Hi

I have a small network with XP home, and 8 PCS. I have a DLink DSL504 router and an 8 port switch. I am not sure how to configure the hardware firewall, so is it OK to put a software firewall on all PCs such as zone alarm, and do I need to put the IP address of the router, and the subnet mask into its trusued zone?? Can a hardware and software firewall exist at the same time??

Rgrds

Chris

Can a hardware and software firewall exist at the same time??
Yes

But generally it is unecessary to prevent instrusion thro a NAT router. The software firewall like zonealarm can be useful to detect unexpected outgoing connections which may occur from virus or trojans you pick up thro e-mail or downloads.

You would normally add your subnet into the trusted zone which would include the router.

/edit. I have changed my view on this. A NAT device is insufficient to prevent instrusion. A firewall is necessary also either in the router or on the PCs.

Originally posted by chesketh1972
Hi

I have a small network with XP home, and 8 PCS. I have a DLink DSL504 router and an 8 port switch. I am not sure how to configure the hardware firewall, so is it OK to put a software firewall on all PCs such as zone alarm, and do I need to put the IP address of the router, and the subnet mask into its trusued zone?? Can a hardware and software firewall exist at the same time??

Rgrds

Chris

Check the DLINK web site for config info - as for firewalls I run both and it helps - after you set it up do some online port scan like those are GRC.

GL

In most cases the external port scans will only check out the configuration of your hardware firewall, unless you have one of your systems sitting in a DMZ.

If you insist on installing a software firewall on stationary PCs behind a router, just be aware that file and print sharing will require additional configuration with the firewall that you are running. Just take a look at all the poor soles trying to get the two to work together throughout the forum...

Hi
I have an XP and W2kpro wireless via dia-up that is about to be DSL'd. I run ZApro on the first and ZA on laptop XP client.
I decided to use this approach as I assumed the firewall on the client may help to secure the laptop from external WiFi connectivity, is this valid?

pip

Yes you will need zonealarm to suplement the NAT protection of ICS from internet intrusion on DSL.

ZA will not add protection from wireless intrusion unless you limit the ZA trusted zone to fixed local IPs only. An intruder on the wireless lan would use your local subnet which will be 192.168.0.0. - no options. So you need to protect the wireless lan separately really with WEP and WPA when available.

http://forums.practicallynetworked.com/showthread.php?threadid=2706

I don't remember if "Broken Alarm" logged in/out traffic, if so, then it would still be useful for detecting wireless intrusions. It may not protect your system from intrusions, but you will at least have it logged to flag that there is/was an intrusion.

Thanks Greenstead,

I believe the wireless NIC I have is defined as an Internet connection with the gateway as192.68.0.1 as the ICS setup requires. It is DHCP though so I'll have to set IP's i guess.
I had assumed that since an intruder would have to use that adapter to gain access to the PC a SW firewall would help prevent compromises.
I do have 128k WEP enabled ad-hoc with shared key.
Just goes to show that security isn't as simple as I thought it was!

pip