General discussion


Firewalls and IDS on a home network

By zlitocook ·
We are switching from Charter DSL to AT&T because of a great deal they are offering. And they offer a wireless gateway, it will allow four hardwired connections, one USB connection and the rest are wireless, ten in all. My current firewall is Zone alarm with no IDS and I have XP pro/sp2 with it's own simple firewall. In my home there are two laptops, three desktops all with XP, pro/sp2 and one 98se computer. For a few extra bucks AT&T will install thier own firewall and IDS with virus protection. And a bunch of other stuff like popup stoppers, Spam guard etc.
But this all comes with the extra part. Five dollars here three dollars there.
What do you use on your home network or SOHO to protect yourself? And what is better, Zone alarm, Norton/Symantec, SonicWall, Watchguard?
Do you think it is worth paying for a firewall or is the free stuff ok to use on a home network? One new computer will be a VPN connection to my work, I am on call 24/7 and will use remote desktop or remote assistance to help others at work.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -


by mjd420nova In reply to Firewalls and IDS on a ho ...

Comcast gives me all the MacAfee suite and it's
pretty simple, easy to install, and is provided
with the service. I think this is the best way
to go, as I feel the only way to stop these
insidious programs, is at the ISP, they can
easily strip these things at their equipment
before it even gets to me. I don't understand
why ISP's don't do this anyway, they have the
power and to be frank, they should. Most don't
because they are in bed with the advertisers
who originate these things. A firewall should
reside at the entry point, modem or router,
stop them before it even gets to your machine.
Some sites won't even display if your spam
blocker is on, and that's their loss, if they
don't care about my security then I don't
want to take the chance by going to their site.

Collapse -

Not only FW, but more... Your data and systems are worth more than the fee

by Former Big Iron Guy In reply to Firewalls and IDS on a ho ...

Defense in depth. Hardware firewall SPI type in the router/bridge. If you don't use static private addresses, cut the DHCP range down as small as reasonable. (Why do you need 253 IP's behind your NAT in a home network??) Turn off UPnP on your border router until the vendors get it fixed. If you are Windows 2K and up, Network Magic is great for mini-net management. Anti-virus and anti-spyware with the firewall on each machine. Run as low a priviledge level as possible. Change the ~!@#$%^&*( user names and passwords on devices from the factory defaults. Use MS Log Parser or any of the good log processing tools to filter down your logs. Backup backup backup. Keep up to date on security fixes for all your software as well as AV & spyware signatures. MAC filtering on devices. IPSec or VPN if you are paranoid.
I am evaluating endpoint security, now, and I like: U3 USB keys, with security ON. Don't like the Kensington USB Firewall (Bluescreened my production XPSP2 laptop half a dozen times in a row. I took it back for the Alpha Shield, below) I like small embedded device servers (NAS, Media, Print) which usually run embedded *nix clones. Lot harder to work with than a do it all windows server, or even a honking W/S set up to serve things, but waay more secure. And lastly, I'm geting ready to evaluate an Alpha Shield HW FW for Broadband Cable, DSL & VPN. Supposed to be 100% unhackable, plug and play, 1 rj45 in and 2 out (1 fw and one naked). Has on, off switch and auto-off after 15 minutes in the more restrictive mode. Purportedly has a "gamer/propeller head" mode but haven't set it up yet to see.
Also looking at the PEAP clients you can add to various routers through open source. However, my wireless G/B is *not* on the default channel and has a very very long password under WPA and TKIP..... PEAP is a bonus here... Looking at ADAM if I can find a windows box to drop it on.

A couple more or three caveats: Document on paper (sealed in envelope if you are paranoid) your router and admin users and passwords. Be sure you have the Admin access to all your machines (or take them away from the kids...) Tell your kids all the worst horror stories you can about BAD THINGS THAT DO HAPPEN. Lastly, get an A/B switch for your cable drop. It was worth it for me to run the extra 25' each way to my main work area. It is set up for A=Access Internet and B=Block internet, e.g. empty socket..... Whenever we leave the house, go to bed or go out to the yard and garden and no one is online, the switch is on B for Block. As soon as I post this and it goes, I'll log out and then turn the switch off. Haven't had a problem with my RoadRunner IP changing, even though I seem to remember they did not promise me a static ip. That switch helps you sleep better.
Goldurn it, I have rambled on past bed time. L8R.
/s/ FBIG

Collapse -

Use Zone Suite

by Tig2 In reply to Firewalls and IDS on a ho ...

I have been extremely pleased with the ease of use and simple interface. The Suite is reasonably priced, permits me to control the network and has the appropriate tools- virus, pop-up, etc- that I need. I find that it doesn't fight with my system.

I don't know that I would feel comfortable with handing my firewall over to ATT or anyone else.

I have cable and wireless, three lappies (wireless) and an F/P server (hardwired).

I do routine check-ins for open port visibility at It is a practise I recommend to anyone- quick feedback on the "stealthiness" of your system.

Related Discussions

Related Forums