Discussion in 'Computer Security' started by DaveINM, Jun 12, 2004.

  1. DaveINM

    DaveINM Guest

    Hopefully this is the right newsgroup.

    I have 4 PC connected at home ( when my sons come home from University for
    the holidays.)

    This month we got broadband 1 Meg from Pipex and we are all networked using
    cable. My PC is the host and has to be on if any of the other PC's want to
    connect to the internet.

    Also I have Zone Alarm ( free version) on my PC but when this is on, the
    network connections fail. I have tried many times to set up a trusted
    network but without success.

    I read somewhere that if I use a router it will allow any PC to connect at
    any time and has a firewall inbuilt.

    Is this so, and any recommendations please.

    DaveINM, Jun 12, 2004
    1. Advertisements

  2. I prefer linksys.

    Colonel Flagg

    Privacy at a click:

    Q: How many Bill Gates does it take to change a lightbulb?
    A: None, he just defines Darkness? as the new industry standard..."

    "...I see stupid people."
    Colonel Flagg, Jun 12, 2004
    1. Advertisements

  3. DaveINM

    Chuck Guest


    A NAT router (broadband router) provides a firewall by only exposing ports
    opened by outgoing traffic. Any PC can connect to it independently of the

    I, like the Colonel, prefer Linksys. I like the BEFSX41, which costs only 50%
    more than the cheaper selections, has a better processor, real logging, and a
    Stateful Packet Inspection firewall in addition to NAT.

    You can run Zone Alarm as a personal firewall on any computer connected to a NAT
    router. The personal firewall will run better, and use less resources, because
    it won't be dealing with a lot of background noise traffic that is blocked by
    the NAT router.

    Paranoia comes from experience - and is not necessarily a bad thing.
    Chuck, Jun 13, 2004
  4. DaveINM

    Leythos Guest

    I like the BEFSX41 also, and I also like the BEFVP41 for dedicated VPN
    tunnels too.
    Leythos, Jun 13, 2004
  5. DaveINM

    Ken Ward Guest

    Netgear FR114P - 4 port router with Prosafe Firewall & a print server.
    Ken Ward, Jun 13, 2004
  6. With respect to Colonel Flagg, whose opinion I have grown to respect,
    my prioritized list would be:

    1. Linux box with Iptables. Provides NAT, SPI, VPNs, logging, and
    the ability to also control outbound connections. This is much
    more flexible, and can be configured to meet many more
    situations than most blue/gray boxes.
    2. Linksys router. (Be sure to download their latest firmware)
    3. Netgear router.
    4. D-Link router.
    5. SMC router.
    6. Windows connection sharing with NAT. (very limited firewall)

    Mangled&Munged, Jun 13, 2004
  7. DaveINM

    Jim Watt Guest

    There are whole shelf fulls of routers which are inexpensive
    easy to set up and use minimum electricity and you want a PC ?

    Linux Madness.

    My personal taste is D-Link and a DI-604 would do the job
    nicely at a low price. There may be later models.
    Jim Watt, Jun 13, 2004
  8. yes a router will do that, most seem to come with 4 ports so you could
    just leave the router online, you can have wireless routers as well but
    as you have your computers already wired prob not much point,

    the router would allow any or all computers to connect to the internet
    and also allow other things like printer sharing file sharing etc if you

    Roger Merriman, Jun 13, 2004
  9. DaveINM

    Giel Guest

    Try walking trough the setting of ZA, somewhere itsays something about
    network sharing or something.
    By default it will block sharing of files and folders.
    Giel, Jun 13, 2004
  10. Jim,

    While true that a Linux box/PC might cost more (depending on
    if you have some scrap PCs), and may consume more power.
    But, it also provides a much more flexible, and extendable
    solution for possible future needs. Note: Since the system
    is envisioned as a firewall & server, it doesn't need a monitor,
    and many PCs nowadays are lower power consumers than
    in the past.

