Firewalls, Routers, and CPU Protection

[OneFinger]

OK, I only practice safe-sex and want to make sure I also practice safe surfing. But, I have a question about firewalls. Here's my latest problem.

 

I have a DSL line that is connected to my computer via an ethernet router. I have been running McAfee Professional 7.0 that included a firewall. My subscription finally expired and I kept getting hourly reminders from McAfee to pay them for their latest DAT files. (Yes, I was actually prevented from downloading the DAT files.) I tried to purchase another year of DAT support but McAfee indicated 7.0 is no longer supported and I'd have to buy their latest package for about $60.

 

Don't really want to take $60 out of my HooBoy Contribution fund and get the latest McAfee. So, I loaded a previously unused Norton 2002 and downloaded (free) their latest, up-to-date virus protection files. But, I don't think Norton 2002 includes a firewall.

 

I have been told that a firewall is not necessary since I'm running behind a router. Is this true? If not, is there a good (and free) firewall program to download. I've used Zone Alarm in the past but don't know if there is something better.

 

Appreciate your help on this non-escort question. Certainly don't want my computer to go down while searching for my next guy. :7

[Boston Guy]

One:

 

Firewalls don't offer protection from viruses, as I think you understand from your post. They do offer protection from various kinds of attacks from the outside, however, and should be used in conjunction with some kind of up-to-date antivirus program.

 

If you are using a system that is always behind a router -- and if that router provides an effective firewall -- you don't need to use a software firewall, too. You should check the router documentation to make certain that it offers the protection you want before turning off any software firewalls that you might have installed.

 

Finally, if you are running XP, there's a built-in firewall that you might consider as one part of the options available to you.

 

Isn't technology fun?

 

BG

[eastbayguy]

BG is on spot on. But, based on a couple bad experiences, I prefer a hardware device to the software firewall solutions. What's best is to have a router that uses DHCP (look for this acronym on the box) that assigns a special address to your computer behind the hardware firewall.

 

The latest generation of these devices is quite advanced, and, quite cheap. I'm thinking of actually upgrading.

 

The box I have includes a wireless access point and lots of other bells and whistles. The unit I have now is a prototype, but it replaced a Netgear box. Both are very slick.

 

Good luck. Proper security at home involves some advanced concepts and isn't easy to explain. Experts struggle with this topic. I totally understand the frustration of a non-expert in networking dealing with this stuff. The beauty of my Netgear box is that it came out of the box and worked perfectly. No configuration or setting up required at all.

 

--EBG

[OneFinger]

Thanks BG and EBG for the swift and thorough responses.

 

I am running the standard XP firewall and my computer is always connected to the router. Also checked the router documentation. It says it has "simple firewall protection" and "supports DHCP Server/Client". I don't find any instructions for setting up DHCP and I "assume" that was done automatically when I ran the installation software.

 

I'm feeling safe again. :+

[OneFinger]

As a follow-up to the firewall discussion, I contacted my corporate IT department. (I often connect to the server at work from home.)

 

They said that as an employee I have access to firewall and virus protection software through them at no charge. I've now installed Black Ice. Anyone have any experience with this firewall?

[eastbayguy]

>They said that as an employee I have access to firewall and

>virus protection software through them at no charge. I've now

>installed Black Ice. Anyone have any experience with this

>firewall?

 

None recent. My experience was not positive. The experience with this product was what prompted me to buy the hardware firewall product.

 

The issues which formerly existed with this product may have been resolved, or not, I do not honestly know. Once upon a time, there were some problems.

 

--EBG

[+ deej]

>They said that as an employee I have access to firewall and

>virus protection software through them at no charge. I've now

>installed Black Ice. Anyone have any experience with this

>firewall?

 

I've used it without problem, but it was several (!) years ago. They went through a period when people were disrecommending them, but I haven't heard a peep about them in recent years. (And since anyone can download it for free, it's not much of a deal your IT folks put together for you. ;-))

 

I will add, though, that if your corporate IT guys are recommending it you might want to think long and hard. If you ever have to call on them for support, it's a good idea if you're running their "blessed" products.

[SoCal]

Check out this site: http://www.dslreports.com for some fun and useful stuff. Don't let the name fool you, it's an appropriate site for any broadband (or even dialup) user.

 

Navigate to their tools area (Test+Tools), and you'll find a tool for inititating a port scan on your IP address. It's a quick way to see if you have any obvious openings or security issues. I think there are more persistent and longer scans available there, as well as speed tests, etc.

 

I used this site extensively when I first got into dsl/cable/broadband, I don't use it quite so much nowadays but it's still useful.

[OneFinger]

Thanks for the info and link to a great site. Just did a port check and was told:

 

Conclusion: Healthy Setup! We could detect no interesting responses from any of the commonly probed TCP and UDP ports. It would be difficult for an attacker to know where to start without further information.

 

Makes me feel better. I plan on spending more time looking around this site. (Does that make me a geek??)

[OneFinger]

>If you ever have to call on them for support, it's a good idea if you're running their "blessed" products.

 

That's exactly what I thought. So, I thought it best to go ahead and install it. Am running it on a work PC and haven't had any problems. For corporate-provided PCs it is mandatory that we run it.

 

But, on my home copy (provided by my IT guys), I did notice that they had preprogrammed the software for "Reporting Enabled" including their IP address and password in the event of an ICEcap intrusion. I've now unchecked that option. ;-)

[eastbayguy]

>Makes me feel better. I plan on spending more time looking

>around this site. (Does that make me a geek??)

 

No. You're not a geek until someone tells you the new beanie with the propeller on it looks much better than the old one. There are other symptoms, too. That's just an incredibly obvious one.

 

I'd say you're exhibiting a healthy level of curiosity and concern about a topic more people really should pay attention to. The Internet is a shared thing. Continuing the good health of the Big I is good for everyone.

 

--EBG