SImple advice request re home network

Hi, this is a simple advice request as I'm a bit confused after doing some research and am new to networking:

Setup - Very straightforward. We have one PC in the house, running XP and cable broadband. Due to family expansion we have a notebook PC on order, and I've installed a Belkin wireless router so that the notebook can use the same broadband connection wirelessly and share data with the existing PC. It's possible we might get a 2nd notebook as well in due course. We only do standard stuff at home - internet surfing, a little bit torrenting, email, MSN messenger etc etc.

On the existing PC I pay for Zone Alarm Pro and Norton Antivirus.

So my questions are:

The Belkin router has a firewall built-in though this doesn't appear to be configurable other than off/on.Does this mean that I can get by with either no software firewall, or alternatively just settle for the free ZoneAlarm for instance?

I assume that if I want to continue with Zone Alarm Pro and Norton Antivirus I'll have to pay to install fresh ones on each new notebook? (I assume trying to install again from the existing licence won't work.)

Is there any other solution I should consider, as these costs do start to add up once you have more than one PC. Anything designed for multiple PCs that is worth it for just 2 or 3 PCs?

Any advice appreciated - thanks in advance.

Reply to
Timbo
Loading thread data ...

the router firewall will keep most people out who attack from the internet. Essential nowadays if you install windows from CD then want to download updates ... without a firewall like this you can be compromised - before you have the patches that fix the windows security.

The software firewall on the PC give some protection where you accidentally download something (say a trojan) that then wants to phone home so it can recieve new instruvtions. This is the firewall that says 'this keypress tracker has discovered your visa card number and wants to pass the info on', ot 'I'm a mail spam program - what messge should I send to who'

that would be reasonable - after all your license fee pays someones wages, and it is something you use all the time.

You may find that internet protection software may come with the PC.

don't forget to lockdown yor wireless network, so you don't run a local hotspot for the benefit of passers by an nieghbours.

Reply to
postmaster

"Timbo" wrote in news:wuRce.22478$ snipped-for-privacy@text.news.blueyonder.co.uk:

The Belkin NAT router has no (FW). It's a NAT router for home usage that may have some FW *like* features but it has no FW in the traditional sense of what a FW is suppose to do. However, the NAT router does have some form of protection that it doesn't forward unsolicited inbound requests.

formatting link
What does a FW do?

formatting link

Products such as ZA and others are not FW(s) either as they do not separate two networks. They only protect a single machine. It protects the O/S, its services and Internet applications from attack at the machine level.

You can turn the Belkin into a wire/wireless Access Point switch that wire and wireless machines can use and plug it into low-end FW appliance that has a real FW.

Any software running at the machine level can be circumvented and defeated. There is less of a chance since you have the NAT router in front of the machine(s) stopping the unsolicited scans and attacks. And some people supplement the NAT router with PFW solutions that can stop outbound traffic at the machine level that the NAT router cannot stop. And I am not talking about Application Control either and it's more along the lines that you can stop outbound by stopping it by port or IP.

Of course you'll need a PFW solution on a laptop if it's being connected to other networks other than your own.

If you had a FW appliance, you could dump the PFW solution as it's not needed and it is sucking up machine resources.

You have a wireless solution that you should secure.

formatting link
You can supplement the NAT router with IPsec too that's on the XP O/S.

formatting link

Duane :)

Reply to
Duane Arnold

Thanks for the reply. Useful links.

Regarding the router, the manual says: "SPI Firewall Your Router is equipped with a firewall that will protect your network from a wide array of common hacker attacks including IP Spoofing, Land Attack, Ping of Death (PoD), Denial of Service (DoS), IP with zero length, Smurf Attack, TCP Null Scan, SYN flood, UDP flooding, Tear Drop Attack, ICMP defect, RIP defect, and fragment flooding."

I'm still wondering exactly what level of security I really need on top of this as a basic home PC user...? Another piece of hardware does seem excessive??

Reply to
Timbo

Thanks for the reply. I'm happy to pay the license fees, I was just checking it was necessary and whether there is a better solution than 2, later 3, lots of FW and AV fees, ie whether 3 PFW fees on top of the router FW are really necessary.

Reply to
Timbo

"Timbo" wrote in news:3tUce.22598$ snipped-for-privacy@text.news.blueyonder.co.uk:

That's marketing hype of a manufacture that is calling a NAT router a FW appliance. So you sit there reading all of that thinking it must be true it must a FW because I am told that's a FW. Again, that Belkin wireless NAT router running SPI is not a FW. It's a NAT router with FW like features but it doesn't have a FW in the traditional sense of being able to stop inbound or outbound by port, protocol, IP, or state. I doubt that it even has logging. It's good enough in protecting a home network and you're not doing high risk things like port forwarding on the router. On top of that, it's wireless that's even less secure.

If you want something that's running a true FW, then it's going to cost more than a NAT router for home usage.

It's going to be whatever you're comfortable in dealing with in your set- up.

I only have one piece of equipment and that's a FW appliance and it doesn't need to be supplemented. I use to be wireless when I had the Linksys BEFW11S4 router that was turned into a switch and plugged into the FW appliance before it finally died after being on 24/7 365 since

2001. As the 11S4 was being used as a router before I got the FW appliance, it had to be supplemented with a PFW with its annual fees, which helped protect the machines as attacks came through that NAT router like a hot knife through butter.

Hey, supplement the NAT router, harden the Windows NT O/S to attack, secure the wireless, and don't do high risk things or do something on the machine that could lead to a compromise with the happy fingers that click on unknown things and you'll be ok for the most part.

But the NAT router for home usage like a Belkin and others don't have a true FW in the traditional sense and are not FW applinaces.

Duane :)

Reply to
Duane Arnold

Thanks for the advice, Duane.

Reply to
Timbo

The basics require, for a firewall/secure environment, that you block all traffic in both directions that you don't want to permit. In the case of NAT routers, all outbound traffic is permitted by default, and anything that your network contacts outbound is permitted to talk back to the network devices that contacted it.

If you want to use a NAT router, and they make a good first layer for a home, you want one that provides the ability to block some outbound ports/ranges and most importantly that provides detailed LOGS for your monitoring in real-time and historically. The logs will tell you if you are compromised or have a rogue user.

There is a product called WallWatcher that is freeware (donation supported, and worth every penny) that works best with Linksys units, it provides all the details anyone would need if using a Linksys product. For non-linksys products the level of detail varies.

If you want to know what's happening on your internal network, but don't want to invest in PFW's for all computers, run it on ONE and then review the logs to see what the other machines are doing/contacting the PFW based computer - this can sometimes tell you if you have a compromised system.

You also need to get smart about what you do online - AV software is mandatory on any Windows based PC. FireFox is the best browser I've used to-date for security, same with non-MS email programs.

It goes on from here....

Reply to
Leythos

Thanks - very helpful.

Reply to
Timbo

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.