free firewalls?
 

Hi, I have just got a compaq ipaq with windows 2000 sp4 and it doesnt have a firewall so i'm looking for a free one that won't block my network. I have tried zone alarm but that blocked me accesing other computers on my network and i have looked around the net and can only find firewalls that have 30 day trials etc... could somebody please recomend a good fre one?
Thanks, Chris

There's nothing wrong with ZoneAlarm, but it treats everything as dangerous unless declared otherwise. You just have to add your network ip-range to the "Trusted" zone to get access. The same goes for programs - you have to allow network access, which I find quite usefull as you'll know the programs who as internet access. You'll be suprised how many programs you'll discover "phones home".

Give ZoneAlarm another try, but read the manual/help files.

All firewalls will require some amount of configuration. Generally, a good firewall will block virtually everything and you will need to make allowances for things you want to work. A bad firewall will be open by default and let you close things. This defeats the purpose of a firewall, as there are MANY things. As an IT Security professional I can assure you that the first way is the way it SHOULD be. Also note that software based firewalls do not protect you as well as even a cheap hardware based firewall. Just food for thought...

ummm, but that's what firewalls do.

The most important thing they do is stop access from one computer to the other. What you need to do is configure your computers to access each other. It doesn't take long, just time to understand how to open up what needs to be open, and closing up what needs to be closed. It is generally best that it starts out completely closed and then opening up what needs to be open, from applications and ports.

Personally, I'd rather go with a router/firewall since it doesn't inhibit the PC to PC traffic, nor does it take CPU cycles to monitor the network connection.

I have a d-link g604t wireless router, not sure if that has a firewall.
Chris

according to the DLINK website's manual for your unit, yes you have a firewall built into it. According to the table of contents of your manual it's on page 47.

If you cannot locate your manual, download it from dlink.com

so i don't need a software firewall on my pc then?
Chris

Not unless you want to be "double secure" or have a more complicated complex system. Some people choose to do so, I think it's folly because it just makes it that much more complicated to troubleshoot networking issues, and generates more CPU overhead on the PC for no reason.

If you're just going to be accessing the Internet through your own wireless router, then I would say no, you don't need a software firewall. However, if you'll be connecting to public wireless networks (like at a hotel or a cafe), then it would still be a good idea to have a software firewall like ZoneAlarm.

any router will act like a fire wall, it really is not, but the NAT (network address translation ) will accomplish the same thing, you only wan a personal firewall if you don’t trust the other computers on your internal network. My last roommate was technically challenged, so I run firewalls on my internal network devices, and I regularly bring client systems into my network so all my systems need to be protected.

Thanks for your help. I trust all the computers on my network so i think i should b just fine.

Thanks, Chris

I've fallen behind in networking technology, but an IT professional gave me a good, complete explanation of why NAT is not secure enough to block anything but the simplest attacks. True to my style, I promptly forgot the explanation, but I can try to figure out who it was who explained it and get a summary again.

If some one is actively attacking your system, you need a full blown firewall, but for everyday internet junk, NAT is sufficient

My understanding is (unless you have blocked it via a firewall setup) that requests from the internet are broadcast to all nat clients, assuming it was not initiated from one of the nat clients (in which case the nat router points it back to the original requestor). For that reason NAT is not really any protection at all.

Thanks for your help/advice,

I understand it now. But i have a problem with my router thar the adsl doesnt connect, but then it might cnnect for 1 second and then disconnect again, I think it might be bacasue we have had a few power cuts and thunder/lightning storms recently, i know that our old USB modem got fried in a lightning storm, do you think my router has gone aswell? but the thing is it still works sometimes like now.

Chris

There have been numerous incidents regarding weak NAT. Vulnerabilities from overflows, DoS, or just stupidity, implementations vary. Sometimes wildly from the classic idea of NAT. Keep your border code up to date. Be it Linksys, Linux or BSD they can all have issues. At least read the change histories and cert/securityfocus/etc for reports on your flavor. Secure is a moving target.

