From what I have seen in this group, the consensus seemed to be
that ICF was unnecessary if your LAN was behind a router with
the fire wall enabled. In my case, I have a D-Link DI-604 with
all ports blocked. I get "Full Stealth" mode from "Shields Up"
at
www.grc.com after I routed Port 113 to 192.168.0.200 which is
well out of range of any of my machines. Their are 4 computers
on the network in a home office used only by my wife and me, so
I have things very open on the LAN.
My question is whether their is any need for the SP2 firewall in
this configuration, when, and if, I get up the courage to try
SP2?
Ken,
A NAT router like the DI-604 is just the outermost layer of a good defense
strategy. The router provides protection against hostile incoming traffic only,
Each layer is necessary because no layer produces complete protection.
The second layer is a software firewall, or a port monitor like Port Explorer
(free) from <
http://www.diamondcs.com.au/portexplorer/index.php?page=home>, on
each computer. You need this layer for protection against unknown software
generating unwanted outgoing traffic, and for protection against hostile traffic
from other computers on your LAN. Windows Firewall provides this protection as
do other third party products. See discussions in comp.security.firewalls for
more information.
The third layer is good software. This layer has multiple components.
AntiVirus protection. Realtime, plus a regularly scheduled virus scan.
Regularly updated.
Adware / spyware protection. Realtime, plus a regularly run adware / spyware
scan. Regularly updated.
Complete instructions, using Spybot S&D and HijackThis (both free) are here:
<
http://forums.spywareinfo.com/index.php?showtopic=227>.
Harden your browser. There are various websites which will check for
vulnerabilities, here are three which I use.
http://www.jasons-toolbox.com/BrowserSecurity/
http://bcheck.scanit.be/bcheck/
https://testzone.secunia.com/browser_checker/
Block Internet Explorer ActiveX scripting from hostile websites (Restricted
Zone).
<
https://netfiles.uiuc.edu/ehowes/www/main.htm> (IE-SpyAd)
Block known dangerous scripts from installing.
<
http://www.javacoolsoftware.com/spywareblaster.html>
Block known spyware from installing.
<
http://www.javacoolsoftware.com/spywareguard.html>
Make sure that the spyware detection / protection products that you use are
reliable:
http://www.spywarewarrior.com/rogue_anti-spyware.htm
Harden your operating system. Check at least monthly for security updates.
http://windowsupdate.microsoft.com/
Block possibly dangerous websites with a Hosts file. Three Hosts file sources I
use:
http://www.accs-net.com/hosts/get_hosts.html
http://www.mvps.org/winhelp2002/hosts.htm
(The third is included, and updated, with Spybot (see above)).
Maintain your Hosts file (merge / eliminate duplicate entries) with:
eDexter <
http://www.accs-net.com/hosts/get_hosts.html>
Hostess <
http://accs-net.com/hostess/>
Secure your operating system, and applications. Don't use, or leave activated,
any accounts with names or passwords with trivial (guessable) values. Don't use
an account with administrative authority, except when you're intentionally doing
administrative tasks.
The fourth layer is common sense. Yours. Don't install software based upon
advice from unknown sources. Don't install free software, without researching
it carefully. Don't open email unless you know who it's from, and how and why
it was sent.
The fifth layer is education. Know what the risks are. Stay informed. Read
Usenet, and various web pages that discuss security problems. Check the logs
from the other layers regularly, look for things that don't belong, and take
action when necessary.
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.