Can anyone give me a quick firewall education (1 Viewer)

[Brian E]

Hi all,

Since I know the most about computers at work I'm the defacto "IT Guy". I know next to nothing however about firewall software. Basically what we have set up is a small peer to peer type network. One computer has a dial up connection (mine) and it shares that connection. Now a couple of questions.

What are considered the better firewall programs out there?

Would a firewall be recommended on each machine or just the one with the actual dial up connection?

Any recommended sites out there for a good FAQ on this?

Most of are machines are running WinXP and we still have a couple of Win98 boxes too.

Thanks in advance...

 

[Ted Lee]

i'm not real familiar with firewalls either. john berger is around here somewhere.

anyway, here's a start that may help:

http://www.pcworld.com/howto/article...,109377,00.asp

 

[John_Berger]

I'm here! I'm here! Sheesh!

The firewall should only be needed on the system that is actually connecting to the Internet. Anything else will be overkill since the firewall on the connected system if properly configured will be sufficient. Additional firewalls will be nothing more than blocking traffic that should have been blocked by the first firewall anyway. They'll also take up system resources on each system. This is obviously not what you want to do.

As to a "better firewall for Windows", there's no such thing as far as I'm concerned since Windows itself is rife with its own security problems. UNIX is infinitely better for firewalls; however, that won't necessarily be a good option in your case.

Regardless, the one that seems to be the most highly recommended is Zone Alarm, particularly because the basic version is free.

As a near-to-mid-range goal, you should consider abandoning that dial-up connection in favor of getting a low-speed (thereby low-cost) broadband connection. That way you can get your PC out of the middle and use a broadband router to manage your Internet connection. Because broadband routers are also firewalls, you'll be killing two birds with one stone.

 

[Brian E]

Thanks John & Ted,

We do plan on getting rid of dial-up (thank goodness) and getting DSL once are phone company makes it available. Until then I'm stuck with what I've got.

So if I put the firewall on the one machine it should block things that try to dial out from the other machines? In other words will it see the individual programs that could "dial out" or will it just see it as the other computer and allow it because that machine is allowed access? Hope that makes sense.

 

[Chris Hovanic]

If you have an old 486 or first gen pentium you can build a Smoothwall firewall. This is a *nix based fire wall with great web based user interface. You dont need to know any *nix

All you need is 2 networkcards (and a modem for dial up) and your in business. Smoothwal is GPL so does not cost anything. Download looks like 20 MB so even with your dial up you could have it downloaded by morning.

They also have great support via a mailing list.

All the functionality of a broadband router which will also work with dial up and it also keeps a PC out of a landfill.

IMO Hardware firewalls are far superior to software firewalls.

 

[John_Berger]

All you need is 2 networkcards (and a modem for dial up) and your in business.

This makes no sense. The modem *IS* the other network card. Why would he need a thrid network connection in the form of a second network card?

 

[Kevin P]

This makes no sense. The modem *IS* the other network card. Why would he need a thrid network connection in the form of a second network card?

For dialup only one network card is needed, plus the modem. The second network card is needed when they switch to cable or DSL.

Some dedicated routers have modems built in or can be connected to an external modem, so this can be an option as well.

 

[Chris Hovanic]

This makes no sense. The modem *IS* the other network card. Why would he need a thrid network connection in the form of a second network card?

You are correct. The modem would be the WAN connection card (I guess I should have said or instad of and).

Still would not hurt to go ahead and install the second NIC to be ready for the upgrade to broadband.

For that matter you can install a third NIC for a DMZ if you want too (If your running broadband).

Not sure how much the dedicated routers with built in modems cost (I have never looked for one) but I could build a Smoothwall router/firewall for less then $50

Min Requirements
386 (486DX4 recommended)
8mb of RAM
200mb Hard Drive (1 gig would be best if you have a pent. 486's have a hard time seeing anything over 500mb)
2 10mb NICs (network interface cards)(unless you are running strictly 100mb network) 1 if your using a modem
1 Hardware modem
you dont even need a dedicated monitor or keyboard just use for inital setup and then unplug.

Check Smoothwall FAQ's Here (need Acrobat Reader)

 

[Brian E]

Thanks for the tips, I'll look into it. I downloaded Sygate's software to try out, haven't done anything else yet.