Zone Alarm Info, Please

[jadinolf]

This is strange.

I had been playing trying different firewalls the last couple of day and yesterday I decided to reinstall Zone Alarm free.

Strange thing is that when looking at "Status: I get:
0 Intrusions since install
0 Of those have been high rated
The firewall has blocked 0 access attempts

Looking at my other computer it has had 50,000+ Intrusions

Thinking I had a bad install, I uninstalled it and reinstalled several times.

I'm on DSL

Any thoughts?

 

[mechBgon]

Not to veer way off-target, but how about getting a router and lock it down good. If you've been paying for two IP addresses with your DSL provider, the router should pay for itself within six months or so, plus you enjoy an extra layer of always-on protection and can hook up four PCs to the router (more if you have a switch already).

 

[jadinolf]

Sounds good but I am a DSL noob.

I have had SBC DSL for a little over a week. I am using the 2Wire 1800HG Wireless Home Portal.

Can a router be used with this? And how is it connected to the portal? Which would you recommend?

Thanks for the response.

 

[mechBgon]

Yeah, instead of

[computer]----------------[modem]

you go

[computer]---[router]----[modem]

The router will... well, I wrote it all up already, read that page I linked in my previous post. Even at default settings, it'll bear the brunt of the worm/hack attacks.

If you actually create rules on your router like I showed how to do, then you can also arbitrarily block outbound traffic on ports that you have no actual use for. This would be a further safety net in the event that one or both of your computers did get infected by, say, one of the zillions of Mytob worms that try to knock down your software firewall and antivirus, then install a backdoor/botnet client to put your computer under the command of the bad guys.

If you're not 100% on security stuff then let me also suggest Microsoft Baseline Security Analyzer, it's quick and free and looks at some stuff that Windows Update doesn't. Stitched-together screenshot of it doing its thing

Hope that helps

 

[jadinolf]

Thanks for everything.

I'll do my reading.

 

[mechBgon]

Actually, I just noticed you said a Wireless portal. If it's the typical JUNK that ISP's love to hand out, then I would tell them to stuff it back where they pulled it from, cancel my DSL service and get cable :|

~ *ahem*

If I were in your situation, and wanted to use wireless networking, I would

1) disable the wireless part of their wireless portal by logging onto its administrative menu using a web browser (go to http://192.168.0.1) and disabling it. Also see if they have a firewall in there, and set it to "basic" if it's one of those retarded basic-low-medium-high types.

2) now go to Newegg and buy a quality WPA-capable wireless router and put that inboard of their "portal". Note that WPA is different (better) than WEP.

3) buy WPA-capable wireless cards for the computers

4) take a snack break

5) set up full WPA+PSK encryption between the router and computers, as per the new router's directions. Change the default password on the router to something strong, like jadinolf@AT for example.

6) log onto the new router and create rules like I mentioned before.


If you don't know about wireless encryption, then you are probably running wide-open unencrypted and anyone could connect to your portal who's within range, without you knowing. WEP encryption would be better than nothing if your "portal" offers it. If this is all way over your head, then disable your portal's wireless capability, put the Netgear RP614 inboard of it, configure it, and run cabled connections from the computers to the RP614. That's my 2¢ worth, anyway

 

[jadinolf]

Thanks for the suggestion but I hate Adelphia.

I found SBC tech support to be pretty good so I'll give them a buzz if I need them

Thanks.

j

 

[jadinolf]

Originally posted by: mechBgon
Actually, I just noticed you said a Wireless portal. If it's the typical JUNK that ISP's love to hand out, then I would tell them to stuff it back where they pulled it from, cancel my DSL service and get cable :|

~ *ahem*

If I were in your situation, and wanted to use wireless networking, I would

1) disable the wireless part of their wireless portal by logging onto its administrative menu using a web browser (go to http://192.168.0.1) and disabling it. Also see if they have a firewall in there, and set it to "basic" if it's one of those retarded basic-low-medium-high types.

2) now go to Newegg and buy a quality WPA-capable wireless router and put that inboard of their "portal". Note that WPA is different (better) than WEP.

3) buy WPA-capable wireless cards for the computers

4) take a snack break

5) set up full WPA+PSK encryption between the router and computers, as per the new router's directions. Change the default password on the router to something strong, like jadinolf@AT for example.

6) log onto the new router and create rules like I mentioned before.


If you don't know about wireless encryption, then you are probably running wide-open unencrypted and anyone could connect to your portal who's within range, without you knowing. WEP encryption would be better than nothing if your "portal" offers it. If this is all way over your head, then disable your portal's wireless capability, put the Netgear RP614 inboard of it, configure it, and run cabled connections from the computers to the RP614. That's my 2¢ worth, anyway

The RP614 price is certainly right.

 

[imported_Lucifer]

My brothers PC has Zonealarm, and it blocked 1 intrusion since install. We have a Netgear router. 3 of our computers are connected to it, my brother's PC, my Mac, and my dad's HP. Our DSL modem, from SBC, has built in wireless capablities. My sisters iBook and my brothers HP laptop, both have wireless built in, are running off the DSL modem. I don't know if the HP or the iBook can use WPA, but I do know that they both connect to the DSL using a WEP key. It does say that our network is secure, but I heard WPA is more secure.

My post maybe irrelevant, but it's an example of how our network is going.

