Armed Polite Society
Main Forums => The Roundtable => Topic started by: Perd Hapley on April 11, 2009, 12:54:31 PM
-
Zone Alarm won't install on my Win 2000 computer, but I don't know how it is better than the Windows firewall, anyway. Well, except that it's not Microsoft. =)
Why is Zone Alarm so super? I might use it on other machines.
-
Personally, I'm a former ZoneAlarm user. It's got bloated and interfered with other programs I had. One time on my laptop it locked me out of the Internet completely, and I don't remember the exact fix, but it was a pain in the ass that required booting in Safe Mode. Though a bit expensive compared to others, I've been using Kaspersky (firewall and anti-virus), which has a pretty small footprint and requires minimal interaction.
If you're on a budget, the Windows firewall should do you pretty well as long as it's coupled with good hardware firewall protection via your router. You might want to test your basic protection via Shields Up at: https://www.grc.com/x/ne.dll?bh0bkyd2
-
http://www.sunbeltsoftware.com/home-home-office/sunbelt-personal-firewall/ (http://www.sunbeltsoftware.com/home-home-office/sunbelt-personal-firewall/)
-
I used to use ZoneAlarm, but it started causing too many...issues, so I went to Comodo (http://personalfirewall.comodo.com/) instead. It seems to work fairly well.
-
My Mother got disgusted with it, as well, and quit using it.
-
I gave up on ZA for the same reasons Ben did.
-
Comodo's firewall is amazing and free. That said, the vast majority of users, especially those behind a router, just don't need one. I ditched Comodo a year or so ago, haven't missed it.
-
Router?
I don't know what that is, but I hope I have one. :laugh:
-
Router?
I don't know what that is, but I hope I have one. :laugh:
Sorry, it ain't the wood carving thing.
Routers (http://www.newegg.com/Product/ProductList.aspx?Submit=ENE&DEPA=0&Order=BESTMATCH&Description=Router/)
-
That said, the vast majority of users, especially those behind a router, just don't need one.
True enough. These days it never hurts to be a little paranoid, but I too no longer use a software firewall on my desktop, only on my laptops.
-
Well, I'm running a NAT firewall and AVG on my boxes here at home. ShieldsUp says that my computer is essentially invisible to the rest of the world.
GRC Port Authority Report created on UTC: 2009-04-13 at 17:19:43
Results from scan of ports: 0-1055
0 Ports Open
0 Ports Closed
1056 Ports Stealth
---------------------
1056 Ports Tested
ALL PORTS tested were found to be: STEALTH.
TruStealth: PASSED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.
So unless I do something remarkably stupid like get a file with a nasty payload in it, I should be relatively ok...
-
Well, I'm running a NAT firewall and AVG on my boxes here at home. ShieldsUp says that my computer is essentially invisible to the rest of the world.
So unless I do something remarkably stupid like get a file with a nasty payload in it, I should be relatively ok...
Same here. Behind NAT the only real way in is through a user.
-
NAT?
-
Network Address Translation.
Your ISP gives you one public IP address. It is assigned to your router. Your router has a pool of IPs it uses to assign to devices in your home (PC, wireless printer, game system, etc). NAT is what binds the two sets of IPs together. In this case, it's a one-to-many assignment. Yes, you can have one-to-one and other flavors, but most, if not all, home users are on a one-to-many NAT configuration.
The purpose is to conserve publicly routable IPs, but it also adds a layer of security.
Chris
-
So..... it's the built in router firewall then?
-
Yes. If you have a broadband connection at home and your PC's IP is something like 192.168.x.x or 10.x.x.x, you're taking advantage of NAT (because those two networks aren't routable on the public internet).
Chris
-
The reason it adds to security is because the bad guys don't have a direct route to your PC. Sure, they can get to the router's public IP, but unless you've configured it to allow traffic inbound (port forwarding for example), there's no way to get there. The bad guy can't point directly to your private network IP since traffic to/from such IPs isn't routable.
Chris
-
NAT would not apply to a single device connected to a DSL, modem, correct? So if I put a second computer in the living room, and connect both computers to a router, I would be adding a layer of security?
-
Depends on the modem. Some modems perform a sort of bridging that in effect assigns that public IP directly to your computer.
Adding a router in between the modem and your computers will add NATing.
It gets kind of confusing because back in the day, you only got a "modem" with your broadband connection and had to get your own router. Nowadays, ISPs are supplying "all in one" devices that act as modem and router. My first broadband account was the former, my current one is the latter.
Chris
-
Thanks.
-
And when you have a hardware firewall with NAT, be damned careful with port forwarding and DMZ settings.
UPnP is considered a security leak in that respect, too.
IOW, a hardware firewall is only as good as you make it.
Without trying too hard, you can actually make large holes in it from your side, and that's something you really don't want to do.
