Re: Using a Linksys router, should I also use Zonealarm? Internet Acceptable Use Policy

From: Mary (leckavrea-nospam_at_yahoo.com)
Date: 07/28/03


Date: Mon, 28 Jul 2003 16:07:07 -0400


Thank you Miha,

No your answer didn't complicate things. You explained the NAT business very
clearly.

One thing I'm curious about is this -- in the morning I connect to the
internet first, then establish my VPN connection. While connected via VPN,
my browser's access to the Internet is restricted. Occasionally, I find that
I can't access certain sites (usually something pretty inoccuous) and get
the company's "Internet Acceptable Use Policy" type message preventing
access. I thought it was the company's firewall extending a slap on my
wrist, but if not, how does this work? And if they can protect me like this
against myself, why can't they protect themselves agains unlawful intrusion
by a hacker via my computer?

I'm reading some reviews on Blackice vs. Zonealarm.

Mary

"Miha Pihler" <miha.pihler@Atlantis-N0Spam.si> wrote in message
news:eFeD12NVDHA.1816@TK2MSFTNGP09.phx.gbl...
> Hi Mary,
>
> yes VPN is sort of a breach in the firewall. The problem is you are using
> public internet to access corporate network. If your PC is unprotected in
> the internet someone might notice this and try and use your PC over the
> internet to access corporate network.
> In the "old days" when people used to use Dial-In instead of VPN you ware
> protected by corporate Firewall -- since there was no public Internet
> network involved to act as a connection to Corporate network..
>
> NAT is Network Address Translation. It translates private IPs (e.g.
> .10.10.0.0, 172.16.0.0 or 192.168.0.0) to public internet addresses.
Private
> IP is special range of IPs that is not routed on the internet.
> Large companies and even at home we use private IPs to access internet.
The
> reason is at home we usually only get one IP from our ISP. In the company
> where we have thousands of computers it would be a waste of IP numbers
that
> are already in shortage.
> But we can only use private IPs on our private networks. We can't access
> internet with this IPs. So here is where NAT comes in to play. It allows
us
> to access internet from our private network by translating our private IP
> e.g. 10.10.1.15 to e.g 193.2.1.66.
>
> NAT devices (e.g. your Linksys router) can also help a bit with security
> since it hides our PCs. We can have e.g. 100 PCs on internal network that
> are protected by Linksys router that has one public IP address assigned to
> it. Even though it protects our network this protection is limited and
> should not be used or mistaken as firewall functionality.
>
> I don't like ZoneAlarm very much either. It is "too" difficult to set it
up
> compared to some other software personal firewalls. BlackIce is OK
regarding
> protection and setting up.
>
> I hope I didn't complicate too much :-)
>
> --
> Mike
> MCSA 2K, MCSE 2K, MCT, ...
>
>
> "Mary" <leckavrea-nospam@yahoo.com> wrote in message
> news:%23ApusUNVDHA.3972@tk2msftngp13.phx.gbl...
> > Thanks Miha and Lanwench:
> >
> > I'm very clueless about this stuff. I just presumed that since the
> corporate
> > network is protected by a firewall, that once I was logged into it, I
was
> > behind the firewall too. But I think from what you say, my VPN
connection
> > acts as a kind of breach of their firewall making it easier for hackers
to
> > piggyback me as I connect to the corporate network.
> >
> > I searched through some old messages on these newsgroups and some
posters
> > implied that the Linsksys router I'm using acts as a firewall too. So
> that's
> > where I came up with that notion. What is a NAT box?
> >
> > I will have a look at Blackice. Lanwench, why don't you recommend
> Zonealarm?
> >
> > Mary
> >
> >
> > "Lanwench [MVP - Exchange]"
> > <lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in
> message
> > news:u0Wud8KVDHA.2068@TK2MSFTNGP11.phx.gbl...
> > > Note that your Linksys model is not a firewall - it's just a
router/NAT
> > box.
> > > Better than nothing, but not very hard for people to get through. You
> > should
> > > definitely use a software firewall product in addition to it,
especially
> > if
> > > you're connecting to a corporate network via VPN - they probably won't
> > want
> > > someone hacking in through your insecure internet connection.
> > >
> > > ZoneAlarm isn't one of the best out there - I know BlackIce is good
> stuff.
> > > It should work fine with your VPN; I've done this before successfully.
> > >
> > > Or get a hardware firewall (Linksys makes one; don't remember the name
> > > offhand but it has an X in it and is about $130-$140 US).
> > >
> > > Mary wrote:
> > > > I'm using a Linksys Router (BEFSR41) to connect two computers
> > > > (dekstop and laptop) to my DSL modem. My desktop computer is running
> > > > Windows XP and my laptop is running Windows ME. In the past, I used
> > > > Zonealarm on the desktop computer. However, I unistalled it about a
> > > > year ago -- I was having issues with some other software, I don't
> > > > remember what, and a technician suggested that I get rid of
> > > > Zonealarm. I work from home via a VPN connection, and I do remember
I
> > > > used to have some issues in running Zonealarm while connected by
VPN.
> > > > I'm guessing that the VPN connection would be providing me with
> > > > protection from bad stuff anyway while it's running so maybe
> > > > Zonealarm is overkill at those times, is it? But once I disconnect
my
> > > > VPN connection, would it be a good idea to use Zonealarm then, or is
> > > > my router enough of a barrier between me and the internet? Thanks.
> > >
> > >
> >
> >
>
>