free firewalls? - Tilted Forum Project Discussion Community

Chris H · 07-18-2006, 12:44 PM

Hi, I have just got a compaq ipaq with windows 2000 sp4 and it doesnt have a firewall so i'm looking for a free one that won't block my network. I have tried zone alarm but that blocked me accesing other computers on my network and i have looked around the net and can only find firewalls that have 30 day trials etc... could somebody please recomend a good fre one?
Thanks, Chris

freeload · 07-18-2006, 12:56 PM

There's nothing wrong with ZoneAlarm, but it treats everything as dangerous unless declared otherwise. You just have to add your network ip-range to the "Trusted" zone to get access. The same goes for programs - you have to allow network access, which I find quite usefull as you'll know the programs who as internet access. You'll be suprised how many programs you'll discover "phones home".

Give ZoneAlarm another try, but read the manual/help files.

xepherys · 07-18-2006, 01:01 PM

All firewalls will require some amount of configuration. Generally, a good firewall will block virtually everything and you will need to make allowances for things you want to work. A bad firewall will be open by default and let you close things. This defeats the purpose of a firewall, as there are MANY things. As an IT Security professional I can assure you that the first way is the way it SHOULD be. Also note that software based firewalls do not protect you as well as even a cheap hardware based firewall. Just food for thought...

Cynthetiq · 07-18-2006, 01:02 PM

Quote:

Originally Posted by Chris H

Hi, I have just got a compaq ipaq with windows 2000 sp4 and it doesnt have a firewall so i'm looking for a free one that won't block my network. I have tried zone alarm but that blocked me accesing other computers on my network

ummm, but that's what firewalls do.

The most important thing they do is stop access from one computer to the other. What you need to do is configure your computers to access each other. It doesn't take long, just time to understand how to open up what needs to be open, and closing up what needs to be closed. It is generally best that it starts out completely closed and then opening up what needs to be open, from applications and ports.

Personally, I'd rather go with a router/firewall since it doesn't inhibit the PC to PC traffic, nor does it take CPU cycles to monitor the network connection.

Chris H · 07-18-2006, 01:19 PM

I have a d-link g604t wireless router, not sure if that has a firewall.
Chris

Cynthetiq · 07-18-2006, 01:37 PM

according to the DLINK website's manual for your unit, yes you have a firewall built into it. According to the table of contents of your manual it's on page 47.

Quote:

Product Features:
• Combined Wireless Router and ADSL Modem Solution
• Wirelessly Connect to the Internet With 802.11g Technology
• Network Security with Integrated Firewall Features
• Up to 150x Faster Than Dial-Up Modems

If you cannot locate your manual, download it from dlink.com

Chris H · 07-18-2006, 11:02 PM

so i don't need a software firewall on my pc then?
Chris

Cynthetiq · 07-19-2006, 05:11 AM

Not unless you want to be "double secure" or have a more complicated complex system. Some people choose to do so, I think it's folly because it just makes it that much more complicated to troubleshoot networking issues, and generates more CPU overhead on the PC for no reason.

captobvious · 07-19-2006, 08:03 AM

Quote:

Originally Posted by Chris H

so i don't need a software firewall on my pc then?
Chris

If you're just going to be accessing the Internet through your own wireless router, then I would say no, you don't need a software firewall. However, if you'll be connecting to public wireless networks (like at a hotel or a cafe), then it would still be a good idea to have a software firewall like ZoneAlarm.

Dilbert1234567 · 07-19-2006, 08:54 AM

any router will act like a fire wall, it really is not, but the NAT (network address translation ) will accomplish the same thing, you only wan a personal firewall if you don’t trust the other computers on your internal network. My last roommate was technically challenged, so I run firewalls on my internal network devices, and I regularly bring client systems into my network so all my systems need to be protected.

Chris H · 07-19-2006, 09:02 AM

Thanks for your help. I trust all the computers on my network so i think i should b just fine.

Thanks, Chris

MSD · 07-20-2006, 02:17 PM

Quote:

Originally Posted by Dilbert1234567

any router will act like a fire wall, it really is not, but the NAT (network address translation ) will accomplish the same thing.

I've fallen behind in networking technology, but an IT professional gave me a good, complete explanation of why NAT is not secure enough to block anything but the simplest attacks. True to my style, I promptly forgot the explanation, but I can try to figure out who it was who explained it and get a summary again.

Dilbert1234567 · 07-21-2006, 03:01 AM

Quote:

Originally Posted by MrSelfDestruct

I've fallen behind in networking technology, but an IT professional gave me a good, complete explanation of why NAT is not secure enough to block anything but the simplest attacks. True to my style, I promptly forgot the explanation, but I can try to figure out who it was who explained it and get a summary again.

