Re: Win XP Firewall Question

From: Duane Arnold (notme_at_notme.com)
Date: 03/08/04 

Date: Mon, 08 Mar 2004 17:51:57 GMT

Terry <gobeyondgobeyond@REM0VE.yahoo.com> wrote in
news:MPG.1ab64fa4365d47ff989690@news.tc.umn.edu:

> Hi,
>
> I wonder if I should activate the Internet Connection Firewall for the
> following scenario.
>
> Fast internet access is provided by a cable modem for a small office.
> The modem is connected to a Linksys router which doesn't have a
firewall
> built in. Three XP Pro machines (always-on) connect to the internet
> directly through this Linksys router. The router does have a few ports
> open through port forwarding so that these office machines can be
> accessed from home using Remote Desktop. The 3 machines are in a local
> network with IP 192.168.x.x.

Port forwarding on a Linksys router only allows for one IP/machine to
have a port or ports mapped to an ip/machine - no port mapping to
multiple ip/machines. So how is this possible that you're doing port
forwarding of the same ports for RDS to multiple IP/machines? You may be
getting away with this only because one machine is active with the RDS
and no other machines on the router are doing RDS concurrently. I think
that once you have a situation that you have more than one machine doing
RDS, you're going to have trouble.
>
> Question: Should the Internet Connection Firewall be activated on the
3
> office machines? Since any intrusion attempts have to get past the
> router and the router only has a couple of ports open, I thought it
> would be okay to not enable the firewall.

Yes, a host based FW should be active on the machine, since by doing Port
Forwarding, the protection of the router is not in affect for the
forwarded ports. In addition, you will need to tell the ICF to port
forwarded the inbound ports and also limit what IP(s) can make contact
with the machine over the Internet. The only RDS software I have used is
Netmeeting's RSD that's on the XP O/S and PCanywhere, because both of
them can be placed into a secure encrypted connection.

You should think about using VPN connections between the machines to
further protect the connection. And you should use a strong user-id and
password.

You should consider using port triggering that allows multiple
IP/machines to share the same ports.

>
> Your insight is greatly appreciated!
>

You need to cover your bases and know what you're doing here, otherwise
you may get *hacked*.

Duane :)

Relevant Pages

  • [SLE] SuSEfirewall2 and games
    ... eth0 connected to the internet ... Internal machines can access the web, external machines can access ssh and the ... The game I want to play is using port 2325, and some others show up for source ... running pretty quickly, but I had to initiate the connection with my friend, the ...
    (SuSE)
  • Re: Remote Assistance, One Way Connect
    ... Make certain that the IP address in the Ticket is the EXTERNAL IP address ... the router supports port forwarding for such things as FTP, ... > Both machines are running Windows XP SP2 Home Edition. ... >> name or ip address is being used to attempt connection. ...
    (microsoft.public.windowsxp.work_remotely)
  • Re: Routing http & email in a home network
    ... connection. ... > to other machines to provide those services. ... you not only open the external port ... >> Ian Blackwell ...
    (microsoft.public.win2000.networking)
  • Re: ZoneAlarm log shows probes *from* 127.0.0.1 ?
    ... > dump,probably windows machines. ... day) and since its a dialup connection, it would be related to howoften ... firewall log, this only happens sometimes... ... Use a port listener,bind it to port 80 on the loopback, play around ...
    (comp.security.firewalls)
  • Port 80 Open
    ... I have both zone alarm and internet connection firewall ... my laptop is behind a router. ... Port 80 showed up as open. ...
    (microsoft.public.windowsxp.general)