ICS and Firewalling

[Guest]

Archived from groups: comp.security.firewalls (More info?)

Hello,
I'm sure this is a simple question for those in the know. I have 2
machines, one with a broadband modem, the other sharing it's connection to
the net using windows internet connection sharing. They are also on a
workgroup for networking purposes. Both machines are windows xp. My
question is this. Do I need a firewall on both machines, or only the one
connected to the net, and which firewall would people recommend?

Thanks!
- Ed.

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

"Ed." <tinman_x@hotmail.com> wrote in news:4096f210$1@quokka.wn.com.au:

> Hello,
> I'm sure this is a simple question for those in the know. I have 2
> machines, one with a broadband modem, the other sharing it's
> connection to the net using windows internet connection sharing. They
> are also on a workgroup for networking purposes. Both machines are
> windows xp. My question is this. Do I need a firewall on both
> machines, or only the one connected to the net, and which firewall
> would people recommend?

When using Windows ICS to share your Internet connection, it is the
software firewall on the host computer that controls incoming Internet
connections to all the computers. A software firewall on the client
computer(s) has no incoming control. But, for outgoing control, such as
to deal with spyware, worms, etc., you need a software firewall on each
machine.

The Windows XP firewall has good incoming protection, but no outgoing
protection that nearly all other software firewalls have. There are a
number of good free firewalls available for personal use - my current
choice for my machines is Sygate
http://smb.sygate.com/products/spf_standard.htm

--
Tom McCune
My PGP Page & FAQ: http://www.McCune.cc/PGP.htm

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

"Ed." <tinman_x@hotmail.com> wrote in news:4096f210$1@quokka.wn.com.au:

> Hello,
> I'm sure this is a simple question for those in the know. I have 2
> machines, one with a broadband modem, the other sharing it's
> connection to the net using windows internet connection sharing. They
> are also on a workgroup for networking purposes. Both machines are
> windows xp. My question is this. Do I need a firewall on both
> machines, or only the one connected to the net, and which firewall
> would people recommend?
>
> Thanks!
> - Ed.
>
>

Unless you have some reason not to use a NAT router as the gateway device,
you should look into getting a NAT router. They come cheap now of days.

http://www.homenethelp.com/web/explain/about-NAT.asp

If you need to be stopping outbound on the machine, then you can use IPsec
that's on the O/S. It can stop inbound or outbound by port, protocol, IP,
etc to supplemnt the router.

http://www.petri.co.il/block_ping_traffic_with_ipsec.htm
http://www.analogx.com/contents/articles/ipsec.htm

I use to be all gun-ho about Application Control, which most people
associate with some kind of outbound protection and I did as well. But now
my views are changing on this. Although I still kind of respect it, I think
99% of the time Application Control is useless.

I think it gets in the way and leads to a user making wrong decision in
stopping things they should not be stopping and missing things they should
be catching, because one uses Application Control in these PFW solutions as
a crutch and don't really investigate what's happening on the machine and
the network by reviewing logs for inbound and outbound.

Where in this link does it talk about Application Control and the rest of
the junk that's in these PFW solutions?

http://www.firewall-software.com/firewall_faqs/what_does_firewall_do.html

If you feel the need for Application Control, the XP FW for SP2 will have
it.

What I really recommend is that you go to the XP O/S and secure it.

http://www.windowsecurity.com/articles/Hidden_Backdoors_Trojan_Horses_and_R
ootkit_Tools_in_a_Windows_Environment.html

http://www.uksecurityonline.com/index5.php


Duane