If some one is actively attacking your system, you need a full blown firewall, but for everyday internet junk, NAT is sufficient

spindles · 07-22-2006, 02:37 AM

Quote:

Originally Posted by MrSelfDestruct

I've fallen behind in networking technology, but an IT professional gave me a good, complete explanation of why NAT is not secure enough to block anything but the simplest attacks. True to my style, I promptly forgot the explanation, but I can try to figure out who it was who explained it and get a summary again.

My understanding is (unless you have blocked it via a firewall setup) that requests from the internet are broadcast to all nat clients, assuming it was not initiated from one of the nat clients (in which case the nat router points it back to the original requestor). For that reason NAT is not really any protection at all.

Dilbert1234567 · 07-22-2006, 09:13 AM

Quote:

As traffic passes from the local network to the Internet, the source address in each packet is translated on the fly from the private addresses to the public address(es). The router tracks basic data about each active connection (particularly the destination address and port). When a reply returns to the router, it uses the connection tracking data it stored during the outbound phase to determine where on the internal network to forward the reply

http://en.wikipedia.org/wiki/Network...ss_translation

Chris H · 07-22-2006, 12:23 PM

Thanks for your help/advice,

I understand it now. But i have a problem with my router thar the adsl doesnt connect, but then it might cnnect for 1 second and then disconnect again, I think it might be bacasue we have had a few power cuts and thunder/lightning storms recently, i know that our old USB modem got fried in a lightning storm, do you think my router has gone aswell? but the thing is it still works sometimes like now.

Chris

cyrnel · 07-22-2006, 04:32 PM

There have been numerous incidents regarding weak NAT. Vulnerabilities from overflows, DoS, or just stupidity, implementations vary. Sometimes wildly from the classic idea of NAT. Keep your border code up to date. Be it Linksys, Linux or BSD they can all have issues. At least read the change histories and cert/securityfocus/etc for reports on your flavor. Secure is a moving target.

Don't think I've seen mention of the best feature of software firewalls. They're veeerry useful for keeping a handle on outgoing connections, what with all the "phone home" software shipping these days.

As for the intermittent connections, that could be a signal quality issue. Bad DSL "modem", skwerlz nesting in the wires, whatever. Could be something at the CO. Call the service center and ask them to check your connection. They should be able to tell you something about the drops. I'd start by unplugging all the other phones in the house. Ideally run a cord directly to the NID to eliminate household wiring. If it still has issues it's between your modem and the CO.

newtx · 07-22-2006, 05:53 PM

Zone alarm has worked well for me. However I agree it is probably overkill.

Chris H · 07-23-2006, 10:09 AM

Ok, i have just ordered a new router now ( http://misco.co.uk/productinformatio...m%20Router.htm ) and a belkin UPS to stop it cutting out.

Chris

Dilbert1234567 · 07-23-2006, 11:11 AM

that will only work if you have ADSL and your ISP supports it, you wanted a router, not a router modem combo.

such as:
http://www.newegg.com/Product/Produc...82E16833124010

Chris H · 07-23-2006, 12:22 PM

I do want a router, i dont get what your trying to say.
Chris

Dilbert1234567 · 07-23-2006, 12:50 PM

the device that you got is not a router, it is a ADLS modem router combo, it can not be used with any other networking device such as a cable modem or a seporate DSL modem.

Chris H · 07-23-2006, 12:52 PM

but if you read earlier i had a d-link dsl-g604t.

Dilbert1234567 · 07-23-2006, 02:36 PM

oops, so you do. then why do you need a new one? both will protect you with NAT, your biggest concern should be securing the wifi with WPA.

trache · 07-23-2006, 05:56 PM

http://osswin.sourceforge.net/

Look in the firewall section. It includes some basic software that protects your computer.

xepherys · 07-23-2006, 07:19 PM

Okay, first of all, ZoneAlarm isn't overkill... it's more likley to be underkill, except for the aforementioned aspect that software firewalls can help prevent the phoning home issues with bots and various trojans.

As for NAT, NAT is NOT a security solution, nor was it ever intended to be. NAT is for putting many private IP addresses behind a single public IP address. This inherently offers SOME security against basic attacks, but it is NOT a security solution (just in case you missed it the first time). Most broadband routers, however, offer firewall features as well (or real routing features) such as access-control lists (ACLs), port mapping, DMZ access and logging. Those ARE security features. Also, if you are using a wireless router, be sure to:

a) disable SSID broadcast
b) Use at least 128-bit WEP (though it's still very weak to basic cracks) or WPA.
c) Change the admin username and password.
d) For home usage, use MAC filtering to allow only known computers to attach.
e) Use fixed DHCP to assign addresses. Combined with 'd' it's just an added layer of security to prevent people from using your internet illegally and/or browsing your internal network.

Also, regardless of hardware OR software firewalls, always keep your operating system patched and any application running as a service.

Lastly, in case it wasn't covered somewhere above, NAT does not broadcast outside to all inside. Actually, it should NEVER do that, since broadcast would fail to cross the bridge and multicast should be started inside.

Dilbert1234567 · 07-23-2006, 09:32 PM

Quote: