• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

"I'm a little fuzzy on the whole Firewall thing..."

A

ArvinC

Member
Hi everyone! 🙂

Just what the title says: Need some infor and help on how to secure my home-based LAN. It's composed of a Comcast cable connection, an RCA Broadband cable modem, a NetGear RP-114 router which links two pc's to the internet.

Here's where I need some advice: NetGear says that the router is protected from hackers by using a "Network Address Translation" system. Is this similar to a firewall? On my network properties status screen, XP Pro shows that the network is working well and IS firewall protected. My question is, is it enough, or should I be running some sort of software-based firewall as well, and if so, which one? Or am I just getting paranoid...I mean, what are my chances that I'll get hacked? And what can be done to my system?

Any help or suggestions would be great! 😀

ArvinC
 


<< NetGear says that the router is protected from hackers by using a "Network Address Translation" system. Is this similar to a firewall? >>



In a nutshell, NAT is responsible for mapping a private ip (eg 192.168.y.z) to a public ip. That's great for obscuring your boxes actual private ip.

That's decent, but it doesnt protect your ports necessarily. The router can do that, look into how to open/close whatever ports you need to.

As for secure.... well maybe.... ports and ip's are well and good, but they mean nothing without a decent antivirus/antitrojan solution.
 


<< As for secure.... well maybe.... ports and ip's are well and good, but they mean nothing without a decent antivirus/antitrojan solution. >>

AMEN to that!
Here's some basic firewall theory, followed by practical applications...

A firewall at its most basic level behaves like a highly specialized router, more than anything else.
Most of its functions happen at the Network Layer (Layer 3) and have to do with assessing traffic between hosts based on both origin and destination.
Although that is largely what a basic router does, a firewall takes it a step further by including an assigning a level of "trust" to its interfaces.

The INTERNAL (or LAN) interface of a firewall is considered "TRUSTED." That is, traffic originating from hosts connected to the Internal interface are by and large considered "OK" by the firewall, and are allowed to pass (normally dependent upon access rules for protocols and ports).

A firewall's EXTERNAL (or WAN) interface is considered "UNTRUSTED." Traffic originating from hosts connected to the External interface are considered "NOT OK" by the firewall, and are normally denied, with TWO EXCEPTIONS:

1.) If the traffic is part of a conversation originally initiated by a host on the TRUSTED/INTERNAL network, it is allowed. (This is how many trojans, "phone-homes," and spyware work.
2.) If the traffic corresponds to an open port that is mapped to an INTERNAL host, it is allowed (sometimes dependent upon access rules as well).

A DMZ interface on a firewall, if present, represents a security area that is not competely TRUSTED, but should not/cannot be left completely open to the outside world either. As such, any host in the DMZ has to be given explicit access to communicate with INTERNAL hosts (unless they initiate the conversation). Also, any EXTERNAL hosts must be given explicit access to communicate with DMZ hosts. DMZ is normally used for publicly accessible hosts and services, such as Internet mail servers/relays, Web servers, FTP servers, etc. etc.

Most SOHO routers do not have a complete firewall feature set as discussed above. Most rely upon NAT (actually, in most cases, it would be more accurately called PAT) to mask internal addresses. A decent firewall must also be able to guard against "spoofing" which usually takes the form of an external host trying to forge packet headers to appear as if it is really an internal client. This very exploit is one of the primary reasons firewalls were even developed, since routers at that time were not sophisticated (or powerful enough) to implement a check procedure to guard against spoofing (routers have since added these functions, but the role and functions of firewalls have changed as well).

EXTERNAL EXCEPTION 1 is the reason Saltin (and I) said a good antivirus is as important, if not more, than your firewall. If a Trojan Horse program, or viruses, or some other malicious code infected your machine, it could be under someone's control, and if initiated all conversations, your firewall would be doing anything more than a hunk of bleu cheese with some wires stuck into it.

HTH
 
Wow! 😀

Knew coming here for answers and advice first was the right thing to do! Thanks guys. I do have Norton's Anti-Virus 2002 running in enabled mode in the background, and it does a system check on a weekly basis. If I am understanding correctly, this is far more important to have than say, Norton's Personal Firewall?

See, the reason I seem to be a bit hazy on the software-based firewall is that: 1.) They do seem like over-kill for a small, home-only network like mine, and 2.) I have read that running one in the background can slow your machine down (even though I have a beast for a machine).

I am going to look deeper into the advanced features of my router, to see how I can manage/monitor the port usage. But as far as the firewall software...what do you guys think?

Again, thanks to you both for the great info!

ArvinC
 



<< See, the reason I seem to be a bit hazy on the software-based firewall is that: 1.) They do seem like over-kill for a small, home-only network like mine, and 2.) I have read that running one in the background can slow your machine down (even though I have a beast for a machine). >>



Software firewalls like Zone Labs Zone Alarm are packet/port filtering firewalls.
If your running a router with NAT you have accomplished hiding your LAN from the net but the router won't do anything about packet/port filtering. ZA also incorporates a LAN side filter to protect others from any worms or other nasties you may have contracted. If you don't want/need a particular app accessing the net then ZA will keep it from happening without your express consent. If you think your safe because your on dial-up or not on very long during the day or evening you are mistaken.
The first time I installed ZA it took 2 minutes for for the program to block access to my machine from the outside, on a crappy 28.8 dial-up.

I guess you have to decide if the marginal little performance hit you take from running software firewalls is worth it.
I wouldn't go anywhere near the net without it.



 
You must log in or register to reply here.

TRENDING THREADS

Back
Top