Re: Using a Linksys router, should I also use Zonealarm? Internet Acceptable Use Policy

From: Mary (
Date: 07/28/03

Date: Mon, 28 Jul 2003 16:07:07 -0400

Thank you Miha,

No your answer didn't complicate things. You explained the NAT business very

One thing I'm curious about is this -- in the morning I connect to the
internet first, then establish my VPN connection. While connected via VPN,
my browser's access to the Internet is restricted. Occasionally, I find that
I can't access certain sites (usually something pretty inoccuous) and get
the company's "Internet Acceptable Use Policy" type message preventing
access. I thought it was the company's firewall extending a slap on my
wrist, but if not, how does this work? And if they can protect me like this
against myself, why can't they protect themselves agains unlawful intrusion
by a hacker via my computer?

I'm reading some reviews on Blackice vs. Zonealarm.


"Miha Pihler" <> wrote in message
> Hi Mary,
> yes VPN is sort of a breach in the firewall. The problem is you are using
> public internet to access corporate network. If your PC is unprotected in
> the internet someone might notice this and try and use your PC over the
> internet to access corporate network.
> In the "old days" when people used to use Dial-In instead of VPN you ware
> protected by corporate Firewall -- since there was no public Internet
> network involved to act as a connection to Corporate network..
> NAT is Network Address Translation. It translates private IPs (e.g.
> ., or to public internet addresses.
> IP is special range of IPs that is not routed on the internet.
> Large companies and even at home we use private IPs to access internet.
> reason is at home we usually only get one IP from our ISP. In the company
> where we have thousands of computers it would be a waste of IP numbers
> are already in shortage.
> But we can only use private IPs on our private networks. We can't access
> internet with this IPs. So here is where NAT comes in to play. It allows
> to access internet from our private network by translating our private IP
> e.g. to e.g
> NAT devices (e.g. your Linksys router) can also help a bit with security
> since it hides our PCs. We can have e.g. 100 PCs on internal network that
> are protected by Linksys router that has one public IP address assigned to
> it. Even though it protects our network this protection is limited and
> should not be used or mistaken as firewall functionality.
> I don't like ZoneAlarm very much either. It is "too" difficult to set it
> compared to some other software personal firewalls. BlackIce is OK
> protection and setting up.
> I hope I didn't complicate too much :-)
> --
> Mike
> MCSA 2K, MCSE 2K, MCT, ...
> "Mary" <> wrote in message
> news:%23ApusUNVDHA.3972@tk2msftngp13.phx.gbl...
> > Thanks Miha and Lanwench:
> >
> > I'm very clueless about this stuff. I just presumed that since the
> corporate
> > network is protected by a firewall, that once I was logged into it, I
> > behind the firewall too. But I think from what you say, my VPN
> > acts as a kind of breach of their firewall making it easier for hackers
> > piggyback me as I connect to the corporate network.
> >
> > I searched through some old messages on these newsgroups and some
> > implied that the Linsksys router I'm using acts as a firewall too. So
> that's
> > where I came up with that notion. What is a NAT box?
> >
> > I will have a look at Blackice. Lanwench, why don't you recommend
> Zonealarm?
> >
> > Mary
> >
> >
> > "Lanwench [MVP - Exchange]"
> > <> wrote in
> message
> > news:u0Wud8KVDHA.2068@TK2MSFTNGP11.phx.gbl...
> > > Note that your Linksys model is not a firewall - it's just a
> > box.
> > > Better than nothing, but not very hard for people to get through. You
> > should
> > > definitely use a software firewall product in addition to it,
> > if
> > > you're connecting to a corporate network via VPN - they probably won't
> > want
> > > someone hacking in through your insecure internet connection.
> > >
> > > ZoneAlarm isn't one of the best out there - I know BlackIce is good
> stuff.
> > > It should work fine with your VPN; I've done this before successfully.
> > >
> > > Or get a hardware firewall (Linksys makes one; don't remember the name
> > > offhand but it has an X in it and is about $130-$140 US).
> > >
> > > Mary wrote:
> > > > I'm using a Linksys Router (BEFSR41) to connect two computers
> > > > (dekstop and laptop) to my DSL modem. My desktop computer is running
> > > > Windows XP and my laptop is running Windows ME. In the past, I used
> > > > Zonealarm on the desktop computer. However, I unistalled it about a
> > > > year ago -- I was having issues with some other software, I don't
> > > > remember what, and a technician suggested that I get rid of
> > > > Zonealarm. I work from home via a VPN connection, and I do remember
> > > > used to have some issues in running Zonealarm while connected by
> > > > I'm guessing that the VPN connection would be providing me with
> > > > protection from bad stuff anyway while it's running so maybe
> > > > Zonealarm is overkill at those times, is it? But once I disconnect
> > > > VPN connection, would it be a good idea to use Zonealarm then, or is
> > > > my router enough of a barrier between me and the internet? Thanks.
> > >
> > >
> >
> >

Relevant Pages

  • RE: can ping but not browse
    ... I have stopped the firewall. ... # are safed from all (security) hazards. ... firewall/bastion host to the internet ... # internet and to an internal network, ...
  • Re: Using a Linksys router, should I also use Zonealarm?
    ... public internet to access corporate network. ... In the "old days" when people used to use Dial-In instead of VPN you ware ... protected by corporate Firewall -- since there was no public Internet ...
  • RE: Hidden Ports
    ... this is done by the firewalls to prevent authenticated files from being replaced by trojans and connecting to the internet. ... kerio firewall ... or a program that already had network access attempted to ... > Depending on the Access setting for a component, ZoneAlarm Pro ...
  • Re: Entire Network
    ... Internet access is different and just because a firewall isn't ... Second, if it isn't the firewall, then often it is a case of the system ... any way a network guru. ... > The network connection works just fine from both computers for internet ...
  • Re: NAT is not a mechanism for securing a network.. but.. HELP!
    ... For years I have heard people claim that NAT could be circumvented ... > packet is routed. ... but the only outside network I have access to right now ... > Firewall is a term, most people use other than it was intended. ...