• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 503
  • Last Modified:

network adapter in "internet zone"

I have added my router (192.168.0.1 subnet 255.255.255.0) into the trusted zone in my firewall software(zonealarm) so my PCs can see each other etc

However my network adapter who's ip is defined by the router (dhcp) is still in the internet zone is the safest ??

Surely as any traffic on this adapter has had to have gone through my router's 2-stage firewall anyway it is safe ??? but is internet zone still best for the adapter ?? why ??

Thanks
0
silki
Asked:
silki
  • 2
1 Solution
 
TolomirAdministratorCommented:
Your network adapter should have an ip like 192.168.0.x so it's in the trusted zone too.

I see no reason to add an entry for it and put it in the internet zone.

Any traffice to or from outside of 192.168.0.x is treated as traffic in the internet zone, no network sharing is possible etc.

I think you are safe.

I'm using zonealarm for 3 years now, behind a router with a firewall and NAT it's almost unneccessary to use zonealarm except you want to block applications from phoning home.

Tolomir
0
 
silkiAuthor Commented:
Hi thanks Tolomir for the feedback just to clarify

My Router is 192.168.0.1 subnet 255.255.255.0 - TRUSTED
My Network Card is 192.168.0.2 subnet 255.255.255.0 - NETWORK

I need my trusted subnet their to share files on my network but leaving my Network Card as NETWORK doesn't really make any difference from what you have said as my Routers firewall will block all threats at the source ???

0
 
TolomirAdministratorCommented:
Well don't mix it up. It's not subnet but subnet mask

Your subnet is 192.168.0.0

IN your subnet there is a router .1 and one of your computers .2, they are in the same subnet 192.168.0.0. the subnet mask 255.255.255.0 tells your computers this. So 255.255.255.0 is NO network address.


>This is taken from: http://www.webopedia.com/TERM/S/subnet_mask.html
A mask used to determine what subnet an IP address belongs to. An IP address has two components, the network address and the host address. For example, consider the IP address 150.215.017.009. Assuming this is part of a Class B network, the first two numbers (150.215) represent the Class B network address, and the second two numbers (017.009) identify a particular host on this network.

Subnetting enables the network administrator to further divide the host part of the address into two or more subnets. In this case, a part of the host address is reserved to identify the particular subnet. This is easier to see if we show the IP address in binary format. The full address is:

10010110.11010111.00010001.00001001

The Class B network part is:

10010110.11010111

and the host address is

00010001.00001001

If this network is divided into 14 subnets, however, then the first 4 bits of the host address (0001) are reserved for identifying the subnet.

The subnet mask is the network address plus the bits reserved for identifying the subnetwork. (By convention, the bits for the network address are all set to 1, though it would also work if the bits were set exactly as in the network address.) In this case, therefore, the subnet mask would be 11111111.11111111.11110000.00000000. It's called a mask because it can be used to identify the subnet to which an IP address belongs by performing a bitwise AND operation on the mask and the IP address. The result is the subnetwork address:
Subnet Mask      255.255.240.000       11111111.11111111.11110000.00000000
IP Address      150.215.017.009       10010110.11010111.00010001.00001001
Subnet Address      150.215.016.000       10010110.11010111.00010000.00000000

The subnet address, therefore, is 150.215.016.000.
----
Actually you don't need the two enties for your router and your "network" they are both one and the same for zonealarm. Set network to trusted and remove the other entry (for your router) and everything is ok.

Behind a firewall zonealarm has no need to block incoming packets, this does the firewall by itself. You can just use zonealarm to block phoning home and other stuff -> outgoing stuff!!!

So you can set your network to trusted, filesharing is blocked by your router/firewall anyway, there is no need to let zonealarm do the job.

Btw. you also don't need to configure your router/firewall to block filesharing, instead you would have to allow filesharing explicitly, so here is no danger too.

Tolomir

0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now