So a software firewall, such as Sygate or
ZoneAlarm, that can detect and warn the user of unauthorized out-going
traffic is an important element of protecting one's privacy and
security. (Remember: Most anti-virus applications do not even scan for
or protect you from adware/spyware, because, after all, you've
installed them yourself, so you must want them there, right?)
I use both a router with NAT and Sygate Personal Firewall, even
though I generally know better than to install scumware. When it
comes to computer security and protecting my privacy, I prefer the old
"belt and suspenders" approach. In the professional IT community,
this is also known as a "layered defense." Basically, it comes down
to never, ever "putting all of your eggs in one basket."
--
Bruce Chambers
Help us help you:
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin
C
cquirke (MVP Windows shell/user)
On Fri, 5 May 2006 06:56:27 -0400, "Manny Borges"
The problem is pervasive and deep, because "the system" is built of
many layers and parts, each of which is "user" to a deeper layer.
The general problem is: Whoever creates an object, over-estimates the
understanding and effort that will be applied by users of that object.
For example, someone may create a control, to be re-used by
application software. The application software creator is the "user"
of that control, and the control's creator may expect some insight as
to how the control works, what constitutes sane parameters, etc. But
the application developer is using dozens of controls, and isn't going
to read even the ReadMe on any of them unless something goes wrong in
a way that is obviously related to that control. Guess the rest...
What is a Big Tree to us is just another stick in the forest to them.
That's "bulk computing" I guess. My approach is quite the opposite; I
set each PC up to be the most it can be, and to give the user as much
control over it as possible. What they do with that is up to them.
Stand-alone consumer PCs are owned, used and administered by the same
end user. If they are not to make those decisions, who is? Are MS
defaults to be the de facto SysAdmin of the world, or is it up for
grabs by whoever can fake some sort of authentication?
Before security, comes safety. Here's the difference:
- things that no-one should do, should not be possible
- things that some should do but not others, should be secured
For example, let's say you're a stand-alone owner/user of a PC, and
you always work directly from the mouse and keyboard. There is no
reason why anyone should ever be able to "administer" the PC via any
network, especially the Internet - so the safest solution is to rip
that functionality out, for that particular installation.
Far less safe, is to rely on some half-assed (or even 99%-assed)
security that permits only "some" (a set of zero users, in this case)
to "administer" the PC via networking.
A subsystem or facility that is not used by anyone (in this case,
remote admin) is unlikely to be understood, managed, secured, patched,
properly configured, maintained, checked etc. Users will only bother
to learn the things they are interested in, and/or actually use.
Safety is also the bedrock for security, with sanity beneath both.
When the actual actions of software bear no resemblance to anyone's
intent - for example, a buffer overrun that allows a .JPG to run as
raw code - the result is insane, unsafe, and insecure.
The problem is pervasive and deep, because "the system" is built of
many layers and parts, each of which is "user" to a deeper layer.
The general problem is: Whoever creates an object, over-estimates the
understanding and effort that will be applied by users of that object.
For example, someone may create a control, to be re-used by
application software. The application software creator is the "user"
of that control, and the control's creator may expect some insight as
to how the control works, what constitutes sane parameters, etc. But
the application developer is using dozens of controls, and isn't going
to read even the ReadMe on any of them unless something goes wrong in
a way that is obviously related to that control. Guess the rest...
What is a Big Tree to us is just another stick in the forest to them.
That's "bulk computing" I guess. My approach is quite the opposite; I
set each PC up to be the most it can be, and to give the user as much
control over it as possible. What they do with that is up to them.
Stand-alone consumer PCs are owned, used and administered by the same
end user. If they are not to make those decisions, who is? Are MS
defaults to be the de facto SysAdmin of the world, or is it up for
grabs by whoever can fake some sort of authentication?
Before security, comes safety. Here's the difference:
- things that no-one should do, should not be possible
- things that some should do but not others, should be secured
For example, let's say you're a stand-alone owner/user of a PC, and
you always work directly from the mouse and keyboard. There is no
reason why anyone should ever be able to "administer" the PC via any
network, especially the Internet - so the safest solution is to rip
that functionality out, for that particular installation.
Far less safe, is to rely on some half-assed (or even 99%-assed)
security that permits only "some" (a set of zero users, in this case)
to "administer" the PC via networking.
A subsystem or facility that is not used by anyone (in this case,
remote admin) is unlikely to be understood, managed, secured, patched,
properly configured, maintained, checked etc. Users will only bother
to learn the things they are interested in, and/or actually use.
Safety is also the bedrock for security, with sanity beneath both.
When the actual actions of software bear no resemblance to anyone's
intent - for example, a buffer overrun that allows a .JPG to run as
raw code - the result is insane, unsafe, and insecure.
C
cquirke (MVP Windows shell/user)
On Fri, 05 May 2006 18:30:10 -0600, Bruce Chambers
I agree, and would make one further point; you may well have a
hardware router, but that may not mean it's actually *functioning* as
a router. It may be set to operate as a bridge, which means it isn't
hiding your PC behind NAT after all.
I agree, and would make one further point; you may well have a
hardware router, but that may not mean it's actually *functioning* as
a router. It may be set to operate as a bridge, which means it isn't
hiding your PC behind NAT after all.