Don't think I've seen mention of the best feature of software firewalls. They're veeerry useful for keeping a handle on outgoing connections, what with all the "phone home" software shipping these days.

As for the intermittent connections, that could be a signal quality issue. Bad DSL "modem", skwerlz nesting in the wires, whatever. Could be something at the CO. Call the service center and ask them to check your connection. They should be able to tell you something about the drops. I'd start by unplugging all the other phones in the house. Ideally run a cord directly to the NID to eliminate household wiring. If it still has issues it's between your modem and the CO.

Zone alarm has worked well for me. However I agree it is probably overkill.

Ok, i have just ordered a new router now ( http://misco.co.uk/productinformatio...m%20Router.htm ) and a belkin UPS to stop it cutting out.

Chris

that will only work if you have ADSL and your ISP supports it, you wanted a router, not a router modem combo.

such as:
http://www.newegg.com/Product/Produc...82E16833124010

I do want a router, i dont get what your trying to say.
Chris

the device that you got is not a router, it is a ADLS modem router combo, it can not be used with any other networking device such as a cable modem or a seporate DSL modem.

but if you read earlier i had a d-link dsl-g604t.

oops, so you do. then why do you need a new one? both will protect you with NAT, your biggest concern should be securing the wifi with WPA.

http://osswin.sourceforge.net/

Look in the firewall section. It includes some basic software that protects your computer.

Okay, first of all, ZoneAlarm isn't overkill... it's more likley to be underkill, except for the aforementioned aspect that software firewalls can help prevent the phoning home issues with bots and various trojans.

As for NAT, NAT is NOT a security solution, nor was it ever intended to be. NAT is for putting many private IP addresses behind a single public IP address. This inherently offers SOME security against basic attacks, but it is NOT a security solution (just in case you missed it the first time). Most broadband routers, however, offer firewall features as well (or real routing features) such as access-control lists (ACLs), port mapping, DMZ access and logging. Those ARE security features. Also, if you are using a wireless router, be sure to:

a) disable SSID broadcast
b) Use at least 128-bit WEP (though it's still very weak to basic cracks) or WPA.
c) Change the admin username and password.
d) For home usage, use MAC filtering to allow only known computers to attach.
e) Use fixed DHCP to assign addresses. Combined with 'd' it's just an added layer of security to prevent people from using your internet illegally and/or browsing your internal network.

Also, regardless of hardware OR software firewalls, always keep your operating system patched and any application running as a service.

Lastly, in case it wasn't covered somewhere above, NAT does not broadcast outside to all inside. Actually, it should NEVER do that, since broadcast would fail to cross the bridge and multicast should be started inside.

Would you please take the time to explain why NAT is bad? I’ve spent a bit on Google and I can’t find any problems with it security wise. It stops the outside world from getting in unless the inside asked for it.


Disabling the SSID broadcast is worthless, it is still contained in every packet going to and from the access point, if some one wants to get your SSID, a little sniffing and they have it. Please make sure you change the SSID from the multiple networks with the same SSID.

WEP is technically worthless, however it’s better than nothing, it will stop the casual observer; however it is breakable in less than 10 minutes. Use WPA if you can.

xepherys is right on the money with changing the password. I lost count of the routers I’ve had to reset because the owner did not change the password and someone hijacked it.

Just with the SSID MAC filtering is worthless, a few seconds of sniffing, you can change your MAC to an acceptable MAC, its more hassle than its worth.

And don’t worry about the DHCP, as with most things mentioned; a few minutes of sniffing can let you make your own IP configurations.

Thanks for your help, i always change the default user and password and i will then allow only my computers mac adresses and it should be fine as nobody in the near distance of my house is any computer genius.

Chris

I have recieved my new router now and it workd fine but it is extremely hot (110oF top, 120oF bottom), should it be getting this hot, i know my old router got hot but it didnt get this hot. It is a Belkin F5D7630-4A/B.

Chris