General security advice
The other day on a different question, r-k said that he wouldn't use ZoneAlarm. That got me thinking that I should review what I'm doing. Here's my network layout:
- A DSL modem connects me in bridge mode to my ISP.
- I run a cable for the DSL modem to a WRT45G broadband router's Internet port (router1).
- From router1, some physical cables go to computers and
- From router1, one physical cable goes to another WRT45G router (router2)
- router2 connects via WiFi to two laptops and several PDAs
- From router1, several PDAs attach via WiFi
- Router1 has its firewall enabled
- the only ports allowed through are 25 and 110 (I run a mail server)
- All my systems (non-PDA) behind the router1 firewall run ZoneAlarm
- Firewall is enabled
- AntiVirus is enabled
- Incoming and outgoing E-mail protections are enabled
- All my systems (non-PDA) behind the router1 firewall run Microsoft's AntiSpyware
I'd like a critique and some clean advice on how I might best arrange this for
- minimum fuss
- least money
- best security
and some explanations why you suggest what you do.
Many thanks in advance.
- A DSL modem connects me in bridge mode to my ISP.
- I run a cable for the DSL modem to a WRT45G broadband router's Internet port (router1).
- From router1, some physical cables go to computers and
- From router1, one physical cable goes to another WRT45G router (router2)
- router2 connects via WiFi to two laptops and several PDAs
- From router1, several PDAs attach via WiFi
- Router1 has its firewall enabled
- the only ports allowed through are 25 and 110 (I run a mail server)
- All my systems (non-PDA) behind the router1 firewall run ZoneAlarm
- Firewall is enabled
- AntiVirus is enabled
- Incoming and outgoing E-mail protections are enabled
- All my systems (non-PDA) behind the router1 firewall run Microsoft's AntiSpyware
I'd like a critique and some clean advice on how I might best arrange this for
- minimum fuss
- least money
- best security
and some explanations why you suggest what you do.
Many thanks in advance.
Nothing wrong with Zone Alarm...You seem to have things under control.
ASKER
Well, I'm not too confident of your answer as I forgot to mention how I secure my WiFi and that should have been part of any comment.
With the WiFi, I do the following:
- I use 40 bit WEP
- I have a table of MACs and only those which are mine can pas into the network.
- I do broadcast my SSID though I know it is better not to.
If there's something better than ZoneAlarm, I'd like to know and I'd like to know what the best anti-virus and spyware solutions are currently.
With the WiFi, I do the following:
- I use 40 bit WEP
- I have a table of MACs and only those which are mine can pas into the network.
- I do broadcast my SSID though I know it is better not to.
If there's something better than ZoneAlarm, I'd like to know and I'd like to know what the best anti-virus and spyware solutions are currently.
I should maybe clarify what I may have said about ZoneAlarm. There is nothing much wrong with it, and in general it is a better firewall than most others that I have tried (e.g. I think it is better than Kerio). The reasons I don't use it myself are four (1) It is more obtrusive than the XP firewall, i.e. puts up many pop-ups asking whether you want to allow this or that (2) It installs many drivers and services that are bound to suck up memory and cpu, though not quite as bad as Norton (3) It can interfere with certain updates and other software installs, though infrequently, and (4) The free version is more like nagware, it keeps trying to trick you into signing up for the paid version.
Against these we have to balance the main advantage of ZoneAlarm - It can block outgoing traffic, and this would seem like a major advantage, since the XP firewall blocks no outgoing traffic. What if we were to acquire a trojan, would it not be best to have a window pop-up and tell us about it?
For a certain class of users, ZoneAlarm is indeed the best firewall. I would classify them as users who are advanced enough to understand pop-ups, but still engaging in risky habits so they might acquire some malware. (perhaps such users might frequent sites like this one...).
However, my experience has been that the vast majority of users do not fall in this group. The problem is that just about all but a very few users will click on "Allow" when presented with a pop-up they don't understand but which appears routinely. This may be compared to the dreaded EULA's that we all love to read when installing software. I can't remember how many I've read, but it is sure a lot less than the number of times I clicked on "I Agree". Such is the case with ZoneAlarm pop-ups - there are too many of them, and most people can't tell which one to allow and which one to block. Many a time I've had to clean up an infected machine with ZoneAlarm installed, and the owner had been happily clicking on "Allow" without knowing why.
Therefore, the main advantage of ZoneAlarm is not a real advantage for most people, and we are left with the nuisance factor. That is why I use the XP firewall. OTOH, if you are happy with ZoneAlarm and don't mind the extra bother, it is just as effective as the XP firewall, and there is no reason to change.
Against these we have to balance the main advantage of ZoneAlarm - It can block outgoing traffic, and this would seem like a major advantage, since the XP firewall blocks no outgoing traffic. What if we were to acquire a trojan, would it not be best to have a window pop-up and tell us about it?
For a certain class of users, ZoneAlarm is indeed the best firewall. I would classify them as users who are advanced enough to understand pop-ups, but still engaging in risky habits so they might acquire some malware. (perhaps such users might frequent sites like this one...).
However, my experience has been that the vast majority of users do not fall in this group. The problem is that just about all but a very few users will click on "Allow" when presented with a pop-up they don't understand but which appears routinely. This may be compared to the dreaded EULA's that we all love to read when installing software. I can't remember how many I've read, but it is sure a lot less than the number of times I clicked on "I Agree". Such is the case with ZoneAlarm pop-ups - there are too many of them, and most people can't tell which one to allow and which one to block. Many a time I've had to clean up an infected machine with ZoneAlarm installed, and the owner had been happily clicking on "Allow" without knowing why.
Therefore, the main advantage of ZoneAlarm is not a real advantage for most people, and we are left with the nuisance factor. That is why I use the XP firewall. OTOH, if you are happy with ZoneAlarm and don't mind the extra bother, it is just as effective as the XP firewall, and there is no reason to change.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
r-k and kevin,
Thanks for your responses. I beleive I have what I wanted. I'm glad to know/believe that my setup is reasonable. I have been using ZoneAlarm for several years and with it and careful habits, it has been a very long time since a nasty has gotten into my systems.
r-k, the reason I use the router on the edge is because I used to use my main system, a quad CPU server2003 machine, to do the routing function and that meant that I had to leave it running all the time for others on my network to have Internet access. With the WRT45G router, I can now shut down my local machines if I want and the two college students here can still use the Internet. The second router is at a distance from the first and its main purpose is the help spread the WiFi cloud smoothly through my house.
Thanks for your responses. I beleive I have what I wanted. I'm glad to know/believe that my setup is reasonable. I have been using ZoneAlarm for several years and with it and careful habits, it has been a very long time since a nasty has gotten into my systems.
r-k, the reason I use the router on the edge is because I used to use my main system, a quad CPU server2003 machine, to do the routing function and that meant that I had to leave it running all the time for others on my network to have Internet access. With the WRT45G router, I can now shut down my local machines if I want and the two college students here can still use the Internet. The second router is at a distance from the first and its main purpose is the help spread the WiFi cloud smoothly through my house.
ASKER