Re: ZoneAlarm Pro and router ?
From: Duane Arnold (notme_at_notme.com)
Date: 12/21/03
- Next message: exjd: "Port 515 Print Spooler issue"
- Previous message: €®ik: "Re: Windows xp firewall"
- In reply to: Patty: "ZoneAlarm Pro and router ?"
- Next in thread: NeoSadist: "Re: ZoneAlarm Pro and router ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 21 Dec 2003 21:40:28 GMT
"Patty" <patty15NOSPAM@softhome.net> wrote in
news:bs4v8f02l9@enews4.newsguy.com:
> I have a Netgear router on my home network consisting of 3 computers.
> I don't always run all three computers simultaneously since each has
> different uses for me. Right now, ZAP v3.5 has my Network listed in
> the firwall zones as Trusted. The IP address is the one set up by the
> router, 192.168.0.0, not the IP address assigned by my ISP for
> connection to the internet. All computers can connect to the internet
> with no problems and all can connect to each other. I'm just
> wondering if that networking IP setting should be Trusted or Internet.
I don't use ZA. But on the FW I use on the machines, the router's device
IP and 10 DHCP IP(s) only use two out of the ten and one static IP on the
router are trusted on the network. All other IP(s) are rejected by the FW
on the machines.
.
> I've set it to either and it doesn't seem to make any difference in
> how the computers work. Internet Zone Security is set to High,
> Trusted Zone is set to Medium. I'm just wondering what's the best way
> to set the Newtork for best security, should it be Internet or
> Trusted?. ZAP picks Trusted by default. I'm using Windows98SE simple
> peer-to-peer network I have all the IPs for each computer listed in
> ZAP Zones as Trusted. Hope the way I've explained this isn't too
> confusing.
>
> Btw, I will be upgrading to WinXP in the future on this computer and
> wondering if, with the router, I'll even need ZAP anymore (which is
> why I haven't upgraded it yet) or will the XP firewall will be
> sufficient? Thanks so much for any help.
If you're not concerned terribly about outbound connections from a
machine, which a NAT router or XP's FW cannot stop or control, then XP's
ICF behind the router will be sufficient.
However, there is IPsec on the XP O/S that can be used to supplement XP's
ICF, any host based FW or the router on outbound connections. And I do
use IPsec on Win2K and XP to supplement the outbound protection of
BlackIce.
SP2 for XP will be released late in 2004 and will be making some
improvements with XP's FW.
IPsec is not that hard to use.
http://lists.gpick.com/pages/IP_Security_(IPSec).htm
Out of the box, all NT based O/S(s) are in a default state for ease of
use but are very vulnerable to attack.
http://www.uksecurityonline.com/husdg/windowsxp.php
You can use Active Ports to check outbound connections and Process
Explorer, to see what's using the processes on the NT based O/S. Both of
them are free use Google.
Duane :)
- Next message: exjd: "Port 515 Print Spooler issue"
- Previous message: €®ik: "Re: Windows xp firewall"
- In reply to: Patty: "ZoneAlarm Pro and router ?"
- Next in thread: NeoSadist: "Re: ZoneAlarm Pro and router ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
