how can i use a firewall on a network?
- Thread starter NJ
- Start date
I can understand your lack of faith, but SP2 is actually fairly decent as a firewall.
Zonealarm can complicate things, but if you are insisting on having it, I would suggest you disable it, get the network to work, enable it. Then zonelabs will pick up the changes and configure itself appropriately, choosing between a trusted zone or an internet zone for this network.
Zonealarm can complicate things, but if you are insisting on having it, I would suggest you disable it, get the network to work, enable it. Then zonelabs will pick up the changes and configure itself appropriately, choosing between a trusted zone or an internet zone for this network.
Big B
HWF Godfather
Now, that's if you want to stick with a software firewall. In the long run, getting a hardware firewall will make sharing the internet a lot easier...assuming you're on DSL or Cable. Most routers out there have a firewall built in to them and several RJ-45 jacks on them. For a network at home, this would make things less complicated.
Anti-Trend
Nonconformist Geek
I agree wholeheartedly with Big B about the hardware router. They're better in every way than Microsoft's ICS (Internet Connection Sharing). More secure, more reliable, and easier to manage. However, it's admittedly not up to us whether you use ICS or not, so I'll do my best to help you while sticking to your own guidlines. DISCLAIMER: Let it be known though that ICS is no reasonable substitute for a dedicated router. With ICS, the system which is acting as the first line of defence for other systems is just as vulnerable as the ones it's pretecting. If that machine falls, the others will shortly after. In addition, ICS gateways mangle traffic in such a way that will adversely effect certain applications and protocalls. That being said, I'll explain how to have a decent firewall which will accomodate ICS.
You're right that Windows XP's built-in firewall is weak. I've confirmed this myself numerous times, but I won't get into that presently. ZoneAlarm is not intended to be used on a ICS gateway, and so will block most legitimate traffic and mangle what it doesn't block. You'll need a rule-based firewall, such as Kerio Personal Firewall. KPF is free for personal use, and it has a great interface. It's one of the most intuitive and powerful firewall applications I've used. Don't be mislead though, a dedicated firewall appliance is always the best solution. But this will give you the flexibility to do what you're trying to do. The big caveat is that KPF, like any rule-based firewall, is only as strong as the rules you write. If you don't have a good grasp on networking, the effective security of your network will reflect that. Another big downside is that your router in this case is still a Windows PC, which can be compromised in a relatively trivial manor, even when security is a high priority. This is further compounded if you are using the same system to do normal tasks which expose the system to further risk, such as web browsing, file sharing, P2P, messaging, etc.
Best of luck,
-AT
You're right that Windows XP's built-in firewall is weak. I've confirmed this myself numerous times, but I won't get into that presently. ZoneAlarm is not intended to be used on a ICS gateway, and so will block most legitimate traffic and mangle what it doesn't block. You'll need a rule-based firewall, such as Kerio Personal Firewall. KPF is free for personal use, and it has a great interface. It's one of the most intuitive and powerful firewall applications I've used. Don't be mislead though, a dedicated firewall appliance is always the best solution. But this will give you the flexibility to do what you're trying to do. The big caveat is that KPF, like any rule-based firewall, is only as strong as the rules you write. If you don't have a good grasp on networking, the effective security of your network will reflect that. Another big downside is that your router in this case is still a Windows PC, which can be compromised in a relatively trivial manor, even when security is a high priority. This is further compounded if you are using the same system to do normal tasks which expose the system to further risk, such as web browsing, file sharing, P2P, messaging, etc.
Best of luck,
-AT