When I take my laptop to a wireless cafe, is it connecting to the internet directly through the wireless router or does the cafe computer have to have the firewall set up so that it doesn't interfere???
thanks
I'm not sure what you mean by "interfere," but you should assume that you'll be connected directly to the Internet and secure your machine accordingly. That means have a firewall of your own installed, or at the very least enable the built-in one your operating system provides, and make sure your anti-malware programs and security patches are up to date. Oh, and if you haven't already, turn *off* file and printer sharing on your wireless connection if you're running Windows.
A firewall can only protect you from intrusion, not interception or delivery of malware through "drive-by" website attacks or other nasties. Besides, even if the hotspot you're using has one, how do you know what it's configured to defend against? That's right-you *don't.* So just pretend it isn't there and take responsibility for your own protection. Security is a job you shouldn't outsource.
"marcy" hath wroth:
What are you trying to accomplish that the firewall might be a problem?
If you're trying to run a server, peer to peer file sharing, or Bitorrent application that requires port forwarding (or port triggering) to operate, forget it. You're not suppose to be doing that anyway at a coffee shop. Also, there's no way any sane coffee shop is going to be running a DMZ (wide open port forwarding) to a dynamic IP address that happens to be on the wireless LAN. That's just plain dumb and only works to a single IP address anyway.
The typical firewall is more like a brick wall. Your stuff can go out, but nothing can go in from the internet. The only exception are dumb wireless router vendors who still don't understand that UPnP should not be enabled by default. If your coffee shop has UPnP enabled, it will automatically punch holes in the firewall for your application. The most common example is MSN Messenger.
I think (not sure) that this application reports if UPnP is enabled.
I can't try it from here because it doesn't support W2K. Note that it takes about 10=15 minutes to run.
If you have a good connection to the Internet, then that's all you need to know. You need to know that, and know that you need to be running a personal firewall on your machine to protect it on a foreign network.
It actually is a office debate. One person started by saying that the wifi (at the local deli) would not have a firewall assoicated with it but that any computer that goes into the deli goes straight out to the world with no restrictions. Another person in the office disagreed. I got to thinking about that and was wondering if that were true.
Then I go to wondering if I could use my laptop as a client to my office computer as the host using PCAnyWhere. I would not do it at this deli because it is just around the corner from the office. But I am curious if it would work from any wifi cafe when I have to travel.
No, it's not going to work if a firewall solution or even a router using NAT is the gateway device to the Internet, because they are NOT going to port forward ports for your machine for something like PCAW, which must have certain ports opened/port forwarded for the commutations between machines using PCAW. And I don't think they would put your machine into the DMZ either.
"Mr. Arnold" hath wroth:
I beg to differ half way. You're absolutely correct about requiring port forwarding for a PC Anywhere *SERVER*. However, the PC Anywhere client will work just fine behind a firewall. My firewall on my home router doesn't have anything special setup for PC Anywhere. I'm not connected to a customers machine via PC Anywhere. No problems.
What's missing in the description is how PC Anywhere is configured at the office. If it's running on her desktop computer, then the office router must be configured to forward 5631/5632 as previously described. However, there's nothing required on the cafe router.
Thanks, handy article!!!
Thanks again Jeff. I just had the office setup with static IP and I will forward those ports (hopefully today if the static IP situation has been taken care of).
Well, I was not thinking about that part of it on the clinet side *only*. and you're correct.
But on the other hand, if I was admin in a wireless cafe, those ports would be blocked so that it couldn't happen from a client period. I wouldn't want someone sucking up bandwidth like that.
I had an opportunity to ask the cafe owner (as if I knew nothing) whether his firewall interfered with my connection to the internet. He assured me that it didn't and that he wouldn't want it to because he would not want me connected to his computer. He uses a computer for business purposes and he thinks that his computer is just like any other computer that comes to his cafe. So he says that when I use my laptop at his cafe, I am connected to the internet to do whatever I want and that his firewall has nothing to do with my connection.
That is what one of the people in the office was saying. The other person is still very convinced that the cafe owner's firewall controls not only the cafe computer but also all the other laptops that use the wifi.
Sheesh, now I am confused about that again. Is there a definitive answer to this???
"marcy" hath wroth:
It would be more definitive if you have obtained the maker and model of the cafe wireless router. I'll guess it's a fairly basic unit with nothing exotic like VLAN's.
As far as applications are concerned, the cafe owners desktop and your wireless connections are equivalent. Any ports that he can access, so can you. The only complication is if the router has a feature called "AP isolation". What that does is prevent wireless clients from seeing and attacking each other via wireless. It also cuts down on any wireless to wireless traffic. However, it does nothing for the wired connections, such as the cafe owners desktop. You can see his desktop via wireless whether "AP isolation" is on or off.
