Which IS Safer?

Hello All,

I have 4 pc's in the home all sharing high speed internet through a gateway, two of my pc's are networked to share files and a printer. I want to be as secure as possible and am running a firewall but I am not sure if I should use the machines actual IP, a custom address, or a mask.

Both pc's are seeing each other with the files that are shared and the printer is running off both pc's . I am not sure if I am setting it up right in the firewall. I would appreciate any help and thanks in advance.

FIREDANCER

 

Well I'm confused. I'm not aware of anyway you can use an alias. But from the perspective of a firewall, I will assume since this is a home network, probably with DSL or Cable and your Firewall is much like a Linksys/Netgear/Dlink 4 port combo SOHO Cable/Broadband Router Firewall.

Out of the box, these devices are configured to:

- block all incoming traffic, not originating from the the LAN side (ie...not a response to a http request)
- Allow all outbound traffic originating from the LAN side.

This is the easiest, semi-secure way to accomplish using a firewall which meets the needs of 90% of the SOHO market. It is reasoneably secure from the perspective that some hacker can't just come knocking on your door and eventually get in.

AND, most of these types of router/firewalls use non-public, non-routeable IP's on the LAN side (192.168.0.1 /255.255.255.0) Meaning, it would be impossible for someone down the street to fire-up a computer that happens to be in the same workgroup and see your files behind your firewall.

now, for the not so secure news.

Since the firewall allows ALL LAN traffic outbound access, your pc has the potential to spread viruses or create an inbound backdoor and you would not even know it. There are viruses that have their own "built-in" mail server that can steal your address book and start sending email from your computer. There are viruses that when you click on an attachment, it actually loads a program onto your computer, that phones home (creating an un-checked outbound connection) and keeps the connection open for the hacker to gain access to your computer.

Here's one that will blow your mind. There are programs the wrap nasty stuff into valid programs, that get installed without you knowing it. For instance. You have a son or daughter that is involved with peer-to-peer music sharing...Kazaa,Napster. Did you know that 65% of all music downloaded is spiked with a virus.

The where I am going with this. The prudent way to setup a firewall is to Block all un-solicited traffic inbound (the default) and block all outbound traffic EXCEPT what you specifically allow..ie HTTP/HTTPS (port 80/443). Allow only outbound smtp and pop3 to your ISP mail servers. Deny everything else.

Also, keep current virus definitions, anti-spyware and periodically change passwords. Use 8 digit alpha-numeric combinations..p5gr67n9, or something like that.

And for the next level of SOHO paranoia, software firewalls on each workstation to help prevent the spread of virus from within the LAN.

Am I paranoid...YES. I do this for a living. People have written books on this. Search the net for phrase like "Home network security" and "Best Practices ".

Check-out "how-to's" at http://www.practicallynetworked.com/

...but to address your question, I really think you need to add somemore detail about what you've done and what exactly you want to do

just how is it setup ???

Regards,

- Don