-
Sooooo, port forwarding and DMZ are things you hav e to go out the way to deliberately set up, right? Not the sort of thing you'd just accidentally do?
-
Yes and no.
Some games, particularly when doing the online thing, will attempt to set up port forwarding.
Others will request you set certain ports open for best game throughput. WarCrack and Ventrilo do that.
My Vonage VOIP here at home requires some ports be forwarded through the router to function properly.
BitTorrent will do it automatically, using UPnP to trigger open ports through the hardware firewall.
I've seen some software, and the Windows 7 operating system I've been using, open up a port for Teredo/IPv6.
I'm sure there are others, but you have to keep your wits about you.
Port forwarding isn't bad in itself, as long as you know what's going where and what's coming/going through.
Leave DMZ settings completely alone. Don't turn it on at all.
I know it's an easy way to get downloads quickly and maximize bandwidth, but DMZ is a huge freeway from the WWW right to the tagged computer - sans no firewall protection.
-
Hmmm, so how can I determine if port forwarding is enabled, and how can I turn it off?
-
Which router model do you have?
You'll need to go into the settings to view them.
There's usually a URL you enter in a browser to see the router's settings.
-
The URL will look something like 192.564.8.3. Mine's on the bottom of the modem.
-
Which router model do you have?
You'll need to go into the settings to view them.
There's usually a URL you enter in a browser to see the router's settings.
Linksys ...54 I think? I remember entering a url for it to set it up. I'll check it out tonight.
-
Linksys router IP is defaulted to 192.168.1.1 Then there is a login. It IS strongly recommended that the password be changed to something other than "admin" or an enter key (blank).
-
Yup.
There's been a lot of discussion about hacked routers accessed through default passwords.
Some have even done it accidentally, thinking they were accessing their own:
http://www.shandyking.com/2007/02/18/hijack-hacked-linksys-wireless-router/
-
I use ZA, and it keeps telling me it's blocking internet access from 192.168.1.119. Googling tells me nothing. I looked up my router's default IP, and I'm logged into it. Ummm, now what?
-
I've been using the free version of Zone Alarm with no issues on my XP box here for nearly a year.
On occasion it blocks something I want to see so I just hit allow.
Not being prone to going into high risk sites it works well for me, at least so far...
-
I use ZA, and it keeps telling me it's blocking internet access from 192.168.1.119. Googling tells me nothing. I looked up my router's default IP, and I'm logged into it. Ummm, now what?
That call is coming from inside the house! Get out now!
192.168.x.x is ON your private network.
-
That call is coming from inside the house! Get out now!
192.168.x.x is ON your private network.
Yeah, that's what I thought. Isn't that fairly normal, that it would appear that way?
In any case, what do I do about it?
-
Yup.
There's been a lot of discussion about hacked routers accessed through default passwords.
Some have even done it accidentally, thinking they were accessing their own:
http://www.shandyking.com/2007/02/18/hijack-hacked-linksys-wireless-router/
Just rename your SSID to "FBI_Inn0cent_Im@ges_H0neyP0t and don't bother with all that pesty security and whatnot.
-
Yeah, that's what I thought. Isn't that fairly normal, that it would appear that way?
In any case, what do I do about it?
Find the computer that has that address, shut it down?
-
Find the computer that has that address, shut it down?
Well, we only have two computers, and only one was powered on at the time.....
-
Is this a cable or FIOS system? I don't know about cable, but I know FIOS TV DVRs and set top boxes are assigned IP addreses from your FIOS home network. You might be seeing them. I had to turn down iptables logging on my server because my FIOS gear is chatty.
Chris
-
Is this a cable or FIOS system? I don't know about cable, but I know FIOS TV DVRs and set top boxes are assigned IP addreses from your FIOS home network. You might be seeing them. I had to turn down iptables logging on my server because my FIOS gear is chatty.
Chris
You lost me after the "Is it cable" part. =D It is cable, btw. I was just wondering how to check to make sure that port forwarding/dmz stuff ya'll were talking about were off.
-
I don't know much about cable internet, but FIOS (Verizon fiber optic to the home for TV, Telephone, and Internet) assigns IP addresses to FIOS devices that aren't normally part of a home network (digital video recorders, tivo is an example, and set top boxes, similar to cable boxes).
What I'm getting at is that you might have other devices on your network with IP addresses. Devices, that aren't considered networkable by you, but are still part of your network. I was kind of surprised to see the IP config info in the configuration panel of my DVR and set top box. I was even more surprised to see how effing chatty they were.
Chris
-
Hmmm. Well, on this system we have: desktop, laptop (usually hooked up to cat5), and the tv. Is my tv trying to hack my compie?!?! :lol:
-
Do you have a "set top box" or cable box for your TV? If so, it may have an IP address. Such devices do with Verizon FIOS service. In my case, with FIOS, the DVR and set top box were chatty, sending out tons of broadcast messages (networking broadcasts, not television broadcasts).
