Re: ZoneAlarm trusted Zone

From: phoenix (phoenix_at_fakeaddress.invalid)
Date: 09/07/04 

Date: Tue, 07 Sep 2004 10:25:44 GMT

On Wed, 01 Sep 2004 14:22:18 GMT, Messenger wrote:

> If I add an IP range within a my local network to the "secure zone", is
> there any possible way another computer outside my network but still using
> the same private network addresses (192.168.x.x) can obtain access through
> the ZA firewall?

Those addresses are non-routable *but* if you have any ports forwarded
through ZA then your system could be compromised. It also depends what
other measures you take against adware/spyware/trojans etc.
>
> I'm thinking that an internal address is only valid until a computer goes
> beyond it's own private DNS and then assumes an IP from the internet
> provider's DNS. Have I got this right?

The 'private' subnets are only valid on your LAN and not outside that.

> Is adding something like 192.168.1.0/255.255.255.0 the proper way to make
> sure all computers on a private network are accessible to one another while
> not allowing any other outside private network access?

That's the correct method of adding a LAN subnet/mask to ZA, it allows
*all* PCs within that subnet access to each other if they are in the
Trusted Zone.

If you're behind a NAT router (ICS or hardware router) then you will be
perfectly safe (with the exception of forwarded ports as I mentioned above)
but I would suggest that you run a firewall on each PC to give you some
warning about unwanted outbound connection attempts.

Regards

Bill

Relevant Pages

  • RE: Site-site VPN, SBS2003
    ... "Leythos" wrote: ... That may not be the problem, but for multiple ... >> IP subnets I suggest using 192.168.x.x. ... > Setting up a private network for your Windows NT workstations? ...
    (microsoft.public.windows.server.sbs)
  • Re: xkcd today- lovely.
    ... If you have a private network of computers behind a NAT router connected ... Their NAT router remembers details about the connection and translates ...
    (uk.comp.sys.mac)