Firewall and Router

Topic

New Reply

I am running a linksys WRT54G wireless network at home with a DSL connection. I have 2 questions for the experts here.
1) How important is it to update the firmware etc. on the router? Is this like keeping your other important software up to date or not?
2) I of course have the built in firewall of the router running , do I also need a software firewall on each computer, and if yes, are there any specific issues I should be aware of?
Thanks

Reply | Quote

Replies

Zave,
In my opinion, firmware upgrades are much like bios upgrades on a PC. If you are encountering specific probelms that a firmware upgrade will solve, then upgrading is probably a good idea. If not, then “If it ain’t broke, don’t fix it”.

As for software firewalls – YES! YES! YES! Your router only gives you incoming protection, not outgoing. I am personally using the Sygate Personal Firewall (free for home use). It is very simple to use. Zone Alarm has had many many problems lately, and many long time ZA users are jumping ship. One thing with any software firewall however. Know the address of your router and allow communications with this address. To find the router address if you don’t know it – Start, Run and type “cmd” (without the quotes) and click on OK. At the command prompt, type in “ipconfig /all” (again without the quotes). The router address will appear in the DHCP Server line.

Hope this helps.

Reply | Quote

where do you allow the communication in the firewall?
Thanks

Reply | Quote

When you first start using the firewall, pop ups will appear when something on your machine tries to access the outside world or when something from the outside wants to access your machine. Examples: Do you want to allow 192.168.1.1. to access your computer? . I know that is my router’s address so I answer Yes. Do you want to allow Internet Explorer to access the internet? . Do you want to allow Windows Update to access your computer? You will get these questions each time an unrecognized process tries to communicate. When you respond, you will be given the choice of Yes or No and Remember my Answer. The first day or so, you will get quite a number of these questions until the software “learns” your preferences. After this initial period, only new and unrecognized attempts to communicate will trigger these questions. It’s really quite simple and YOU are in complete control of what communicates with your system.

Also essential is Anti Virus software with up to date virus definitions and Spyware detection and blocking software ( Ad-Aware , Spybot , Spyware Blaster ), etc.

Reply | Quote

When you first start using the firewall, pop ups will appear when something on your machine tries to access the outside world or when something from the outside wants to access your machine. Examples: Do you want to allow 192.168.1.1. to access your computer? . I know that is my router’s address so I answer Yes. Do you want to allow Internet Explorer to access the internet? . Do you want to allow Windows Update to access your computer? You will get these questions each time an unrecognized process tries to communicate. When you respond, you will be given the choice of Yes or No and Remember my Answer. The first day or so, you will get quite a number of these questions until the software “learns” your preferences. After this initial period, only new and unrecognized attempts to communicate will trigger these questions. It’s really quite simple and YOU are in complete control of what communicates with your system.

Also essential is Anti Virus software with up to date virus definitions and Spyware detection and blocking software ( Ad-Aware , Spybot , Spyware Blaster ), etc.

Reply | Quote

where do you allow the communication in the firewall?
Thanks

Reply | Quote

Zave,
In my opinion, firmware upgrades are much like bios upgrades on a PC. If you are encountering specific probelms that a firmware upgrade will solve, then upgrading is probably a good idea. If not, then “If it ain’t broke, don’t fix it”.

As for software firewalls – YES! YES! YES! Your router only gives you incoming protection, not outgoing. I am personally using the Sygate Personal Firewall (free for home use). It is very simple to use. Zone Alarm has had many many problems lately, and many long time ZA users are jumping ship. One thing with any software firewall however. Know the address of your router and allow communications with this address. To find the router address if you don’t know it – Start, Run and type “cmd” (without the quotes) and click on OK. At the command prompt, type in “ipconfig /all” (again without the quotes). The router address will appear in the DHCP Server line.

Hope this helps.

Reply | Quote

I have a different (cheaper) Netgear wireless router. Although there is one new firmware upgrade available, the thing it adds is totally inconsequential to me, particularly compared with the risk that after I re-input all the settings, the network might not work (and several people who have input long, unintelligible WEP keys into their computers will be unhappy with me if they have to enter new ones). So I am skipping that particular update.

With respect to software firewalls, there are several free ones which are considered good. These include ZoneAlarm (which has had compatibility problems with Norton products), Sygate, and Outpost. Reviewers have praised Norton Personal Firewall, particularly for ease of use, but if you are comfortable with free software, you probably will find the aforementioned products equally effective and in some ways more powerful.

Reply | Quote

I have a different (cheaper) Netgear wireless router. Although there is one new firmware upgrade available, the thing it adds is totally inconsequential to me, particularly compared with the risk that after I re-input all the settings, the network might not work (and several people who have input long, unintelligible WEP keys into their computers will be unhappy with me if they have to enter new ones). So I am skipping that particular update.

With respect to software firewalls, there are several free ones which are considered good. These include ZoneAlarm (which has had compatibility problems with Norton products), Sygate, and Outpost. Reviewers have praised Norton Personal Firewall, particularly for ease of use, but if you are comfortable with free software, you probably will find the aforementioned products equally effective and in some ways more powerful.

