Firewall on Two nVidia Integrated Network Adapters

By ·
Hallo everyone !

I have a Tyan S8295 K8WE motherboard with two integrated 1Gbit network adapters. In my
motherboard's manual description of features it is stated:

Integrated Secure Network Processor:
Two IEE 802.3 Nvidia MAC 1000/100/10 Ethernet
( First from PRO 2200, Second from PRO 2050 ).

When installing drivers for the motherboard, the option is also to install Nvidia
Network Manager for Nvidia firewall. I decided to install it, but not enabling it, since I do not really know nothing about it, and just let the Windows XP 64bit firewall enabled.

Yesterday when I was reading the manual about this Nvidia firewall features ( just went through briefly ) I was somehow impressed on features this ( actually hardware integrated ) firewall offers.

The problem is I do not know much about firewalls and all the features this kind
of protection offers, but I thought to myself, since I have two of these Nvidia adapters integrated, why not give it a try.

My office network consists of thre computers: two running Windows XP 32bit and one running XP 64bit. I have a ADSL modem connected to 100Mbit router with some firewall features built in, for which I somehow allways thought, it protects the getaway and the network just by itself. But now I am realising this
ain't the fact. If you do not set the rules, how could something like built in firewall
really protect something. I guess I am not wrong. Please correct me if I am.

I was thinkg about connecting internet connection to one router and adding one
more router for just internal network traffic. By installing some internet security
suite on all computers, I would than deffine Unsecure zone for internet traffic
adapters and Secure zone for the internal network traffic adapters. I am still in
doubts about that solution, since I do not know if it would really give my network
additional protection. Actually I was talking about Panda's network security suite,
which has software firewall integrated, have wrote to them about the concerns for this kind of solution, and got no answer from them. Any thoughts, please comment.

From yesterday I am thinking how could I use these two Nvidia hardware firewalled
network adapters integrated on my motherboard. There is a possibility to bridge them - still do not know what that actually does. I can of course make ( provided by Windows software ) internet sharing connection. So I could potentially make a direct modem connection to one of these adapters. Then make a connection
from the second adapter, which would actually serve for sharing the internet connection, to my router, which could actually be unfirewalled, since I would astablish all the rules for the motherboard's firewalled adapters. The router would than provide all the internet traffic and internal traffic between my computer and other two computers. Hm, does this make any sence to anyone ?

Or does anyone think a strong firewalled router would be the best solution. How about still separating the internet and internal network traffic?

Since I am really hot about the security topics,
I will get of course much deeper in the security
area by myself, but in this moment ( I work
in a law office as an office assistant and network administrator ) I do not have that much
time for studying the security topics as I would
love to. Besides in our office have decided to
start with a real server ( Windows Server 2008 )
at the end of the year, so I have to study that
area too - I have about 8 months to test this
server with a Microsoft's testing version of this operating system. I also realise that
security matters after starting with a server will become a much heavier issue and a totaly
different approach will be needed compared to
with what I am dealing in this moment - a
small bussiness network ( actually more home like ) with no server at all.

I really appriciate all the comments, so thank you very much for all of them.

Greets. Miro.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Routers or Hardware Firewalls

by OH Smeg Moderator In reply to Firewall on Two nVidia In ...

Tend to run Linux not Windows so they tend to be much more secure than anything else that is available.

The Tyan Integrated Secure Network Processor is effectively a Software Firewall that turns this computer into a Gateway appliance running Windows which is far easier to break into that a correctly configured Stand Alone Device.

So if it was me I would leave things as they are and forget about messing around as if you do as you suggest and add another Router you will be isolating this computer from the Network which I don't think is what you want. If you weaken the second router to allow this computer to be accessible by the internal Network you may as well not have the second router in place as once the external one is breached they will have free access to the Internal LAN.

If you want to improve Security update the Firmware on the existing Router and reset the Password from the Default to one of your choosing.

Improving the setup of the Router will also help but if you don't know what you are doing you can do more harm than good and take the system down.

So the real question is can you afford the Downtime that will result while you learn about Firewalls? It will not just affect you but all other employees and their productivity while you learn.


Collapse -

A second testing network

by Dumphrey In reply to Routers or Hardware Firew ...

is a good idea.

Collapse -

Yes I do agree but not here

by OH Smeg Moderator In reply to A second testing network

With a 3 station LAN and the Admin who doesn't understand Firewall settings is a recipe for disaster.

They are hardly likely to be a Large Target for Hackers so just configuring a decent Hardware Router at the front Door is a better alternative.

Maybe it's because I get called in to fix things like this in small business after the Owner or Manager has messed around for a few days and lost productivity. When I hot the place I get it in the neck because I can't fix it immediately.

Of course because the person who has been messing with it for a few days doesn't know what they have done it makes it much harder to fix and takes longer.


Collapse -

A few basics

by Dumphrey In reply to Firewall on Two nVidia In ...

A firewall is only as good as its configuration. AV and anti-malware are a requirement. Keep patches and updates up to date. Test before going live with patches etc... How the internet is used is as important as any other aspect of security...So a good company policy for acceptable use is a good idea.
A hardware firewall can do a lot of good by filtering malformed packets and managing connection states. What most people refer to as a firewall or router is really what is called a NAT device. NAT is network address translation. This provides many users to access the internet from a single public ip. This usage alone is one of the important steps in online security, because, incoming connections are dropped by default unless they are initiated by an internal host.
If I was you, I would invest in a decent firewall/router and leave the server using a single NIC on the network, and not pass traffic through it. AV installed on all of your machines, anti spyware installed...
Security is really a process more then a series of rules, but some basics are always (almost) a good idea. The rest depends very much on your specific scenario. For example, you may have certain legal requirements to meet at a law office for network security (email policy, encryption of personal data, etc).
A firewall on a local machine is primarily to manage outgoing traffic in my opinion. But I do not discount their usefulness on the LAN in protecting against worms etc..
Any network security basics book would make good evening reading.

Related Discussions

Related Forums