Vigor firewall setup.

Reading Newt's Very interesting post about Router, NAT, Firewall discussion in the neworking forum has got me thinking about my own home setup.

I have a Draytek Vigor 2600 wireless Modem/Router/Firewall and have just set it running using safeguards on the wireless components, i.e. WEP, hide SSID etc but am using the default firewall settings.

I wondered if anyone out there knew of any ideal settings for the firewall, or how the Vigor compares with other SOHO devices. I realise it will not be up to the standard of an industrial PIX but can I safely fit and forget it or should I be tweaking it in any way.

Any thoughts and technical opinions welcome.

Thanks

 

From the writeup on the firewall I read, it appears that unless you have specifically blocked ports for outbound packets, they are allowed and a return packet in response to something you (or a spyware/malware/viral app) sends will be allowed back in.

I can't be sure from the little I was able to see but if you can set to be warned when outbound packets try using ports other than the standard ones (http, ftp if you use it, pop & smtp mail, etc.) to get out, you will increase your level of security some.

If you are using XP then when SP2 ships you can undo those warning blocks since the firewall with SP2 sets up by default to close ports except when you have an app (defined by you in an 'allowed' list) open and in that case, ports your app uses will be open until the app is closed.

 

Hi Grunty!

Run a port scan at GRC. You'll know by the results how well you stand against incoming threats. Not sure how configurable that model is for outgoing. Might check it's help or read me or manual for that. I use a software firewall in addition to my router and feel I'm more secure by doing so.

 

Setting up a SOHO or personal firewall to block out going

It is difficult to block outgoing trojans because they often use comon ports (especially 80). If you have little installed on your PC(s) the problem is fairly manageable. But as you install more software, it is difficult to recognise whether the application going out is malicious or an application hunting for an update (for example).

Many personal firewalls will pop up a message when something unusually is going out, but often it is difficult to determine the route cause. Often the service that is shown as making the connection is not the source application, but a system dll or app that it is using to connect. Most users end up accepting all these alerts rather than trying to determine what each is, and you quickly end up with a set of rules that is useless.

Tiny personal firewall version 3 is a good (or bad example) of how the system can get out of hand (IMHO). It monitors access to the registry as well as the internet connection. All sorts of alerts pop up from just running Outlook. It is such a shame as I think Tiny Firewall version 2 was the best personally firewall out there. I think the free version of ZoneAlarm suffers from the same problem and in some versions it is difficult to correct the rule set.

My recommendation would be:

Use the firewall to block incoming traffic.

Run and keep updated, a good Anti-virus package.

Use a seperate utility to search for trojans regularly. Adaware or the like.