My main pc is fitted with a NIC and hardwired to a Belkin Wireless Pre N Router, thence via an D-Link DSL-300T ADSL modem to the internet. I am informed that I do not need a software firewall with this set-up .... Is that correct ?
Apart from my IP address and password all the settings are Router settings are the default values. Is there anything I can tweak to improve performance or security ?
I am not going to address the router as a FW solution someone else can do that. But leaving that wireless router in its out of the box default state is pure trouble leading to the wireless network being hacked and you machine behind the router hacked too. As a matter of fact you shouldn't leave any router wired or wireless in its out of the box state.
The Pre-N does provide NAT and stateful packet inspection, which is the basic functionality required from any standalone firewall. I haven't seen the configuration of the Pre-N, but that will be where you tweak WPA encryption and firewall policy. If it will allow you to (in the config), deny access to ports or services that you do not need. If not, it might have a "low, medium, and high" security settings option....select medium or high. Belkin is known for connectivity, though, not security. I would still recommend a good desktop anti-virus, commercial (WebRoot) or free spyware sweeper (SpyBot, Ad-Aware), and a desktop firewall (ZoneAlarm, Symantec/Sygate). All of these are still based on signatures, but the really good protocol anomaly and behavior-based host intrusion prevention stuff (Sana Security, etc). isn't ready for home users yet.
This function will allow you to route external (Internet) calls for services such as a web server (port 80), FTP server (Port 21), or other applications through your Router to your internal network. Since your internal computers are protected by a firewall, machines from the Internet cannot get to them because they cannot be 'seen'. If you need to configure the Virtual Server function for a specific application, a list of common applications has been provided. If your application is not listed, you will need to contact the application vendor to find out which port settings you need. To select from the provided list, select your application from the drop-down list. Select the row that you want to copy the settings to from the drop-down list next to "to row", then click "Enter". The settings will be transferred to the row you specified. Click "Apply Changes" to save the setting for that application. To manually enter settings, enter the IP address in the space provided for the internal (server) machine, the port(s) required to pass (use a comma between multiple ports), select the port type (TCP or UDP) and click "Apply Changes". You can only pass one port per internal IP address. Opening ports in your firewall can pose a security risk. You can enable and disable settings very quickly. It is recommended that you disable the settings when you are not using a specific application.
I have AdAware but have ditched Norton Internet Security (it was causing problems with email and also slowing computer to an unacceptable degree) I have heard good reports about NOD32 and may download a trial version
I advise that you always supplement a network-based firewall with a host-based firewall, especially in cases where wireless connectivity to the LAN is offered.
The router should offer protection from the Internet. Is the wireless secured? If not, that is perfectly acceptable. There is nothing wrong with sharing your Internet connection with your neighbors, but your own computers, wired and wireless alike, must be secured to mitigate threats on the LAN. The XP firewall is acceptable. It's already there and takes a matter of seconds to enable and it is way better than nothing. As others have pointed out, do not allow exceptions. If you require exceptions, then you must secure the wireless network.
What if this kind and gentle neighbor you see through rose colored glasses uses your wireless network to hack some company network over the Internet leaving you holding the bag?
What if some war driver starts using your network to attack other networks over the Internet because you left your wireless network wide open leaving you holding the bag with you pants down?
It's a cruel world out there and if you let them take you, they will do just that. :)
What? It's always best to error or the side of caution. And to give someone advise about leaving his or her network wide open when you don't know the situation to a newbie is well what can be said about it.
I did not advocate securing or unsecuring the wireless network. I addressed the original posters first question by explaining host-based firewall configuration strategies with respect to exceptions. If one were kind enough to share an Internet connection, this can be accomplished in a secure manner.
Internet sharing is not illegal and there is no due diligence, unless bound by something like HIPAA or PCI. In light of the repudiation provided by an unsecured network, host-based evidence must be obtained.
Well if you have a personal FW on the machines, then I would use static IP(s) on the router for the NIC(s) wired or wireless and block all other IP(s) but those static LAN IP(s) with the FW(s). That's if you're going to be doing file sharing between machines.
You are missing the point. If someone was to connect to your network and commit a crime over the Internet, they got all the evidence they need by the network traffic by IP from your ISP's assigned IP to your network. In the meantime, the person who committed the crime is long gone and they come a knocking at your door. You think you can't be held accountable by providing the means?
And if I was a clueless wireless user and knew that I could use your wide open network and somehow some crime was committed against me due to your network and I could prove it, you're going hear from my lawyer -- count on it.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.