• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 601
  • Last Modified:

General security advice

The other day on a different question, r-k said that he wouldn't use ZoneAlarm.   That got me thinking that I should review what I'm doing.   Here's my network layout:

- A DSL modem connects me in bridge mode to my ISP.
- I run a cable for the DSL modem to a WRT45G broadband router's Internet port (router1).
- From router1, some physical cables go to computers and
- From router1, one physical cable goes to another WRT45G router (router2)
  - router2 connects via WiFi to two laptops and several PDAs
- From router1, several PDAs attach via WiFi

- Router1 has its firewall enabled
  - the only ports allowed through are 25 and 110 (I run a mail server)
- All my systems (non-PDA) behind the router1 firewall run ZoneAlarm
  - Firewall is enabled
  - AntiVirus is enabled
  - Incoming and outgoing E-mail protections are enabled
- All my systems (non-PDA) behind the router1 firewall run Microsoft's AntiSpyware

I'd like a critique and some clean advice on how I might best arrange this for
- minimum fuss
- least money
- best security

and some explanations why you suggest what you do.

Many thanks in advance.
2 Solutions
gallymonAuthor Commented:
Let me add that I should have said 'rearrange' not arrange.   I have no objections to changing s/w and/or h/w if the reasons are compelling.
Nothing wrong with Zone Alarm...You seem to have things under control.
gallymonAuthor Commented:
Well, I'm not too confident of your answer as I forgot to mention how I secure my WiFi and that should have been part of any comment.

With the WiFi, I do the following:

- I use 40 bit WEP
- I have a table of MACs and only those which are mine can pas into the network.
- I do broadcast my SSID though I know it is better not to.

If there's something better than ZoneAlarm, I'd like to know and I'd like to know what the best anti-virus and spyware solutions are currently.
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

I should maybe clarify what I may have said about ZoneAlarm. There is nothing much wrong with it, and in general it is a better firewall than most others that I have tried (e.g. I think it is better than Kerio). The reasons I don't use it myself are four (1) It is more obtrusive than the XP firewall, i.e. puts up many pop-ups asking whether you want to allow this or that (2) It installs many drivers and services that are bound to suck up memory and cpu, though not quite as bad as Norton  (3) It can interfere with certain updates and other software installs, though infrequently, and (4) The free version is more like nagware, it keeps trying to trick you into signing up for the paid version.

Against these we have to balance the main advantage of ZoneAlarm - It can block outgoing traffic, and this would seem like a major advantage, since the XP firewall blocks no outgoing traffic. What if we were to acquire a trojan, would it not be best to have a window pop-up and tell us about it?

For a certain class of users, ZoneAlarm is indeed the best firewall. I would classify them as users who are advanced enough to understand pop-ups, but still engaging in risky habits so they might acquire some malware. (perhaps such users might frequent sites like this one...).

However, my experience has been that the vast majority of users do not fall in this group. The problem is that just about all but a very few users will click on "Allow" when presented with a pop-up they don't understand but which appears routinely. This may be compared to the dreaded EULA's that we all love to read when installing software. I can't remember how many I've read, but it is sure a lot less than the number of times I clicked on "I Agree". Such is the case with ZoneAlarm pop-ups - there are too many of them, and most people can't tell which one to allow and which one to block. Many a time I've had to clean up an infected machine with ZoneAlarm installed, and the owner had been happily clicking on "Allow" without knowing why.

Therefore, the main advantage of ZoneAlarm is not a real advantage for most people, and we are left with the nuisance factor. That is why I use the XP firewall. OTOH, if you are happy with ZoneAlarm and don't mind the extra bother, it is just as effective as the XP firewall, and there is no reason to change.
To address your real question:

I recommend (on each user PC):

(1) a software firewall, either ZoneAlarm or XP Firewall
(2) Any one AV program that you can keep updated.
(3) Windows Defender (new name for MS anti-spyware)

Real protection still depends on the users not clicking on untrustworthy links and attachments, keeping in mind that the malware writers are getting ever more clever, not to mention making fewer grammatical errors.

I am wondering why you have router-2 at all. Is that to extend the range of the wireless network?

If WEP is working well for you it's probably OK, but WPA is both easier to use and more secure. But it depends, if you are dealing with sensitive (e.g. financial) information then definitely go WPA and stop broadcasting the SSID. But if it's more of a routine office environment then what you have should be fine.

Last but not least, there is no security like having nightly and/or weekly backups, with preferably an off-site copy.

Good luck.

Hi gallymon

I would second r-k on the Zonealarm point - there is nothing intrinsically wrong with it and it does offer controls over outgoing traffic (which is the main negative point regarding the built in XP SP2 firewall) - but if you are using an edge firewall then this can be used to provide outing traffic control. - Personally I find Zonealrm to be a pain for the reasons stated - users do not want to have to deal with pop-ups asking them if X or Y should be permitted.

One thing I would add - the main weakness around WEP is that it is possible to crack the keys if you capture enough packets so in addition to the above advice I would suggest regularly changing your wep passwords.



gallymonAuthor Commented:
r-k and kevin,

Thanks for your responses.  I beleive I have what I wanted.   I'm glad to know/believe that my setup is reasonable.   I have been using ZoneAlarm for several years and with it and careful habits, it has been a very long time since a nasty has gotten into my systems.

r-k, the reason I use the router on the edge is because I used to use my main system, a quad CPU server2003 machine, to do the routing function and that meant that I had to leave it running all the time for others on my network  to have Internet access.   With the WRT45G router, I can now shut down my local machines if I want and the two college students here can still use the Internet.  The second router is at a distance from the first and its main purpose is the help spread the WiFi cloud smoothly through my house.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now