Firewall

If you use a Windows computer connected to a network, a newly discovered bug makes it possible for a bad guy to wreak havoc on the computer without your doing anything. The most vulnerable versions of Windows are XP, 2000 and Server 2003. Vista and Server 2008 are also vulnerable, but not as badly. Microsoft considers the bug important enough to issue the patch immediately rather than waiting for their normal once-a-month patch Tuesday.

Susan Bradley, writing for the Windows Secrets newsletter recommends immediately installing the just-issued patch. Then she offers some unusual advice, suggesting people first restart their computers &… Read more

This is the last posting in a trilogy about adding a second router to a Local Area Network to provide an additional layer of protection for high value computers.

The first thing I noticed after setting up a network as described in the previous posting was that a newly protected computer, plugged into the second router just worked. All the hard work is in configuring the new router. Any computer using DHCP, which is the norm, shouldn't need any changes to enable the additional protection.

One side effect of the new LAN segregation is remote control. On the network … Read more

Previously, I wrote about using a second router to provide additional protection to high-value computers--specifically, to protect computers used by adults from those used by children on a shared Local Area Network (LAN).

That article was mostly conceptual, this one covers the nitty-gritty technical details.

First, the good news. Adding a second router has no effect on the first router and no effect on the untrusted (kids) computers. Each is blissfully ignorant of the following changes.

In describing the steps, the existing/first router will be referred to as the kids router since the untrusted kids computers connect to it. … Read more

If you live in a home where parents/adults have one or more computers, children have their own computer(s), and everyone shares a single Internet connection, then you should consider a second router.

While the main function of a router is to let multiple computers share a single broadband connection to the outside world, it is also invaluable in offering firewall protection. Firewalls that run on your computer have their place, but you are much safer with the additional protection offered by the firewall in a standard, ordinary, consumer-grade router. Previously, I suggested that even someone with only one … Read more

As is so often the case with networking problems, the firewall was source of the Verizon DSL problem I wrote about recently.

I had experienced problems making outbound connections at two Verizon DSL business customers and was told by another Verizon DSL customer that they too had a similar problem.

The problem first came up when trying to use NetMeeting from a Verizon DSL customer to remotely control a computer. Despite there being no firewall on the receiving computer NetMeeting still couldn't make a connection. Even a simple ping of the target computer failed.

I suspected Verizon was the … Read more

Recently, someone at a small business with a Verizon DSL Internet connection couldn't connect to my computer with NetMeeting. I've done this often enough to know that NetMeeting wasn't the problem, so I asked them to ping my computer - and it failed (timed out).

The TCP/IP ping command is a network debugging tool available on any operating system with TCP/IP (which is just about every operating system). It sends a simple command to the target computer which answers with a small amount of data. As the name implies, ping is just a tap on … Read more

If there were ever a place for Defensive Computing, it's at a hacker conference.

So while attending the Last HOPE conference, a number of my previous postings came to mind.

First, there was the list of available Wi-Fi networks (see below) at the conference which, at times, showed four computer-to-computer networks (using the Windows XP terminology). These networks, also known as ad-hoc networks, are not governed by a router. While they may be set up on purpose, they are more likely to be accidental creations on the part of nontechnical computer users, or a purposeful trap set by someone … Read more

As I mentioned previously, based on a recommendation from Scot Finnie, I installed the Online Armor firewall on a couple Windows XP machines.* Scot recommended the paid version, I opted to get my feet wet with the free edition (v2.1.0.131). These are my first impressions, not a review. I don't think anyone can base a firewall review on merely a couple days experience, it's the sort of software you have to live with for a while.

My previous firewall was ZoneAlarm, whose best feature was its ease of use. Unfortunately, for a number of reasons, … Read more

Finding a new firewall program has been on my to-do list for a long time. I was a long time fan of the free version of ZoneAlarm, but the upgrade from version 6 to 7 was a put-off. The file size increased tremendously (it's now 44.6MB) and the functionality hardly changed at all. That made me suspicious of what all that extra code was there for. Still, old habits die hard and I was used to it like an old pair gloves. But a few days ago, when a bug fix for Windows broke ZoneAlarm, and no other … Read more