Before we got the router, my brothers computer would always get attacked by the same Trojan, over and over and over. Of course, Zonealarm blocked it everytime, but that trojan wouldn't give up. After we got the router, that stupid Trojan doesn't mess with him anymore.

 

[jadinolf]

Originally posted by: Lucifer
My brothers PC has Zonealarm, and it blocked 1 intrusion since install. We have a Netgear router. 3 of our computers are connected to it, my brother's PC, my Mac, and my dad's HP. Our DSL modem, from SBC, has built in wireless capablities. My sisters iBook and my brothers HP laptop, both have wireless built in, are running off the DSL modem. I don't know if the HP or the iBook can use WPA, but I do know that they both connect to the DSL using a WEP key. It does say that our network is secure, but I heard WPA is more secure.

My post maybe irrelevant, but it's an example of how our network is going.

Before we got the router, my brothers computer would always get attacked by the same Trojan, over and over and over. Of course, Zonealarm blocked it everytime, but that trojan wouldn't give up. After we got the router, that stupid Trojan doesn't mess with him anymore.

Well, thanks, Lucifer. That is good information.

 

[imported_Lucifer]

Hey no problem jadinolf!

And I just noticed that you are also using a 2Wire modem, same as mine. I love the wireless feature! It works WAY better than my wireless Netgear router. The Netgear wireless router always disconnected our old laptop, which was an older Fujitsu 1.6 GHz Pentium 4. You could never keep a connection going for 30 minutes! Then, someone on these forums, by the name tiap, told me that my 2Wire modem had wireless capabilities. And my laptop did happen to pick up the wireless signal. The name for it was 2Wire 8000, or something like that, I can't exactly remember. I tried connecting to it, and it asked for the WEP key. The WEP key is located under the modem, so I entered the WEP key on the Fujitsu, and it connected! Never lost a connection ever again. Your 2Wire modem is great for using Wireless. Our current laptops work off of the modem together, and works awesome! The only purpose my netgear router serves is connecting 3 of our computers, plus the firewall.

Our whole network is pretty darn secure. We haven't had any problems at all.

 

[jadinolf]

Hi Lucifer

Yes I have 2 other computers here connected by wireless using 2Wire adapters.

I got DSL last Thursday and have be on since then with no disconnects. The 2Wire 8000 or what ever it is is from a number which is located on the home portal.

 

[Rottie]

I don't believe router will block any trojan or any type of attack. I have ZoneAlarm Pro suite 5 with Linksys router and it has blocked 140 and only 39 are high rated attack.

 

[jadinolf]

Originally posted by: Rottie
I don't believe router will block any trojan or any type of attack. I have ZoneAlarm Pro suite 5 with Linksys router and it has blocked 140 and only 39 are high rated attack.

I've been told that my Home Portal firewall is blocking bad stuff so Zone Alarm doesn't report it.

Thanks for the reply.

 

[mechBgon]

Originally posted by: Rottie
I don't believe router will block any trojan or any type of attack. I have ZoneAlarm Pro suite 5 with Linksys router and it has blocked 140 and only 39 are high rated attack.

The nature of a Trojan Horse program is what it sounds like. It's packed inside of something YOU bring in and let loose yourself. Naturally the router doesn't stop you from downloading junk and running it You can set up some routers to block ActiveX and Java, although that would probably make you an unhappy camper when you browse the Internet. I'm not touching on the uber-l33t $5,000+ routers that can filter for viruses/worms/Trojans on-the-fly.

Normal decent routers do block worm and hack attacks from outside the network if you don't go out of your way to defeat their protection by, say, putting your computer in the DMZ or forwarding a bunch of likely ports to it. If your Linksys doesn't have its SPI capability enabled, and its remote administration capabilities disabled, then you should fix those issues.

Routers don't firewall your own computers from eachother, so if you have multiple computers, look at the firewall logs and see if they're attacking eachother.

 

[Rottie]

my router does have DMZ but I never bother to use it and there is no SPI I wish I had one. I have NAV 2002 to monitor any trojan and worm activities.

 

[Rottie]

Originally posted by: jadinolf

Originally posted by: Rottie
I don't believe router will block any trojan or any type of attack. I have ZoneAlarm Pro suite 5 with Linksys router and it has blocked 140 and only 39 are high rated attack.

I've been told that my Home Portal firewall is blocking bad stuff so Zone Alarm doesn't report it.

Thanks for the reply.

ZA will log any bad attack and I think you set ZA not to report you at all time.

 

[mechBgon]

I suggest you get a newer antivirus program. Norton 2002 is an antique it lacks the ability to detect what Norton calls "expanded threats" even if it has the latest definitions.

If your router disappoints you, maybe try a Netgear RP614 and set it up like this. They're only about US$30, they do feature Stateful Packet Inspection, and you can have them email their logs to you so you can see what it's doing, like the last picture on that page shows some of the log output.

 

[nweaver]

I run iptables as my s/w firewall, and I haven't had a virus in years.

 

[Rottie]

Originally posted by: mechBgon
I suggest you get a newer antivirus program. Norton 2002 is an antique it lacks the ability to detect what Norton calls "expanded threats" even if it has the latest definitions.

If your router disappoints you, maybe try a Netgear RP614 and set it up like this. They're only about US$30, they do feature Stateful Packet Inspection, and you can have them email their logs to you so you can see what it's doing, like the last picture on that page shows some of the log output.

Standalone version of NAV 2005 too bloated and memory hog? Or should I get NAV 2004 instead?
my linksys router doesn't disappoint me