Reply | Quote

I would keep a reasonably close eye on your firewall firmware.

In the case of WRT54G, I do beleve they just recently released an update that fixed a security hole that allowed the management interface to be opened from the internet side, even if that feature had been turned off ! So, I would try to keep it up to date.

At our office we run a Watchguard Firebox III as our firewall between the LAN and the Internet, and do notcurrently run firewalls on the machines themselves. However, the FB’s are full-featured dedicated business class boxen. I have a WRT54G at home, but I haven’t installed it yet, but I understand it to be a more limited SOHO class sort of device. You might want the additional protection of something running on the workstations that will tell you “I’m blocking X – here’s why”. Might want to wait until XP SP2’s firewall gets done and see if that will work for you.

In a general sense, a “defense-in depth ” strategy seems to be the best idea for PC protection. If you have several layers or anti-mal/firewall functions (each from a different vendor), then you will be better protected.

Jim

Reply | Quote

Is the XP SP2 firewall bi-directional?
edited to add: As well, why would one want to wait for the MS firewall (which is still several months away), when there are good free products available now? These can always be uninstalled at a later date if something better comes along. In my opinion, it is imperative to protect NOW, not several months down the road.

Reply | Quote

John,
XP SP-2 firewall is NOT bi-directional. The only reason to run the MS firewall is if you don’t know any better. It is reasonably good at managing inbound and better than nothing. XP SP-2 is probably less than a month away now. Last word I saw was it was supposed to RTM this week with a web release mid-August.

Joe

--Joe

Reply | Quote

Thanks Joe. That’s exactly my point. Incoming can be handled by the router (or the XP firewall), but outgoing requires a bi-directional firewall. That’s what I was trying to point out to Zave and Jim.

Reply | Quote

And you did a good job of it! (for what that’s worth!)

Reply | Quote

Thanks Al. Positive feedback is always welcome!

Reply | Quote

Thanks John.
BTW I ran Sygate’s online security tests, and they were the same with and without the firewall operating. But, the purpose of the extra software firewall is what goes out, not in.

Reply | Quote

Go to the Gibson Reseach site and run the leak test as well.

Reply | Quote

Now I see the difference. Thanks Charlotte

Reply | Quote

Now I see the difference. Thanks Charlotte

Reply | Quote

I understand the differences in theory between software/hardware firewalls (incoming protection vs. bidirecdtional), but what I can’t figure out is how to USE the software firewall with respect to outgoing info. I’ve used Norton Pers. Firewall for a long time, but every time I get a message “Program X is trying to access the internet,” it never seems to give me enough information for me to determine whether this access attempt is something legitimate, or something evil. The Norton “help” (ha!) files are pretty uninformative, and I’ve just never seen a document that tells me more than “you should be nervous” when you get a report of attempted outgoing access. Any suggestions for futrher reading, or an easy rule of thumb?

Reply | Quote

Don’t know about Norton, but Sygate (Personal Firewall) allows viewing the traffic logs. By selecting any entry, you can “backtrace” the entry and then perform a “whois” to see exactly where the request is coming from or going to. Norton may have a similar feature.

Reply | Quote

Don’t know about Norton, but Sygate (Personal Firewall) allows viewing the traffic logs. By selecting any entry, you can “backtrace” the entry and then perform a “whois” to see exactly where the request is coming from or going to. Norton may have a similar feature.

Reply | Quote

In addition to what John said, I imagine that most of us “know” the software we have installed that is likely to need access to the internet and proceed accordingly. For example, my AV program performs updates semi-automatically, my clock synch program checks the time for me, Mailwasher checks my mail server every 10 minutes, and so on. Yes, there is always the possibility that one of these “trusted” programs gets hijacked, but those chances are slim. The ones you’ve got to watch out for are the “names” that might jump up that you’ve NEVER heard of. In addition, a lot of the questions you see flying around are about WINDOWS programs or DLLs that are trying to contact the internet and the user doesn’t know why. That kinda stuff might take a little detective work.

Reply | Quote

In addition to what John said, I imagine that most of us “know” the software we have installed that is likely to need access to the internet and proceed accordingly. For example, my AV program performs updates semi-automatically, my clock synch program checks the time for me, Mailwasher checks my mail server every 10 minutes, and so on. Yes, there is always the possibility that one of these “trusted” programs gets hijacked, but those chances are slim. The ones you’ve got to watch out for are the “names” that might jump up that you’ve NEVER heard of. In addition, a lot of the questions you see flying around are about WINDOWS programs or DLLs that are trying to contact the internet and the user doesn’t know why. That kinda stuff might take a little detective work.

Reply | Quote

If the program is one that you recognize as having a good reason to access the network, it usually is okay. The feature is designed to catch the ones that you don’t recognize or which might be masquerading as part of Windows. More sophisticated firewalls also will tell you when program files have changed since you last approved them. As with the feature you described, unless you remember updating those files, it’s difficult to know for sure whether you should permit the access. Usually, saying “No” is a good diagnostic. If nothing bad seems to happen, the network access may have been unnecessary.

Reply | Quote

But you also have to pay attention to the IP address the program is trying to reach. Sometimes it’s merely talking to your own machine.

