HOME NETWORK SECURITY 1

[kev01]

Hi,

I have a small home network ( a domain with 1 server and 3 clients) and I was wondering how to best secure my home network.

I am currently sharing the Internet with a NAT software. On the server and each client, I have installed a personal firewall (currenly using sygate personal firewall) and an anti-virus (AVG anti-virus). Is that the most efficient way to secure a small network? Or is there anything else I could do to make my home network more secure (using free or low-cost software).

Thanks in advance,
Kev01

 

[Sapient2003]

The computers inside of the LAN should be using private address space. This way outside traffic cannot access any computers inside the LAN. Each computer should be running anti-virus software, AVG seems to work fine. The computer that has access to the internet should have a firewall. Sygate Personal Firewall does better than most free firewalls, however the filters are limited. If possible, use a router to secure the main computer from the outside.

--Sapient2003 - sapient@sapient2003.com
"The worst insecurity is believing you are too secure."

 

[kev01]

I know that W2K server can be used as a router...

Is it ok to use W2K server as a router to secure my home network??

Thanks in advance.
Kev

 

[rn4it]

I wouldn't, you can pick up braodband routers/FW devices for $100 and less. They are easy to config and pretty secure. That is what I use, anyone attempts to touch the external interface I receive a message via email.

 

[SamBones]

I was using a software firewall/router/anti-virus solution for several months and was getting an awful lot of alerts about "attempts" on my machines. I was always worried about something being misconfigured and worried about keeping patches and definitions up to date.

I recently installed and set up a Netgear FVS318 Cable/DSL Router/Firewall/Switch with VPN and 8 ports. It's about $100 and is awesome! You have complete control over what is visible and accessible to the internet side. It has it's own logs and can email them to me. It can act as a DHCP server for my machines. It's awesome!

http://www.netgear.com/products/prod_details.asp?prodID=129

After living with the before and after, I'll never go without a dedicated hardware firewall/router! Before I used to be able to browse my machines for ports and shares from my neighbors. Now to the world it looks like a machine that only has an HHTP port open and responds to nothing else. Not even a ping!

 

[Grenage]

Definately recommend hardware firewalls etc, thye are so very eliable.

 

[iSeriesCodePoet]

There are excellent Linux Firewall software out there. I use IPCop (

http://www.ipcop.org),

but like they said, you still need to keep it up to date.

For those with harware routers... do you ever update them? They need updating too!

iSeriesCodePoet
IBM iSeries (AS/400) Programmer

Want to have all your bookmarks in one spot?

http://www.koldark.net/bookmark4u/

Make your links shorter:

http://makeashorterlink.com/

 

[kev01]

If I have a Router with firewall capabilities, do I still need to install desktop/personal firewalls on each client of my network???

Thanks in advance,
kev

 

[smah]

It's not a bad idea - the router with NAT will block incoming exploits. It will let anything out. A decent software firewall can be set to allow only certain tranmissions out.

 

[kev01]

Is installing desktop firewalls a good idea when the router already has firewall capabilities?

thanks,
kev

 

[iSeriesCodePoet]

Yes it is. The software ones can be the "second line of defense" and it can block out going packets from thinks like worms.

iSeriesCodePoet
IBM iSeries (AS/400) Programmer

See my progress to converting to linux.

http://koldark.hopto.org/linux/

 

[TSMJ]

What you want for a network your size (with no webservers and assuming you use a separate hub for the LAN, ie. all the machines don't plug into the back of the router) is to have the router going straight into 1 machine acting as a firewall of the LAN (best have a dedicated PC) with either a secure Linux gateway/firewall OS like Smoothwall, Astaro, or Guardian Digital running, or Win2k server with a 3rd party Firewall (Sygate PFP is good) with NAT and IPSec set up on it.

You could also get Windows ISA server which does what Win2k server can but is also a proxy and has a built in firewall.

My point is that you should have one machine between the LAN and the

http://WWW acting

as a firewall - you shouldnt have to put a firewall program on each and every client machine.

Got that ;-)

You could also look at the DIY webserver page at

http://www.tomjay.co.uk

for a bit more of an idea on the topic and a few links.

 

[MattWray]

I like this Linux Firewall, Firestarter. You can get it here,

http://firestarter.sourceforge.net/

It is very easy to configure and edit, and makes you invisible to the outside. I ran several different scans and couldn't find my machine....

Thanks,

Matt Wray
MCSE, MCSA, MCP, CCNA

http://www.sss-steel.com

http://www.total-tec.com

 

[LedZepRock]

I made my home firewall on a old Pentium 166MMX, I used SuSE7.2 (all I had) and installed Shorewall, dead smart it is to, also installed Webmin, that means I can configure my firewall via a HTTP browser (I can configure everything via the browser with webmin). So it means I have a box sitting in a corner and dont need a montitor or anything, very handy. And I guess you could pic up a Pentium 166 for Ooo, what £15.

Led*Zep

 

[Robnhood]

I like the idea of installing a software based firewall on my desktop pc so that I am able to determine when programs have changed and/or are trying to access the internet.

Craig

http://www.SecurelySpeaking.com

 

[freakyone]

You may want to search Ebay for used firewalls. I was able to find a Sonicwall SOHO3 for 80$. Very cheap for a Namebrand hardware device and Sonicwall make a solid product.

~Dave~
Where do packets go when they die ?