Re: Firewall Suggestions

From: Stupified (neosadist@hotmail.com)
Date: 01/22/03 

From: "Stupified" <neosadist@hotmail.com>
Date: Tue, 21 Jan 2003 22:36:14 -0600

"Patty" <patty15@softhome.net> wrote in message
news:b0l1a80gnd@enews2.newsguy.com...
> I have a small Windows 98SE peer-to-peer network with one computer acting
as
> a server.

"Acting as" is right. Maybe you use its hard drive to store things, and
it's sharing the printer, but it's not a true server, since there are no
servers on a peer to peer network topology. Oh well, who cares, it's just
words...

> I'm using a LinkSys router and have cable internet connection. I
> tried installing ZAP with licenses to use on the Network but had problems
> with my accounting software, which as their tech people tell me, uses
TCP/IP
> to access the other computers across the network.

First off, if you have the linksys broadband router, you should already have
enough security without adding a software firewall. SPI (stateful packet
inspection) is usually enough. If someone can get past your NAT "firewall"
(built into the router) and also your SPI, then you might as well give up.
However, I might add that win98se was NOT designed for business use, but for
home use primarily. Also, it was before the security craze of recent.
Windows 2000 professional is both more secure out of the box, and also can
be configured to almost CIA/FBI level security (but then again, you'd have
no internet, and we wouldn't be talking now, would we? lol)
ANYWAYS, I'm not bashing you. It's just that I think you're spinning your
wheels in the wrong direction. First off, windows 2000 would allow your
operating system to be a lot more secure, almost removing the "need" for a
software firewall. And with your router's firewall and security, that plus
win2000 should be enough. Besides that, win2k is easy to use on peer to
peer networks. You can configure it to use NTLM over LM authentication,
which is more difficult to hack. You can also make each computer have its
own password, and then all computers have that same user and password on
them, which allows cross-authentication sorta. This means unless they have
a user name and password, they can't even try to access your network. (No,
I don't know how to explain it using technical terms, but I don't care,
cause my network is laid out this way and it works).
Beyond all this, win2k is so much more stable than win98se (win2k is NOT
winME. WinME is a piece of *** operating system, and the cd it comes on is
better used as a coaster). What good is security when win98se will crash
itself often enough? Win2k is a lot more stable. I've had installations of
win2k pro last for like a year (before I decided to change operating systems
and rearrange our network.)
But anyways, I think you're sorta on overkill here with the firewalls. Here
are the basic ideas of security: data backup, intrusion prevention, and
hardening your resources. If you want to ensure you don't lose data, back
it up often. Then use intrusion prevention, which your router provides
enough of. Then, harden your stuff by making things harder to hack (i.e.
win2k upgrade from win98se, since win98se has been out longer and is easier
to hack due to it being well known, much less because of the way it was
designed, which is beyond the scope of this post).

> What happened was with
> ZAP, it took so long to access the programs from the "workstation"
computers
> that it was ridiculous.

Yeah, cause most of the time security comes at a price to functionality.
Zone alarm is a nice firewall, but you've got too much security is my
opinion.

> I mean from the time that you tried to access the
> program you could go get yourself a cup of coffee, stop by the bathroom,
get
> some supplies from the storeroom all before the program gave the log-in
> screen. Then once you entered the log-in name and password, there was
> another wait. Too long to be practical. Digital River gave me a full
> refund for the licenses with no problem. They were actually very nice
about
> it (I believe they have a 30-day money back guarantee). So, now I'm
> firewall shopping again. Has anyone seen this type of problem and any
> suggestions as to what firewall to use?

I'd suggest norton personal firewall, since you can manually tell the
firewall what to do, but then again it's got a huge footprint (i.e. taxes
the system's resources). I suggest going with a better, more secure
operating system and using the firewall of your router, which already works
just fine. If you're still not satisfied, use winxp home or winxp pro
instead, since they come with a firewall called internet connection
firewall. This enabled will provide enough protection that between it and
your router, you should have enough security.
People on here get very paranoid sometimes, myself included. But honestly,
you've probably got enough security. However, people sometimes also invest
heavily in firewalls and such but forget the other tenets of security, such
as not sharing files with people you don't know (like on kazaa and gnutella
and bearshare and such), and not downloading software before checking on it
(such stuff is usually at best krapware -- stuff you don't need cause you
can do what it does for yourself. At worst, it's spyware, something someone
wrote to entice people with so that they could also spy on them). Use
antivirus. You already have the firewall ideas covered. Move up to a
better operating system.

> I know I'm probably not explaining
> this very well, but I'm only relaying what I was told. TIA.
>
> Patty
>
>

No problem. I hope this helps. If not, you can reply to "neosadist at
hotmail dot com" and I'll help you any way I can. However, remember that
most of what I have said is an opinion, even if I can back it up with things
I've read.