Who's your ISP?
Chris
-
Comcast. I think we just have a modem, that splits one way to a little cable thingy on top of the tv and the other to the router.
I guess what I'm wondering is if it's a danger, and how I can tell.
-
The "little cable thingy" on top of the TV is what I'm referring to as a "set top box". Dunno about Comcast, but in FIOS, that little box gets its on IP address and likes to talk to the network. It might be that box and that chatter that is so worrying to ZoneAlarm. Or, it might be something else. Who knows. What does ZA say about the traffic? What protocol, etc?
Chris
-
I'll have to check when I get home. I'll post a screenshot.
-
Hmmm. Well, on this system we have: desktop, laptop (usually hooked up to cat5), and the tv. Is my tv trying to hack my compie?!?! :lol:
He has two computers on his network.
*hint* It's the other computer.
-
He has two computers on his network.
*hint* It's the other computer.
It's doing it with the power off? Impressive.
-
It's doing it with the power off? Impressive.
Is your wifi secured?
-
Is your wifi secured?
To the best of my ability. Iirc I turned the ssid off and changed the passowrd when I hooked it up. But I'm a newb, so I could've left something open and not realized. :(
-
It's doing it with the power off? Impressive.
Skynet is watching you. Better get your phased-plasma rifle and slag the thing now. =D
-
Skynet is watching you. Better get your phased-plasma rifle and slag the thing now. =D
Stupid gunshop was all sold out of the 40-watt models.
-
Turned off or physically unplugged from the power?
Most PCs these days keep their ethernet connections alive through a standby feed from the power supply, even when the machines are "turned off". (They're not really turned off, but drawing even less than Standby Mode)
It keeps their IP addresses assigned for DHCP, enables Wake-On-Lan, etc.
-
Turned off or physically unplugged from the power?
Most PCs these days keep their ethernet connections alive through a standby feed from the power supply, even when the machines are "turned off". (They're not really turned off, but drawing even less than Standby Mode)
It keeps their IP addresses assigned for DHCP, enables Wake-On-Lan, etc.
Powered off but plugged in. It's a laptop if that makes a difference.
-
Check the ip addresses on both computers, if it doesn't match, you have someone on your wifi.
You said you changed the password, but is that the admin password or the "just get connected" password?
-
Are you using any type of security other than just changing the SSID or disabling SSID broadcast? How about a MAC ID filter? Did you enable WPA or WPA2 security?
Is your head spinning yet? :angel:
-
Methinks he may have a camper sitting on his WiFi, too.
-
Unless said camper is trying to access his computer, ZA wouldn't care. That's why it would be helpful to know what sort of access ZA is blocking.
Chris
-
That depends on what ZA deems to be "access", which depends on how helpful ZA want to appear to be.
Does ZA alert on all the odd networky things that windows does, like announce file shares or poll on who has file shares setup?
-
Back when I was using ZA, which was a few years ago, it would alert on everything Windows did until you hit "accept" on each thing. It was pretty dumb and you basically had to train it. I don't know if it's any better about that.
FWIW, ZA on my corporate laptop whined a few times because other Windows systems on the same subnet were polling for a domain master browser once.
Chris
-
That depends on what ZA deems to be "access", which depends on how helpful ZA want to appear to be.
Does ZA alert on all the odd networky things that windows does, like announce file shares or poll on who has file shares setup?
Nope, and it's just recently started this. I'll screenshot it when I get home.
-
This doesn't sound good.
Time to start probing that machine for open shares/ports/services! =)
(Yes, I have done that, and yes - I have found someone's completed tax return PDF on a publicly accessible share this way... :O)
-
It appears that Zone Alarm has some serious issues with Windows Vista. I wonder how it will work and play with Windows 7 ??
-
The "little cable thingy" on top of the TV is what I'm referring to as a "set top box". Dunno about Comcast, but in FIOS, that little box gets its on IP address and likes to talk to the network. It might be that box and that chatter that is so worrying to ZoneAlarm. Or, it might be something else. Who knows. What does ZA say about the traffic? What protocol, etc?
The cable box and cable modem are completely separate entities. They can't communicate with each other.
I'm not familiar with FIOS. Do the set top boxes plug into your router/switch/whatever?
-
The cable box and cable modem are completely separate entities. They can't communicate with each other.
I'm not familiar with FIOS. Do the set top boxes plug into your router/switch/whatever?
The fiber comes into a box in your house. From there it gets converted to coax cable and goes to what resembles a cable modem/wifi/router combo. I don't know how the TV hooks up, I assume the COAX splits off to the TV but I could be wrong.