Reply | Quote

But you also have to pay attention to the IP address the program is trying to reach. Sometimes it’s merely talking to your own machine.

Reply | Quote

If the program is one that you recognize as having a good reason to access the network, it usually is okay. The feature is designed to catch the ones that you don’t recognize or which might be masquerading as part of Windows. More sophisticated firewalls also will tell you when program files have changed since you last approved them. As with the feature you described, unless you remember updating those files, it’s difficult to know for sure whether you should permit the access. Usually, saying “No” is a good diagnostic. If nothing bad seems to happen, the network access may have been unnecessary.

Reply | Quote

I understand the differences in theory between software/hardware firewalls (incoming protection vs. bidirecdtional), but what I can’t figure out is how to USE the software firewall with respect to outgoing info. I’ve used Norton Pers. Firewall for a long time, but every time I get a message “Program X is trying to access the internet,” it never seems to give me enough information for me to determine whether this access attempt is something legitimate, or something evil. The Norton “help” (ha!) files are pretty uninformative, and I’ve just never seen a document that tells me more than “you should be nervous” when you get a report of attempted outgoing access. Any suggestions for futrher reading, or an easy rule of thumb?

Reply | Quote

Go to the Gibson Reseach site and run the leak test as well.

Reply | Quote

You may be missing the point. The purpose of a software firewall is to analyze and protect both inbound and outbound traffic. When you are run a hardware firewall the software inbound checking provides another layer of protection. Multi-layer proctection is better as there is nothing fool proof with hardware or software firewalls.

Joe

--Joe

Reply | Quote

I understand that adding a layer helps. The question is always at what expense. I appreciate the insight, since this is new as I just added a DSL line and a wireless home network.

Reply | Quote

There are several very good free personal firewalls. You can do a search of the lounge for threads and comments.

Joe

--Joe

Reply | Quote

By expense I did not mean monetary, but running one more program on my computer, and dealing with its idiosyncrasies etc.

Reply | Quote

By expense I did not mean monetary, but running one more program on my computer, and dealing with its idiosyncrasies etc.

Reply | Quote

BTW, I thought I noticed a change in your status during this thread. Congrats!

Reply | Quote

Thanks. Running a firewall will probably not be noticed once you get it trained.

Joe

--Joe

Reply | Quote

Thanks. Running a firewall will probably not be noticed once you get it trained.

Joe

--Joe

Reply | Quote

BTW, I thought I noticed a change in your status during this thread. Congrats!

Reply | Quote

There are several very good free personal firewalls. You can do a search of the lounge for threads and comments.

Joe

--Joe

Reply | Quote

I understand that adding a layer helps. The question is always at what expense. I appreciate the insight, since this is new as I just added a DSL line and a wireless home network.

Reply | Quote

You may be missing the point. The purpose of a software firewall is to analyze and protect both inbound and outbound traffic. When you are run a hardware firewall the software inbound checking provides another layer of protection. Multi-layer proctection is better as there is nothing fool proof with hardware or software firewalls.

Joe

--Joe

Reply | Quote

Thanks John.
BTW I ran Sygate’s online security tests, and they were the same with and without the firewall operating. But, the purpose of the extra software firewall is what goes out, not in.

Reply | Quote

Thanks Al. Positive feedback is always welcome!

Reply | Quote

And you did a good job of it! (for what that’s worth!)

Reply | Quote

Thanks Joe. That’s exactly my point. Incoming can be handled by the router (or the XP firewall), but outgoing requires a bi-directional firewall. That’s what I was trying to point out to Zave and Jim.

Reply | Quote

John,
XP SP-2 firewall is NOT bi-directional. The only reason to run the MS firewall is if you don’t know any better. It is reasonably good at managing inbound and better than nothing. XP SP-2 is probably less than a month away now. Last word I saw was it was supposed to RTM this week with a web release mid-August.

Joe

--Joe

Reply | Quote

Is the XP SP2 firewall bi-directional?
edited to add: As well, why would one want to wait for the MS firewall (which is still several months away), when there are good free products available now? These can always be uninstalled at a later date if something better comes along. In my opinion, it is imperative to protect NOW, not several months down the road.

Reply | Quote

I would keep a reasonably close eye on your firewall firmware.

In the case of WRT54G, I do beleve they just recently released an update that fixed a security hole that allowed the management interface to be opened from the internet side, even if that feature had been turned off ! So, I would try to keep it up to date.

At our office we run a Watchguard Firebox III as our firewall between the LAN and the Internet, and do notcurrently run firewalls on the machines themselves. However, the FB’s are full-featured dedicated business class boxen. I have a WRT54G at home, but I haven’t installed it yet, but I understand it to be a more limited SOHO class sort of device. You might want the additional protection of something running on the workstations that will tell you “I’m blocking X – here’s why”. Might want to wait until XP SP2’s firewall gets done and see if that will work for you.

In a general sense, a “defense-in depth ” strategy seems to be the best idea for PC protection. If you have several layers or anti-mal/firewall functions (each from a different vendor), then you will be better protected.

Jim

Reply | Quote