Re: Router's Firewall
From:Date: 07/27/02
- Next message: wailakig: "Re: VNC thru VPN from Sonicwall to Netopia"
- Previous message: Duane Arnold: "Re: Router's Firewall"
- In reply to: luis: "Re: Router's Firewall"
- Next in thread: Duane Arnold: "Re: Router's Firewall"
- Reply: Duane Arnold: "Re: Router's Firewall"
- Reply: luis: "Re: Router's Firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 27 Jul 2002 17:13:12 +0100
Hi again Luis,
Sorry this reply is so long!
AFAIK most firewall fitted routers do not allow incoming connections by
default. This means that traffic is only allowed through the firewall and
into the network if it is in response to an outgoing request. For example,
if you request a web page from a remote web server using your web browser
then the webpage should load. However, if someone on the remote server tried
to connect to a port your public IP address the router would reject the
traffic, as it is not in response to a request from your network.
You can check whether there are any ports open on your firewall using
web-based port scanning services such as the one at
http://www.pcflank.com/scanner1.htm. If this reveals open ports on your
router you may be vulnerable. If not, then you are pretty safe from external
attacks. Of course, trojans and viruses can still compromise the security of
your network, so remember to keep virus definitions up-to-date and using
Adware detection software.
If there *are* ports open on your firewall, close them! This is best done
using the configuration software supplied with your router - check the
manual! You only need to have open ports on your router if you want to offer
the world a service over the internet (a different topic!)
An open port on the router could be connected to a service running on the
router itself or a computer on your local network. If it is connected to a
service on the router (most likely telnet or the small web-server used in
configuring some routers) then this is dangerous. Users on the internet will
be able to connect to your router. They may be able to exploit a vulnerable
service, or try to crack your password to get into your router. Having said
that, I don't know of any routers that are supplied this way out-of-the-box.
If the open port is "forwarded" to an open port on a computer on your local
network then any user trying to connect to the open port on your public IP
address will actually connect to the open port on your local computer. This
is called "port forwarding" and is very useful when running separate
computers offering internet services through one public IP address. Again
routers aren't supplied with port forwarding configured out-of-the-box, but
check the settings on your router to be sure.
I don't think that ZoneAlarm is redundant on a firewalled network. Although
I have a basic firewall built into my router/ADSL modem and I also use a
linux based firewall for additional functionality, I still use ZoneAlarm on
my desktop machine. Incoming connections to the router are denied, so why
still use ZoneAlarm? Well, it would protect your computer from accidentally
misconfigured port forwarding settings, for example. I also use it to
control which applications are able to access the internet. It also shows if
any applications have changed, which could be due to malicious activity, or
if new applications (possibly a trojan?) are trying to access the internet.
To allow just your local network to access all the resources of your
computer, you can designate the range of local IP addresses as "trusted" in
ZoneAlarm. Make sure that you don't include your internet gateway in the
trusted IP range! Any one attempting to connect to your services from
outside this range of IP addresses would be denied. It is then up to you
whether you use user-based or password-based authentication for File and
Printer Sharing. This should be based on what operating system is running,
how trustworthy the users are, and who else could physically access the
machines.
Quick summary: the only way someone could connect to your File and Printer
Sharing port 139 on a local computer is if:
1) You open a port on the public side of your router
2) You forward this port to the File and Printer Sharing port 139 on your
local machine
3) You set your firewall to allow connections to this port from any IP
address, rather than a small range of private IP addresses.
4) You have vulnerable services running on your machine. (Keep up-to-date
with patches and software releases!)
5) You use low level sharing authentication/weak passwords.
Not doing one of these would stop a malicious user connecting. Not doing
*any* of them is best, though!
Hope this helps,
Cheers,
Tony Whitmore
"luis" <not@vaila.ble> wrote in message
news:iow09.664559$352.138111@sccrnsc02...
> Hi Tony,
> thanks for the answer... very enlightening. I've got the CompUsa router
> (Gigafast)... economical and it works well... The only concern is
> security since I am using "sharing" within the network . While I learn
the
> details on setting up the security I am also setting up passwords to the
> shared resources but that's a pain. I also have ZApro in the client
> computers hoping that it would stop any breach although I am afraid that
> it's redundant... Any suggestion will be appreciated.
> Thanks again.
> Luis
- Next message: wailakig: "Re: VNC thru VPN from Sonicwall to Netopia"
- Previous message: Duane Arnold: "Re: Router's Firewall"
- In reply to: luis: "Re: Router's Firewall"
- Next in thread: Duane Arnold: "Re: Router's Firewall"
- Reply: Duane Arnold: "Re: Router's Firewall"
- Reply: luis: "Re: Router's Firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
