Need advice on best method(s) of Internet protection

Discussion in 'Computer Support' started by All Things Mopar, Jan 15, 2006.

  1. I'll be brief in my OP, so please ask whatever clarifying
    questions are needed.

    I am concerned the generalized malware risk with an open
    computer network, but right now, I am much more concerned with
    malicious tampering with my machines by bad guys going beyond
    the pitiful protection I describe below. Here's what I've got:

    - New PC, Win XP Pro SP2, "protected" by Norton Systemworks 2006
    - Older PC, Win XP Pro SP1, "protected" by Sys Works 2003
    - Very old PC, Win 98SE, Sysworks 2003.

    All 3 are connected by a wired Ethernet LAN using a Netgear
    router to a Comcast cable modem. Windows provides the NOS. As
    soon as I find a fix for the crashes I get on my new SP2 box
    when I try to read a CD or DVD burned with UDF, I'll re-
    configure the SP1 box to suit my wife's needs, put SP2 on it,
    and scrap her old Win 98 box. So, there's no need for me to
    spend extra money to protect a 10-year-old O/S any longer.

    Other than "lose Symantec", what I'm looking for is advice for
    hardening my network, again, more for malicious attacks than for
    garden variety malware. That said, I have an open mind but don't
    think that software firewalls will do what I want.

    I'm thinking in terms of a hardware firewall, or the equivalent
    of a small proxy server, either with appropriate software to
    take the place of both System Works and SP2. Yes, I can Google
    but I don't know enough about this stuff to know what I'm
    reading, nor do I have even the remotest idea how much hardware
    firewalls and software prices go.

    Thanks in advance.
     
    All Things Mopar, Jan 15, 2006
    #1
    1. Advertisements

  2. All Things Mopar

    Donald Guest

    I use both hardware an software firewalls so I feel safe

    software zonealam is free
    hardware little to alot a cheap netgear will do
     
    Donald, Jan 15, 2006
    #2
    1. Advertisements

  3. All Things Mopar

    Tony Guest

    Don't scrap the old PC with W98 on it, download and install Smoothwall
    http://www.smoothwall.org/ which is free and runs on virtually any old PC.
    I'm using one on a PII 400mhz with 128mb ram.

    It is also a good idea to keep a software firewall on each PC to help
    prevent virus contamination throughout the network if one PC picks up a
    virus. I use Zonealarm on each windows PC as well.
     
    Tony, Jan 15, 2006
    #3
  4. All Things Mopar

    Donald Guest

  5. Today Donald commented courteously on the subject at hand
    I've tried Zone Alarm a couple of time, once the free version
    and once the commercial version a few years ago, and returned
    that for credit. I don't know if ZA was or was not "protecting
    me", all I remember is getting pestered 100's of time a day
    with "is it OK to let XYZ access your computer?" Now, when I
    know I'm doing something that might be secure, I could set it
    to not remind me, but most of the things I saw weren't related
    to what I was actively doing, nothing that any app or Windows
    was doing in the background, nor did it look like an "attack".

    On the other hand, my Win XP Pro SP2 firewall is set up at
    installation defaults, and I see relatively little that is
    user settable. But, I only rarely get a warning, which tells
    me that it isn't too damn good at what Bill the Gates would
    like us to believe. Hence, I'm looking for more...

    As to my Netgear router, it is just that - a router. There is
    a small amount of protection because I'm behind Comcast's
    "real" IP with a relative IP for each machine, but when I
    started looking into this some months back, I had a couple of
    friends, both of whom run Linux, try to get past my router. It
    wasn't very difficult for either of them to do that and at
    least "see" my HD.

    They didn't try a real attack nor did they try to get past SP2
    to try to take control of my PC remotely, but I suspect they
    could if they wanted to. So, if these 2 dudes can compromize
    my system trivially, I hesitate to think was a real "enemy"
    might do, and I'd never know it until the mushroom cloud went
    up.

    But, because they're both running Linux, their ideas for
    software firewalls don't fit my pistol. One of these guys is
    my nephew who also builds my PCs. He's got a small web
    serving/e-mail business and runs a proxy server in front with
    some very expensive malware protection (forget who the vendor
    is but he pays around $4K/year for it). Since he's seeing
    whatever his customers are on their way to the net, he
    regularly logs 30,000 "hits" a day. I don't have that kinda
    money to spend, not nearly enough, nor am I making the
    millions of Internet accesses per day that his customers are.

    Can you give me some hints on how to effectively Google for
    hits that are to my perceived needs? It's a classis example of
    my not knowing what I don't know.

    Thanks.



