Among the many responses I found your explanation and advice most useful.
It appears that a NAT router is the safest way to protect my or any PC from intenet intrusions occurring at any time and coming from tine Internet? True or Flse?
There are some additional questions which remain:
1.) Is a firewall such as Zone Alarm still needed even if one has a NAT router stalled? The NAT router prevents access to the PC from any other site but the one the PC has been connected to, but it does not prevent a malware program from contacting a site of its choosing. Is this the reason why one still needs a firewall in addition to a NAT router?
2.) Why is the vulnerable period between boot and final activation of a software firewall not mentioned and described in the help texts for commercial soft- ware firewalls? It appears that Microsoft with Vista has officially acknowledged that such a vulnerable period exists. ( I found that out the hard way.)
3.) Finally you say that a firewall needs two network interface cards one facing the internet, the other the local network. There are no such interface cars on my PC or on most of the PCs using software firewalls such as Zone Alarm. I therefore do not follow your explanation.
Unfortunately the malware files in question have been erased and I have not had another sample deposited on my system. If that should happen again, then I will submit the file as you suggested.
My OS (Win2000) has no systems restore.
I have scanned the systems several times and no reports of malware have come up.
My original post was on topic, because it addressed the vulnerable period between the activation of DSL and activation of a firewall like ZoneAlarm. This seems to be a recognized problem and can be resolved by installing a NAT, at least this is what I read out of the many replies.
At this time it works at home only as a "2nd line of defence" tool to filter RPC- and CIFS- connections (not accessible after ntsvcfg.de) from outside and as a time dependend "children protection" tool: So if it is ## o'clock, it's time to sleep - no further connections between this and the system of my son are possible.
The machine is accessible as web server called ewert homeunix org (I'll try to install a internet accessible openssh or openvpn daemon on it). There are more services, this machine offers for local network access at home.
I'll look for these BOOT-Options for wipfw in the next time.
And if one has got to shutdown the firewall service at the same machine?
So it's better to restrict the user to use this or that software offering services, it is well known as "software restriction policies".
A got place for a firewall is *between* these systems and the untrusted network.
The NAT router's job is to stop unsolicted inbound traffic from reaching your computer. With using a PFW with a machine that has a direct connection to the modem, which will have a direct connection to the Internet, there is the time during the boot process, that unsolicted inbound traffic can get there first before the PFW is up and running on the network connection.
If the machine is connected to the NAT router, then this vulnerabilty is eliminated if you boot the computer, as it's stopping all unsolicted inbound traffic. It's best to get a NAT router that has SPI in the solution. which can do this better, than just a NAT router without SPI.
formatting link
However, if you have malware running on the computer and it's making a solictation for traffic, then nothing going to stop the solicted traffic not the NAT router, FW appliance, PFW or host based gateway FW solution.
Let me take that back, you can stop the traffic if you had a standalone FW solution like a NAT router, FW appliance or a host based FW running on a gateway computer, protecting a LAN and you knew the inbound or outbound remote Internet IP and were able to set rules for these types of solutions.
Think about this, if the 3rd PFW was stopping traffic due to possible malware running on the machine, because you set some kind of rules, then what happens to those rules during the boot process with the PFW?
ZA is not a FW solution. ZA is a machine level packet filter running on the machine at the machine level. Yes, your reasoning has to why someone would use ZA behind a NAT router is a valid reason, for what it's worth.
I don't know. You'll have to ask producers of the products as to why they don't make this known.
That's because ZA and the others are not FW solutions. They are machine level packet filters running at the machine level to protect the O/S and programs running on the local machine. There is no physical separation of networks using this type of solution.
The NAT router comes closer to being a FW solution than a single machine running a PFW, because the NAT router has two interfaces the WAN (Wide Area Network port), the port that's connect to the Internet (facing the Internet), and the NAT router has the LAN (Local Area Network ports) ports facing the LAN that machines connect to behind the router.
You can buy more Network Interface Cards and place them into a computer, with one NIC connected to the WAN side to the modem facing the Internet and the other NIC(s) in the machine facing the LAN so that other machine can be connected to those NIC(s). They you can buy a host base FW solution a network FW solution that can control the traffic between the WAN and LAN.
A PFW such as ZA cannot to that and is not consider a FW solution.
A solution such as the one in the link which has some questions with answers you may want to review and others are host based software FW solutions that run on gateway computers, using two or more NIC(s) to protect a network.
formatting link
Here is another link that will help you better understand FW(s).
formatting link
Don't get me wrong now as I am not stupid enough to not use a PFW/packet filter on my machine when it's not behind my FW appliance and it's connected to the Internet with a direct connection to a modem or to some foreign LAN like a wireless cafe. But when the machine is behind my FW appliance, the PFW is disabled on the machines.
Again many thanks for your help and explanations. Your sure are an angel and I hope you will find time to address some remaining issues.
Your explanation of the NAT function is very clear and will be be of interest to many on this forum. There is a question related to the issue of an unsolicited outgoing call during the vulnerable period. I would imagine that the probability of such a call must be very small once the system has been scanned for malware with a program like AntiVir Guard and nothing has been found. Am I correct in assuming this? I do of course know that absolute certainty is a goal which is very difficult to attain and may not even be required by the average PC user..
What does PFW stand for? Does it stand for Program Fire Wall?
You said:
My resp> However, if you have malware running on the computer and it's making a
This raises the question I asked above. Would a system scan with a program like AntiVir not eliminate this threat with a high degree of probability?
No. The NAT router's job is to provide connectivity by NAT. In fact, a 1:1 masquerading with full forwarding is a perfectly normal option, and even guessing the target on 1:many is semi-valid. Not to mention that previous NAT sessions might not have expired yet, and thus the router is forwarding as well.
Guess you are referring to a software firewall. My Sygate firewall has the two following selectible items:
Automatically load Sygate personal firewall service at startup.
2.Block all traffic while service is not loaded. These prevent the "gap" Am running Sygate Pro 5.5 b 2710 and its a good one. Sygate was bought out and is not being supported any more. If you use a good one, it needs few if any updates--its not like an AV program.
There are free versions 5.5 b 2710 and 5.6 b 2808 available at:
formatting link
I didn't read all the many posts that followed your post. (Guess they really gave you "heck" about using a software firewall-thats common place here) Sygte should fix you up. Casey
I am beginning to doubt that you wish to engage in a serious discussion.
First you seem to be making a lot of a surmised difference between usenet and a forum. Such a difference may exist in some people's mind, but it is very clear what was meant and at any rate any difference between usenet and a forum will have no impact on our subject of discussion. It is a red herring which you are tyring to plant.
Next you doubt the effectiveness of antiviral programs by stating that they will not find malware if the malware does not want to be found. Since malware does not want to be found are you implying that a large percentage of antiviral programs is of no use? If you do not wish to imply that, please say so. If you do imply it, please back it up with more than the surmise, that that which does not want to be detected, will not be detected.
Thank you for trying and I hope that from now on you will andere zum Narren halten.
I'll sit my machine behind a FW appliance or packet filtering FW router that's not running with the O/S on the machine.
And if I need to stop contact with a service running on a machine behind them, I'll set a rule to close those ports the service is offering.
On the other hand, on my laptop that runs services, which are protected by Vista's FW/packet filter and when the laptop is connected to something other than my LAN, it's not coming down. So I don't worry about something like that. And if I do have to take the FW down in that situation, then it's not going to be connected to any network, period.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.