We have ADSL! It would appear that BT were simply lying when they told PlusNet that our phone line had been upgraded. It now goes! It is fast! Oooooooh.
In practice, if you're running Windows, the combination of the ISP's NAT (how the ISP gets more users online than it has IP addresses) and ZoneAlarm on your PC looks to be fine. The only thing in my ZA log file are 'ICMP Destination Unreachable's, which appear to be genuine, but ZA blocks them anyway. ZA is there a) to block some ad software, b) to alert me when some new program tries to access the outside and c) in case anything goes wrong at the ISPs end.
Combine that with not letting Outlook / Outlook Express (and Word if possible) near your PCs and you'll be even finer.
If you want to be Serious, you find an old 486 PC and run one of the 'cut down Linux + firewall that boots off a single floppy' on it. Put that between the PCs you want to protect and the outside world.
I don't know much about the makeup of your network, so it's hard to say. If it's just one computer, you might look into some of the software solutions. If you have more than one, you could try using some of the firewall/gateway software (including finding an old 486 or something to put whatever unix you like on and using that). Personally, I did that for awhile and then got so sick of dealing with it that I went out and bought one of those Cable/DSL router things that also work as firewalls (it's a Linksys, um, BEFSR41). If you've got the cash (they're around US$100, as I recall), I'd recommend that. Makes setting up other computers damn easy, too. Just plug them into the router, tell the OS to do DHCP and go.
You should also think about whether or not you really need a firewall. They don't really do much (except annoy the people behind them sometimes). They won't stop a virus, for example, if you run the wrong program or open the wrong attachment. They won't stop someone listening if you send an unencrypted password out past the firewall. The only thing they will do is stop someone banging on a server on your computer, and you can get around this by just not running any servers. Cable/[A]DSL connections are fast, but they're not fast enough that just reading the information coming down the pipe is going to make your computer burp (unless you have a very, very old computer), so having someone banging on your computer looking for a server that isn't there isn't going to do much.
I have a firewall at home because you can't get a router without one, and I don't want to pay to have each computer have a different address (AT&T charges $10 for every computer past the first, as I recall). Most of the time I change things on the router, in fact, I'm changing things to open up the firewall so things can get through.
I've just got my ADSL connected - well appropriate hardware attached and we're just setting it up now. We use a dodgy nasty evil PC from hell as a router, which did have win2k on it, but was flaky as hell (being below recommended spec).
IPCOP is your friend here, its an open source thingie based on a linux kernel which will allow you to easily configure all your router/firewall etc settings.
my SO just informed me that the server from hell is now only using up 30MB RAM, IPCOP and whatever else is on the drive (1GB total) using up less than 100MB of space. We're using the remaining space as a web proxy and it will do lots of other clever things (allow u to configure the DHCP server stuff so you can allocate specific MAC addresses certain IPs (internally) and if an unrecognised MAC address connects it will allocate it an address from a different range of addresses (dynammically).
I need to read up on this myself so I'm not the most coherent yet, this may not be what your looking for but its a suggestion.
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
timeasmymeasure
no subject
Date: 2002-07-12 08:14 pm (UTC)I really should sort out a decent fire wall. any suggestions?
no subject
Date: 2002-07-13 01:43 am (UTC)In practice, if you're running Windows, the combination of the ISP's NAT (how the ISP gets more users online than it has IP addresses) and ZoneAlarm on your PC looks to be fine. The only thing in my ZA log file are 'ICMP Destination Unreachable's, which appear to be genuine, but ZA blocks them anyway. ZA is there a) to block some ad software, b) to alert me when some new program tries to access the outside and c) in case anything goes wrong at the ISPs end.
Combine that with not letting Outlook / Outlook Express (and Word if possible) near your PCs and you'll be even finer.
If you want to be Serious, you find an old 486 PC and run one of the 'cut down Linux + firewall that boots off a single floppy' on it. Put that between the PCs you want to protect and the outside world.
no subject
Date: 2002-07-13 03:31 pm (UTC)I don't know much about the makeup of your network, so it's hard to say. If it's just one computer, you might look into some of the software solutions. If you have more than one, you could try using some of the firewall/gateway software (including finding an old 486 or something to put whatever unix you like on and using that). Personally, I did that for awhile and then got so sick of dealing with it that I went out and bought one of those Cable/DSL router things that also work as firewalls (it's a Linksys, um, BEFSR41). If you've got the cash (they're around US$100, as I recall), I'd recommend that. Makes setting up other computers damn easy, too. Just plug them into the router, tell the OS to do DHCP and go.
You should also think about whether or not you really need a firewall. They don't really do much (except annoy the people behind them sometimes). They won't stop a virus, for example, if you run the wrong program or open the wrong attachment. They won't stop someone listening if you send an unencrypted password out past the firewall. The only thing they will do is stop someone banging on a server on your computer, and you can get around this by just not running any servers. Cable/[A]DSL connections are fast, but they're not fast enough that just reading the information coming down the pipe is going to make your computer burp (unless you have a very, very old computer), so having someone banging on your computer looking for a server that isn't there isn't going to do much.
I have a firewall at home because you can't get a router without one, and I don't want to pay to have each computer have a different address (AT&T charges $10 for every computer past the first, as I recall). Most of the time I change things on the router, in fact, I'm changing things to open up the firewall so things can get through.
no subject
Date: 2002-07-14 12:17 pm (UTC)IPCOP is your friend here, its an open source thingie based on a linux kernel which will allow you to easily configure all your router/firewall etc settings.
my SO just informed me that the server from hell is now only using up 30MB RAM, IPCOP and whatever else is on the drive (1GB total) using up less than 100MB of space. We're using the remaining space as a web proxy and it will do lots of other clever things (allow u to configure the DHCP server stuff so you can allocate specific MAC addresses certain IPs (internally) and if an unrecognised MAC address connects it will allocate it an address from a different range of addresses (dynammically).
I need to read up on this myself so I'm not the most coherent yet, this may not be what your looking for but its a suggestion.
Laterz
Natalya
Congrats!
Date: 2002-07-13 03:32 pm (UTC)It's nice, isn't it?