    --
    ATM, aka Jerry

    "You’re gonna get your mind right"
    "This the way he wants it, well, he gets it"
    "What we got here is failure to communicate"

    The Cap'n to Lucas "Luke" Jackson in "Cool Hand Luke"
     
    All Things Mopar, Jan 15, 2006
    #5
  6. All Things Mopar

    Mike Easter Guest

    What exactly is the netgear router model?

    That Netgear router is most likely a NAT device - which nat devices are
    very powerful at intrusion prevention even if they are lacking stateful
    packet inspection.

    If you add an 'extrusion' defense such as zonealarm and perhaps software
    such as wallwatcher to monitor what is happening at the router, you
    should be well enough defended unless you are running some kind of
    server or have your network configured 'foolishly'.

    Then, you can use such websites and firewall evaluation tools as grc's
    shields up and leaktest to evaluate your condition.
     
    Mike Easter, Jan 15, 2006
    #6
  7. Today Tony commented courteously on the subject at hand
    Whatever for? It is too slow, has too little mem, and too
    small/too slow HD. Not even church rummage sales want these
    POS things.
    I said I had an open mind, and I do. But, /not/ when it comes
    to ZA, the same way people have a mindset about Symantec. It
    isn't specs but performance that counts. If ZA works for you,
    great. But I will not pay money for a POS like that - in my
    experience - which is virtually impossible to uninstall
    completely even with JV16 Powertools.

    I'd add that if the front door is guarded, it isn't
    theoretically possible for any one PC to get infected. If that
    happens, then either the protection is flawed, it isn't up-to-
    date, or is mis-setup by a uninformed user, of which I am one
    - right now.

    In actuality, no amount of money and no amount of time can
    succeed against a determined attacker. Business have learned
    this to their sorrow, including our collective buds in
    Redmond. And, I'm sure /they/ have a /lot/ more than just SP2!
    But, I just want "prudent and proper", and not $10,000 worth.

    Surely there is another software firewall besides ZA. I know
    there's better AV software than SysWorks, but that's not the
    topic for now.

    Thanks for the comments. I do capture everything people say
    and print it out for reference to help me when surfing the web
    for solutions.
     
    All Things Mopar, Jan 15, 2006
    #7
  8. All Things Mopar, Jan 15, 2006
    #8
  9. Today Mike Easter commented courteously on the subject at
    hand
    Not sure, but this is what it says on the bottom:

    Netgear Cable/DSL Web Safe Router Gateway RP614. That means
    nothing to me, it's just what my nephew recommended a couple
    years ago and seems to work well for what it is supposed to
    do. It has one Ethernet in from my cable modem and 4 Ethernet
    outputs.
    Sorry, I don't parlez vous "NAT", but it does support it, as
    well as (from the manual) TCP/IP (naturally), REIP-1, RIP-2,
    DHCP (naturally), NAT, PPTP, PPPoE, IPSec, L2TP. I don't know
    off-hand what any of those mean.
    I'm not running a server, it is just a simple home network to
    share files, a printer, and the cable modem. Again, I don't
    undertand the jargon. What means "extrusion defense", please?
    I know what extrusion is in metal, as I'm an engineer, but I
    don't know what is being "extruded" here.

    I don't know if I am "foolish" or not, that's part of my
    saying I don't know what I don't know. And, isn't there
    another competant software firewall? At the risk of acting
    closed minded, I've had bad experience with them.
    Sorry, but I don't know these security acronym's so what is
    "grc shield" and "leaktest"? Clearly, I have some things to
    learn, so I'm pedalling as fast as I can. Each time somebody,
    like you, Mike, give me some buzzwords, I can at least Google
    for them and learn more on my own.

    So, thanks muchly for a respectful, easy-going style of
    telling a security newbie what to look for.

    --
    ATM, aka Jerry

    "You’re gonna get your mind right"
    "This the way he wants it, well, he gets it"
    "What we got here is failure to communicate"

    The Cap'n to Lucas "Luke" Jackson in "Cool Hand Luke"
     
    All Things Mopar, Jan 15, 2006
    #9
  10. All Things Mopar

    Toolman Tim Guest

    In All Things Mopar spewed forth:
    Your router has NAT - network address translation. What that means is the
    "bad guys" see the IP address your ISP gives you, but your computers have a
    "translated" address - private, not public.

    As for a software firewall, behind your NAT-enabled router it isn't nearly
    as important. But many ISPs now provide a "security suite" with their
    service. I use Charter Pipeline, and they provide F-Secure for me (up to
    three computers). It has AV and a firewall.

