Questions from a newbie

I am not going to address the router as a FW solution someone else can do that. But leaving that wireless router in its out of the box default state is pure trouble leading to the wireless network being hacked and you machine behind the router hacked too. As a matter of fact you shouldn't leave any router wired or wireless in its out of the box state.

The Pre-N does provide NAT and stateful packet inspection, which is the basic functionality required from any standalone firewall. I haven't seen the configuration of the Pre-N, but that will be where you tweak WPA encryption and firewall policy. If it will allow you to (in the config), deny access to ports or services that you do not need. If not, it might have a "low, medium, and high" security settings option....select medium or high. Belkin is known for connectivity, though, not security. I would still recommend a good desktop anti-virus, commercial (WebRoot) or free spyware sweeper (SpyBot, Ad-Aware), and a desktop firewall (ZoneAlarm, Symantec/Sygate). All of these are still based on signatures, but the really good protocol anomaly and behavior-based host intrusion prevention stuff (Sana Security, etc). isn't ready for home users yet.

A) I will set up WPA encryption asap - I believe XP SP2 which I use on my pc and laptop will allow WPA

B) It appears that all ports are 'stealthed' by default... see Quote below

................................................................

Virtual Servers

This function will allow you to route external (Internet) calls for services such as a web server (port 80), FTP server (Port 21), or other applications through your Router to your internal network. Since your internal computers are protected by a firewall, machines from the Internet cannot get to them because they cannot be 'seen'. If you need to configure the Virtual Server function for a specific application, a list of common applications has been provided. If your application is not listed, you will need to contact the application vendor to find out which port settings you need. To select from the provided list, select your application from the drop-down list. Select the row that you want to copy the settings to from the drop-down list next to "to row", then click "Enter". The settings will be transferred to the row you specified. Click "Apply Changes" to save the setting for that application. To manually enter settings, enter the IP address in the space provided for the internal (server) machine, the port(s) required to pass (use a comma between multiple ports), select the port type (TCP or UDP) and click "Apply Changes". You can only pass one port per internal IP address. Opening ports in your firewall can pose a security risk. You can enable and disable settings very quickly. It is recommended that you disable the settings when you are not using a specific application.

.....................................................................................

I have AdAware but have ditched Norton Internet Security (it was causing problems with email and also slowing computer to an unacceptable degree) I have heard good reports about NOD32 and may download a trial version

Thanks for your help

Thanks Duane Been there now and made some changes . not managed the WPA encryption yet but will do so asap

I advise that you always supplement a network-based firewall with a host-based firewall, especially in cases where wireless connectivity to the LAN is offered.

The router should offer protection from the Internet. Is the wireless secured? If not, that is perfectly acceptable. There is nothing wrong with sharing your Internet connection with your neighbors, but your own computers, wired and wireless alike, must be secured to mitigate threats on the LAN. The XP firewall is acceptable. It's already there and takes a matter of seconds to enable and it is way better than nothing. As others have pointed out, do not allow exceptions. If you require exceptions, then you must secure the wireless network.

What if this kind and gentle neighbor you see through rose colored glasses uses your wireless network to hack some company network over the Internet leaving you holding the bag?

What if some war driver starts using your network to attack other networks over the Internet because you left your wireless network wide open leaving you holding the bag with you pants down?

It's a cruel world out there and if you let them take you, they will do just that. :)

Duane :)

I'd like to introduce you to a little concept known as repudiation.

What? It's always best to error or the side of caution. And to give someone advise about leaving his or her network wide open when you don't know the situation to a newbie is well what can be said about it.

Duane :)

I did not advocate securing or unsecuring the wireless network. I addressed the original posters first question by explaining host-based firewall configuration strategies with respect to exceptions. If one were kind enough to share an Internet connection, this can be accomplished in a secure manner.

And I address the issue of not letting Job Blow use one's network period leaving one holding the bag trying to be *kind*.

Duane :)

If the router is filtering well, yes, that's true.

What are those default settings?

Yours, VB.

and without due diligence --- you are still held holding the bag:-(

The lawyer will ask two questions: Does your device support encryption? and why did you ignore it?

Thanks for all the responses .... Need to get to grips with encryption and which ports to block

Internet sharing is not illegal and there is no due diligence, unless bound by something like HIPAA or PCI. In light of the repudiation provided by an unsecured network, host-based evidence must be obtained.

Well if you have a personal FW on the machines, then I would use static IP(s) on the router for the NIC(s) wired or wireless and block all other IP(s) but those static LAN IP(s) with the FW(s). That's if you're going to be doing file sharing between machines.

Duane :)

You are missing the point. If someone was to connect to your network and commit a crime over the Internet, they got all the evidence they need by the network traffic by IP from your ISP's assigned IP to your network. In the meantime, the person who committed the crime is long gone and they come a knocking at your door. You think you can't be held accountable by providing the means?

And if I was a clueless wireless user and knew that I could use your wide open network and somehow some crime was committed against me due to your network and I could prove it, you're going hear from my lawyer -- count on it.

Duane :)

No. You're talking about indicting every transit provider from point A to point B.

You would have a case against the intruder, not the network provider.

You also seem to have a chip on your shoulder because I don't follow suit in that regard.

Are you bonded? And are you licensed to be a network provider? If you're not, you will hear from my lawyer. :)

Duane :)