    Things that one can do with a slightly smarter box.
    (Beyond simple firewalling)

    1. Cron jobs modify the iptables and enable/disable childrens
    computers at bed time.
    2. Blacklisting outbound connections, to those sites that you
    really don't want you kids visiting.
    3. Print spooler, for all the systems in the house.
    4. Backup engine, for all the systems in the house.
    5. Caching web proxy...
    6. VPN (See
    7. Time servers, so those silly TCP port 13 requests from
    Windows boxes can be satisfied locally. (DNAT)
    8. SPAM filtering.
    9. Music server for other systems in the house.
    10. DVR capability, and ability to serve up movies to other systems
    in the house.
    11. Shared storage for all systems in the house. (Samba)
    12. IPV6 capability.
    13. NFS Version 2,3, and 4, with ability to export over Samba
    for the Windows systems.
    14. Centralized Virus scanning.
    15. Ability to send Windows "Messages" so one can generate
    a popup on the Windows clients, and send critical messages
    or warnings. "It's time for bed, brush your teeth" :) or
    "The web site you are attempting to view has been blocked
    by the firewall", or, "A Trojan, or Virus, has been detected on
    client XYZ".

    The simple blue/gray boxes perform simple firewalling services,
    but if one looks down the road a bit, your ROI may be higher
    with something that is more flexible.

    Mangled&Munged, Jun 13, 2004
  11. DaveINM

    Leythos Guest

    And if you need all of that you can purchase a $400 device that will run
    better, provide less hardware problems, better security (less chance of
    user error), and is supported by firmware updates from the vendor and
    are easy to install.

    If you know enough to use a Nix flavor and one of the GNU firewalls,
    then are are already past the router stage.
    Leythos, Jun 13, 2004
  12. I'd love to see a $400 device that is more flexible than a Linux box.
    Any chance you could provide a source?
    Micheal Robert Zium, Jun 13, 2004
  13. DaveINM

    Jim Watt Guest

    On Sun, 13 Jun 2004 15:29:31 GMT, "Mangled&Munged"

    If the guy need to ask whether he needs a router or not
    for a home network, chances are setting up a Linux box
    is a no-no

    Buying a router is more likely to improve his security cost
    a lot less and be a much more practical solution.

    Looking at the features you stress, I don't need them.
    Jim Watt, Jun 13, 2004
  14. DaveINM

    Leythos Guest

    WatchGuard SOHO6TC units. Installed many of them and they work like
    Leythos, Jun 14, 2004
  15. DaveINM

    Chuck Guest

    Why would I want to put any of my personal data (which is what I want protected)
    on the same device that serves as my perimeter defense? Items 3, 4, 9, 10, 11,
    13, 14 are bull. Item 15 is a built-in ability of any Windoze system that
    hasn't been crippled ala Shoot The Messenger.

    As inexpensive as perimeter protection appliances, have become, I think it makes
    sense to use one to protect your perimeter. From $40 up, simply choose the best
    device that meets your needs and budget. Do your tinkering on protected

    Paranoia comes from experience - and is not necessarily a bad thing.
    Chuck, Jun 14, 2004
  16. DaveINM

    N1POP Guest

    I don't want to start a flame/OS war, I'm just curious why you say
    Linux is way off. Can you describe some of the benefits a BSD-based
    system may have over a Linux-based?

    N1POP, Jun 14, 2004

  17. any number of reasons, the basis of which stems from linux not being
    designed for routing purposes and bsd is.

    iptables is extrememly cumbersome compared to ipf/ipnat.

    Colonel Flagg

    Privacy at a click:

    Q: How many Bill Gates does it take to change a lightbulb?
    A: None, he just defines Darkness? as the new industry standard..."

    "...I see stupid people."
    Colonel Flagg, Jun 14, 2004
  18. Cisco PIX 501. $400 on ebay or other online stores.
    Richard R. Field, Jun 15, 2004

  19. the key word is "flexible", a cisco _anything_ cannot do _everything_ a
    linux box can do....

    Colonel Flagg

    Privacy at a click:

    Q: How many Bill Gates does it take to change a lightbulb?
    A: None, he just defines Darkness? as the new industry standard..."

    "...I see stupid people."
    Colonel Flagg, Jun 15, 2004
  20. DaveINM

    Leythos Guest

    there are two problems with that statement:

    1) Nothing on CISCO is easy when it comes to an untrained person

    2) A Linux firewall is not easy when it comes to an untrained person

    A firewall appliance, with all the bells and whistles, can be must
    easier and more flexible in a firewall role than a Linux box - since you
    must enable/add software for all of those Linux features you want. With
    an appliance, a full featured one, there is not one standard
    firewall/filter feature that you can't get - not to mention that it's
    cheaper to maintain, cheaper to run, easier to configure in most cases,
    and a lot less fool-proof than a linux box.

    Don't get me wrong, a nix box running a firewall is a great thing, but
    since the appliances have come forward as far as they have (not counting
    the PIX), they offer everything that most nix application firewalls
    Leythos, Jun 15, 2004
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.