Need Mac and PC Firewall S/W

Here's a PCWorld review to get you started reading:

bj

Get yourself a DSL NAT router like a Linksys or one of the others that will stop unsolicited scans and attacks.

Then you can use a logviewer like Wallwatcher to review log data in real time and watch inbound and outbound connections to/from the router from dubious remote IP(s) due to malware that can and do circumvent and defeat PFW/packet filters.

Duane :)

Oh, you can use the PFW solution on the machines behind the NAT router to supplement it, since most NAT routers for home usage cannot stop outbound.

Duane :)

Norton AV alone does NOT mean Norton firewall. Do you have Norton Internet Security? If so you do have a software firewall. If you ONLY have Norton AV you don't have a software firewall. You can buy Norton FW or get FREE Zone Alarm or use WinXP SP2 built in firewall. (Don't use both)

Exactly what equipment is Verizon providing? If you made it clear to them that you will be connecting more than one computer then they are likely supplying a modem / wireless router combo. Can be one box or two. That would mean that none of your computers plug directly into the modem but instead plug into the router or use the wireless function. That would mean that you are behind a NAT firewall. A NAT firewall simply means that your computer IP addresses are private and not public. Bad people on the Internet can not then scan your public IP and see your computers. This is good.

Sounds like your talking about MAC filtering. That's where you tell the router to ONLY allow a certain computer onto the wireless network. It's not fool proof but a good thing to do. Once you get everything else working you can set this up and encryption if you like. First get everything working... then set up your wireless security via the router setup page.

Norton Personal Firewall is not scaled down as far as software firewalls go. In fact it might be too robust and uses a lot of computer resources. It has a network wizard that walks you through the setup to get you on the Internet and protect your computer. Sharing an Internet connection via a router is not necessarily the same as networking your computers. If you want the ability to share files or a printer you have to set up a "home network". Windows can walk you through this process but I don't know how Macs do this. Part of this process is setting up a workgroup. That is just a common name that both (all) computers on the network will use.

It's really not too complicated. Just take things step by step.

NAT is not FW software.

Impostors

When discussing firewalls, packet screening methods, and how firewalls function, there are a few misconceptions that need to be addressed.

Network Address Translation (NAT) One technology that is commonly thought to act as a firewall solution is Network Address Translation (NAT). NAT translates "internal" IP addresses on one network to "external" IP addresses on another network. There are three methods NAT uses to accomplish address translation.

Static NAT - maps a specific single address to another specific single address.

Example:

10.0.0.1 -mapped to- 168.13.1.1

Pooled NAT- dynamically maps all specific single addresses to a pool or range of external addresses.

Example:

10.0.0.1-10.0.0.254 -mapped to- 168.13.1.1-168.13.1.254

Port Level NAT- dynamically maps all specific single internal addresses to a specific single external address. The internal address is mapped or identified by the specific external address in combination with a unique port number.

Example:

10.0.0.1 -mapped to- 168.13.1.1:1084 10.0.0.2 -mapped to- 168.13.1.1:1085 10.0.0.3 -mapped to- 168.13.1.1:1086

By comparing the way NAT functions between two networks, and the way packet screening methods function between two networks, you can see that NAT does not adhere to the firewall definition. NAT does not control access between the networks. Some may argue that NAT does control access because you cannot "see" the internal network. NAT does this not by using rules or filters, however, but through concealment. It hides the network from outside users.

Duane :)

Thanks for all the feedback! It's been very informative. Based on this, it sounds like my Westell Versalink 327W modem/router (with NAT, supplied by Verizon), Nortin Antivirus (not Internet Security), and Adaware freeware will suffice for my home usage. Please let me know if anyone recommends that I go beyond that.

I have a follow-up question about Windows XP Home, but I'll post that on a new thread.

- Ken

What if I said SPI firewall? Do you think that qualifies? I don't know if the Verizon supplied gear has that but Linksys claims it as a "firewall" in ads and packaging.

"DanR" wrote in news:PMnAe.337$ snipped-for-privacy@newssvr30.news.prodigy.com:

Well Linksys and others can hype their products all they want to be a FW appliance solution but the reality is they are only simple NAT routers that may have SPI and some other firewall like features but it is not a FW appliance in the tradition sense of what does a network FW do for a network software or aplliance solution.

What does a firewall do?

A firewall examines all traffic routed between the two networks to see if it meets certain criteria. If it does, it is routed between the networks, otherwise it is stopped. A firewall filters both inbound and outbound traffic. It can also manage public access to private networked resources such as host applications. It can be used to log all attempts to enter the private network and trigger alarms when hostile or unauthorized entry is attempted. Firewalls can filter packets based on their source and destination addresses and port numbers. This is known as address filtering. Firewalls can also filter specific types of network traffic. This is also known as protocol filtering because the decision to forward or reject traffic is dependant upon the protocol used, for example HTTP, ftp or telnet. Firewalls can also filter traffic by packet attribute or state.

I use to own a Linksys NAT router and I know that none of them and in general NAT routers for home usage such a D-link, Belkin, Netgear and others do not meet the specs for a FW appliance running FW software. Although some high-end NAT routers come very close to a FW appliance, they are still not FW appliances.

NAT routers can also used as part of a total FW solution as a border device. But NAT and SPI and other FW like features incorporated in a NAT router doesn't make it FW appliance.

True FW appliances meet the specs above and NAT routers for home usage like a Linksys do not meet the specs. However, a NAT router is good enough for the home usage until one starts doing high risk things like port forwarding, then the NAT router may be good enough enough that kind of a situation.

Duane :)

You'll have to forgive some of the missed words. It's been a long day with a little sleep. ;-)

Duane :)

I think you should consider a software firewall. WinXP has one built in so make sure it's turned on. If you have XP SP2 it's turned on by default but check. Another is Zone Alarm (free version) It can stop software on your computer from accessing the Internet. There is a lot of software on the typical computer that wants to use the Internet to "phone home". With a software firewall you can allow or dis-allow specific programs access to the Internet. And it's nice to know which programs are doing that. Don't use 2 software firewalls however. If you use Zone Alarm or NPFW turn OFF the WinXP firewall. Software firewalls can complicate home network setups however. But when they're setup properly you can still share folders between computers (recommend read only) and share a printer.

Software firewalls can complicate home network setups however. But when they're

The buck stops at the O/S and it doesn't stop anywhere else.

Although I don't implement it all due network sharing and applications I have running on the machines, I do implement things like Authenticated User group on shares removing all other accounts from the share.

Duane :)