The firewall "controls" incoming and outgoing traffic. For most simple routers, which methinks includes this particular router, the wired and wireless connections are equivalent and handled identically (except for the "AP Isolation" setting). However, if the cafe router has a mess of complex features designed specifically to seperate the public and private parts of the network, using VLAN's or Zones, then they may be setup quite differently.
What is a FW? What does a FW do?
What is unsolicited traffic? It's any inbound traffic from a remote IP/Internet site that has not been solicited by a computer and its program running behind a FW or router, and that type of traffic is going to be blocked.
In the case of you and PCAW with you using client software behind a FW or router, that traffic is going to be let through back to the machine. However, with the PCAW server software running on a machine behind your company's FW or router, the inbound traffic to the company's FW or router is going to be blocked, because it was not solicited inbound traffic. In this case the FW or router must use port forwarding, so that your machine can send unsolicited inbound traffic for the initial contact.
Some routers, FW appliances and gateway computers for a network running a software FW (not to be confused with a personal firewall) can control traffic to and from the WAN (Wide Area Network)/Internet and LAN (Local Area Network)/network of computers behind the FW or router.
Now, you will probably know more than the cafe owner. :)
Thanks Jeff, I am printing out your answer so I can study it and know at least this much about wifi cafe's and connections.
I will try to find out the cafe wireless router when I stop by there on Monday. But the manager doesn't often have time to chat. And I am concerned about increasing his concerns because right now he is very carefree about letting people use his wifi. So I will let you know as soon as I find out....
Excellent info Mr. Arnold. Thank you very much. I am going to print all of this out including the link info so I can study it.
As soon as I have put in my diligent due process, I may have another dumb question. :-)
........................................................ (more...)
Hi Mr. Arnold, I was printing this out and noticed that you duplicated a link. Did you intend to do that? If there is another link I should study, I wanted to know.
Thanks again.
............
If I may very simply interpret these two statements, it would seem that, the cafe owner's pc's firewall DOES control traffic in and out of the cafe. That is the basis of ongoing "discussion" in my office.
Yes, all computers within the cafe are equal EXCEPT that the cafe firewall which is an application (MacAfee by the way - for what that is worth :-), on the cafe pc controls all traffic in and out of the cafe. That is a very big exception. And it would seem to me that it would put the cafe computer at a much larger risk of being hacked - not that I would ever mention it to the cafe manager.
So are my simple statements correct as far as they go??
"marcy" hath wroth:
No, they're not simple any more. McAfee sells a variety of products.
My guess(tm) is that he's talking about the firewall. That "controls" access to his PC and is perfectly adequate in protecting his machine against attack, if it is properly configured. The problem is that the firewall also has a "trusted zone", which if set to his entire local network (192.168.1.xxx) will include your wireless laptop. Without knowing how he has everything setup, what he's trying to accomplish in the way of security, and what he expects from you, I can't even begin to guess if he's safe.
Meanwhile, there's nothing on his computer (including McAfee Firewall) that in any way "controls" *YOUR* access to the internet. That's all internal inside the router configuration. He can do whatever he wants on his desktop, and it will not affect your use of his internet connection or affect the operation of PC Anywhere.
.................................
I guess I am still confused since the above statements seem to contradict each other. He has the standard McAfee Internet Security suite which includes a firewall.
What I understand from what you just said is that WHATEVER he has the "trusted Zone" set to in terms of security, includes my laptop. Let's just say for the sake of discussion, he has the trusted zone set to the medium level of security. In that case, I am restricted due to his firewall and I am behind his firewall trusted zone settings.
There are TWO firewalls in this puzzle. One firewall is in the owners computer. That's McAfee. It only protects his computer from attack by other users on his LAN or WLAN, which includes your laptop. There is nothing that he can do with this firewall that will in any way affect your use of his wireless or PC Anywhere.
The other firewall is inside the cafe wireless router. It does quite a bit of things (NAT, DHCP, Wireless, etc). This firewall can be configured to prevent you from using PC Anywhere. However, considering the apparent level of expertise involved in this setup, my guess is that it's running at the common defaults, which do NOT include anything that would prevent you from using PC Anywhere.
There may also be a third firewall involved in this puzzle. You have one on your unspecified laptop if you're running XP or Vista. It protects you against attack from other users on the LAN or WLAN. There are a few things you can to do mess up *INCOMING* connections for PC Anywhere, in the event you would want to remote control your laptop. However, the default configuration of the XP and Vista firewall does nothing to affect your *OUTGOING* use of PC Anywhere.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.