If i am using 4 LAn computers with ADSL connection and all 4 of them
connects
to internet trough router(router you recommend it :) How can i best protect
one LAn computer which is
very important for me regarding the security from other 3 LAn computers
which i would not watch alot
to be clean from viruses ,Trojans etc.
Is the threat that comes from my 3 LAn computers bigger than internet
threat?
Post removed (X-No-Archive: yes)
Leythos wrote:
> In article
> > If i am using 4 LAn computers with ADSL connection and all 4 of them
> > connects
> > to internet trough router(router you recommend it :) How can i best protect
> > one LAn computer which is
> > very important for me regarding the security from other 3 LAn computers
> > which i would not watch alot
> > to be clean from viruses ,Trojans etc.
> > Is the threat that comes from my 3 LAn computers bigger than internet
> > threat?
>
> Install a second router, connect it's WAN connection to the LAN
> connection on the first router, then connect the important computer to
> the second routers LAN. This will allow the important computer to get
> internet access and to reach the other computers, but it won't allow the
> first three computers to reach the important one because NAT would block
> it.
>
> --
>
> spam999free@rrohio.com
> remove 999 in order to email me
Waste of money. You can properly configure your computer's firewall to
block internal machines, even most routers now have firewall
functionality built in.
Post removed (X-No-Archive: yes)
"Leythos"
> Install a second router, connect it's WAN connection to the LAN
> connection on the first router, then connect the >important computer to
> the second routers LAN.
Very nice idea.
Maybe i should point out that important LAN comp would not need any file
sharing with other 3
The question now is should i do what you told me or
what sil propose about soft firewall be enough
"sil"
news:1160229601.088565.100330@c28g2000cwb.googlegroups.com.. .
>
> Leythos wrote:
>> In article
>> > If i am using 4 LAn computers with ADSL connection and all 4 of them
>> > connects
>> > to internet trough router(router you recommend it :) How can i best
>> > protect
>> > one LAn computer which is
>> > very important for me regarding the security from other 3 LAn computers
>> > which i would not watch alot
>> > to be clean from viruses ,Trojans etc.
>> > Is the threat that comes from my 3 LAn computers bigger than internet
>> > threat?
>>
>> Install a second router, connect it's WAN connection to the LAN
>> connection on the first router, then connect the important computer to
>> the second routers LAN. This will allow the important computer to get
>> internet access and to reach the other computers, but it won't allow the
>> first three computers to reach the important one because NAT would block
>> it.
>>
>> --
>>
>> spam999free@rrohio.com
>> remove 999 in order to email me
>
> Waste of money. You can properly configure your computer's firewall to
> block internal machines,
So what about the time at boot and login, when the personal FW cannot be
started first before anything else? It can be like the TCP connection is
started and other machines on the LAN with malware can access the machine,
because the FW was not made available before TCP was started on the machine
and was available.
> even most routers now have firewall
> functionality built in.
Routers do segregation of networks even in a home environment. The router
doesn't have to be booted and started, unlike a host based solution running
on a computer, which will not allow a machine to be attacked behind a router
because it's never down or booted like what would happen on a host based
solution.
If I want total separations of machines in a LAN situation, I would be doing
it with a two router solution.
You can get a second good router on sale for about $20.
Duane :)
..
>
> If I want total separations of machines in a LAN situation, I would be
> doing it with a two router solution.
>
> You can get a second good router on sale for about $20.
Ok great so another router is the way to go
BTW i dont care about spending 20-200$ if that is the best solution .
What second router should i use ,what is best known for good firewall and
security performance?
----- Original Message -----
From: "sinisa"
Newsgroups: comp.security.firewalls
Sent: Saturday, October 07, 2006 9:41 AM
Subject: Re: security question
>
>>
>> If I want total separations of machines in a LAN situation, I would be
>> doing it with a two router solution.
>>
>> You can get a second good router on sale for about $20.
>
> Ok great so another router is the way to go
> BTW i dont care about spending 20-200$ if that is the best solution .
I'll put it do you this way. A standalone device solution, in your case,
such as a second router if you want absolute protection from the other
machines on the LAN is the best solution.
..
> What second router should i use ,what is best known for good firewall and
> security performance?
The security is in the separation of the two networks, in your case, where
as, the machine you're trying to protect will not receive any unsolicited
inbound traffic not only from the Internet but from other machines on your
LAN. The second router is going to flat-out stop that from happening.
The second router is only going to allow inbound traffic back to the machine
that the machine has sent outbound traffic to it whether that be outbound
traffic is to a remote IP on the Internet or to another machine on the LAN.