    Yes, a software firewall when it is first installed will ask you whether or
    not to allow a program to access the Internet or not. That's what it's
    *supposed* to do. Like a circuit breaker. If the breaker trips, you know
    it's doing it's job, right? Well, if the software NEVER "trips", you won't
    know if it is working or not! But you can TELL the software to ALWAYS allow
    a specific program to access the 'net. Or tell it to always BLOCK the
    access. Then, for that program, you won't see the message again. Once the
    firewall is configured, it sits nice and quiet in the background doing what
    you want it too.
     
    Toolman Tim, Jan 15, 2006
    #10
  11. You missed the checkbox to Turn Off Alerts. Amd logging, too.
     
    Beauregard T. Shagnasty, Jan 15, 2006
    #11
  12. Steve Gibson's company, Gibson Research Corp.

    You'll find both of those (and more) here (scroll down):

    http://www.grc.com/default.htm
     
    Blinky the Shark, Jan 15, 2006
    #12
  13. I like Kerio. Free.
    http://sunbelt-software.com/Kerio.cfm

    Yes, I use it on each PC behind the router. A software firewall will
    tell you what wants to call *out*.
     
    Beauregard T. Shagnasty, Jan 15, 2006
    #13
  14. All Things Mopar

    Toolman Tim Guest

    In Beauregard T. Shagnasty spewed forth:
    Exactly. That's why NAT isn't enough. (Or the Windows firewall.)
     
    Toolman Tim, Jan 15, 2006
    #14
  15. All Things Mopar

    Tony Guest

    You can turn off the warnings in Zonealarm. I have used the free version
    for years and rarely got a warning pop up when I connected directly to the
    internet. It now only alerts me if something is trying to connect outwards
    which is a good thing because if I have caught a virus that is trying to
    phone home, it will warn me.

    The SP2 only stops incoming attacks. If you are unfortunate enough to catch
    a virus, it will not stop it making an outwards connection which Zonealarm
    will.
    Smoothwall is a Linux firewall and is pretty easy to set up.
     
    Tony, Jan 15, 2006
    #15
  16. All Things Mopar

    Plato Guest

    Plato, Jan 15, 2006
    #16
  17. All Things Mopar

    Toolman Tim Guest

    In Plato spewed forth:
    As it should! After all, ports are ports. Block 'em. Done. <g>
     
    Toolman Tim, Jan 15, 2006
    #17
  18. All Things Mopar

    Tony Guest

    If it runs windows 98 it will run Smoothwall - Smoothwall will run on an old
    486 with 16mb of memory. If you want a good secure firewall, that is one
    option
    Tis true that once you have a bad experience of something, it is hard to
    gain trust in that product again.
    The front door may be guarded but you could click on a website that infects
    the PC with a virus. A firewall won't stop malicious code on a website
    getting through. Antivirus will not stop it if it is a new virus and its
    definitions haven't been updated by the antivirus vendors. With all the
    firewall's, antivirus, anti spyware and anti adware available, you cannot
    for 100% sure stop your windows PC from getting infected by a virus.
    Yes you could try Kerio which is also free.

    Don't forget to also install antivirus such as AVG or Avast. Its
    interesting do try out the online scans as well. Each one will often find a
    virus that the other one has missed. Kapersky have a good online scanner
    and microsofts live safety centre at
    http://safety.live.com/site/en-US/default.htm isn't too bad either.
    To be honest, sometimes it feels like fighting a losing battle. I remember
    when I first used the internet, I didn't use a firewall or antivirus for
    years. There was no adware or spyware. Now it seems no matter what you
    try, viruses and trojans still get through. Just had a warning flash up on
    my PC today that a trojan had been detected. Haven't a clue where it came
    from. I'm experimenting with Linux (Ubuntu) at the moment and find it quite
    interesting.
     
    Tony, Jan 15, 2006
    #18
  19. All Things Mopar

    Plato Guest

    Perhaps that's my point. No need for all those extra features in the
    newer versions of "many" firewalls.

    Ports are ports, as you say. Pretty simple to block.
     
    Plato, Jan 16, 2006
    #19
  20. All Things Mopar

    Leythos Guest

    If you purchase a NAT appliance, one that can be found at most computer
    stores, like the Dlink 604 series, the Linksys BEFSR series, etc...

    Then follow the recommended settings for IE / FireFox for browsing...

    Then download and use a non-MS based email client....

    Don't download and install P2P sharing software....

    Follow security norms as found on thousands of sites....

    Then install and maintain a quality Antivirus solution...

    Then ensure that you maintain your platform...

    If you do these simple things you can stay online for years without
    being compromised...
     
    Leythos, Jan 16, 2006
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.