Drvnguy said:
Just wondering how i go about ,running cable modem through one lan and
bridging it so that it see,s it has a hardware firewall ,My cable guy
recommended i do it this way rather than run software firewalls ?..this
board has 2 lan
thanks ..
There are many ways to protect a home network. To start with, don't
bother routing packets through a computer that must always be on,
to provide the service. I like an architecture like this:
ADSL/Cable
Modem Box
|
| 10BaseT
|
Router/Firewall
NAT and/or IPSEC
| | | |
/ | | \
/ / \ \
100baseT /
/
/
PC with software
firewall that handles
both incoming and outgoing
connections.
With the router/firewall box, you can leave the thing running all
the time, and it only draws 10-15 watts of electricity. If you have
an ADSL modem, then you can use the router box to terminate the PPPOE
protocol. With the cable modem, the simplest advantage of the router
box, is the use of Network Address Translation (NAT), which makes
connections anonymous by changing the port number. With NAT, the
addresses of your home PCs will be private addresses like
192.168.1.2, while the Router box will have a public IP address like
211.101.23.17, as provided by DHCP. A disadvantage of NAT, is you
cannot run a server, without "punching a hole" in NAT, and that is
what DMZ is for. (DMZ stands for "dangerous networking option"
Another level of security is IPSEC or VPN, A VPN is a virtual private
network, or "fat pipe", that can be terminated by a VPN device at your
work. It would allow, for example, traffic to be secured, such that
all traffic was routed through the network connection at work, before
it gets to you. If you work for a big company, typically they will have
some standard configuration they use for "work at home" employees, that
provides the minimum level of security the company desires. Generally
your employer will frown on using the VPN, and routing to a dialup
modem at the same time (some people do that, so they can punch holes in
the company firewall, for ports that are blocked at work - dial up the
modem, then drive to work, then network out through the home computer).
IPSEC does the same thing, but the traffic is encrypted.
You don't have to stop there. Assuming you only have basic NAT in the
router box (which is what the cheapest router would give youi), you can
still run a software firewall in each PC. The main function you want
here, is a firewall that blocks outgoing connections until you approve
them. This helps block "trojan" programs from communicating secretly
with the outside world. NAT in the router is only good for stopping
probes from the outside network, while a software firewall of the
appropriate type on each PC, will help you detect when some
trojan/spyware is at work trying to get out of the PC with some
information. (You still need anti-virus software, to round out the
package.)
When it comes to software firewalls, read the specs carefully, to
find out how they handle outgoing connections. Some software firewalls
only restrict incoming connections, and your NAT box is already doing
that for you.
That should give you enough to get started. The above is just a capsule
summary with some terminology you can use for searches on the net.
(After all, this is a motherboard group, and a networking group will be
able to give much more accurate descriptions of this stuff...)
This is an example of a router that supports IPSEC - $62
http://www.newegg.com/app/ViewProductDesc.asp?description=33-124-007&depa=0
This one uses NAT, and would protect against most naive attacks from the
outside network - $49
http://www.newegg.com/app/viewProductDesc.asp?description=33-124-001&depa=0
There are probably other products that would include wireless networking
too, but you may need to do a little research into security issues of
wireless, to decide if that is the right solution for you. Personally,
I'm not a fan of wireless, but that is just me
Have fun,
Paul