You put that second router in play and the machine will not be able to talk
to other machines in a LAN situation connected to another router. Nor will
the other machine connected to the other router will be able to talk to the
machine that has been segregated.
The router you need to make sure that it has all the bells and whistles on
it you want is the gateway router that's connected to the modem and is the
Internet facing router. The router that's doing network segregation behind
the gateway router can be an el-cheap-o of anything you want. It doesn't
make a difference.
I saw a guy in another NG post that he got a Linksys for $10 at Best Buy.
Duane :)
"Duane Arnold"
news:PqPVg.6131$Y24.5341@newsread4.news.pas.earthlink.net...
> The router you need to make sure that it has all the bells and whistles on
> it you want is the gateway router that's connected to the modem and is the
> Internet facing router. The router that's doing network segregation behind
> the gateway router can be an el-cheap-o of anything you want. It doesn't
> make a difference.
Ok,so first gateway router that is connected to modem should be the good one
Can you recommend which one with all the bells and whistles should i buy
then,because
i think i have el-cheap-o right now
My old d-link 604 is maybe best to use for network segregation (second
router)
Post removed (X-No-Archive: yes)
----- Original Message -----
From: "sinisa"
Newsgroups: comp.security.firewalls
Sent: Saturday, October 07, 2006 10:39 AM
Subject: Re: security question
>
> "Duane Arnold"
> news:PqPVg.6131$Y24.5341@newsread4.news.pas.earthlink.net...
>
>> The router you need to make sure that it has all the bells and whistles
>> on it you want is the gateway router that's connected to the modem and is
>> the Internet facing router. The router that's doing network segregation
>> behind the gateway router can be an el-cheap-o of anything you want. It
>> doesn't make a difference.
>
> Ok,so first gateway router that is connected to modem should be the good
> one
> Can you recommend which one with all the bells and whistles should i buy
> then,because
> i think i have el-cheap-o right now
I think any router that's ICSA certified will do the job for you. Netgear
makes one and I am sure there are other FW routers.
You should get a newwork FW solution that meets the specs in the link for
*what does a FW do*.
http://www.vicomsoft.com/knowledge/reference/firewalls1.html
You should get one that uses Wallwatcher.
> My old d-link 604 is maybe best to use for network segregation (second
> router)
>
Leythos makes mention of a D-link model that may meet your needs.
Duane :)
"Leythos"
news:l9RVg.4423$Cq3.373@tornado.ohiordc.rr.com...
> There are two things to consider in the two solutions:
>
> 1) Hardware solution provide a fixed means of protection that can't be
> screwed up if you screw up your OS or soft firewall.
I am definetly picking this choice
Glad to see there are smart people willing to help.
Post removed (X-No-Archive: yes)
"Leythos"
news:ajTVg.9570$OE1.8591@tornado.ohiordc.rr.com...
> In article
> I design secure networks and infrastructure for a living, it's what I
> based on company on and how I keep making a living.
>
> Just about any NAT Router (often called a firewall by the misinformed)
> will do what you want. Key thing to remember, both routers MUST HAVE
> DIFFERENT PRIVATE NETWORK RANGES.
>
> Router 1 (your internet router) 192.168.3.1/24
> Router 2 (your protected one) 192.168.4.1/24
>
> It would also be best if you can assign the WAN address for router 2
> with a fixed IP in Router 1's LAN (like 192.168.3.2) - but this also
> means that you need to know your ISP's DNS numbers and such.
For now i am going to copy paste this what you wrote so i can read later(few
months later because i didnt even buy my secure PC yet but i will dont worry
i didnt waste your time for nothing ;-)
I know my ISP's DNS numbers but where and how to configure what you just
told me i hope to figure that out myself
or expect me coming back later on this group to bother you again :-)
Post removed (X-No-Archive: yes)
"Leythos"
news:pEUVg.9582$OE1.7688@tornado.ohiordc.rr.com...
> In article
> I like the D-Link and Netgear lines, and have mostly given up on Linksys
> and NEVER buy Belkin (for residential NAT appliances).
I decide to buy
Router 1 (internet router)
NETGEAR ProSafe Firewall Router w/parallel-port Print Server 4 x 10/100Mbps
Switch /FR114PGE 100$
Router 2 (protected one)
My old D-link 604
I think this two should work together fine , if you agree i am going to
order netgear FR114PGE on monday
Post removed (X-No-Archive: yes)
"Leythos"
D-Link and Netgear lines, and have mostly given up on Linksys
> and NEVER buy Belkin (for residential NAT appliances).
Why have you given up on Linksys?
Later....
David S>
Post removed (X-No-Archive: yes)