Results 1 to 10 of 10

Thread: Firewall on multiple PCs?

  1. #1
    Senior Member
    Join Date
    Mar 2002
    Posts
    137

    Firewall on multiple PCs?

    I run a few windows boxes on a LAn at home to share an internet connection, one is a master always on, has a firewall, anti virus/trojan, all the essentials, I am wondering would I need a a firewall on the slave machines too?

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    No but it helps and couldn't hurt. . You can get free Firewalls for Windows products are one of the three following (assuming they haven't changed):

    Outpost
    Tiny Firewall
    ZoneAlarm
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Senior Member tampabay420's Avatar
    Join Date
    Aug 2002
    Posts
    953
    i thought that running multiple copies of the same FireWall just uses extra resources?
    I could be wrong, most of the time i am! but what would be the benefit of this? or would you try and run different firewalls? what about an IDS?

    [edit]
    cool link from uhu http://www.tldp.org/HOWTO/Firewall-HOWTO.html#toc3
    [/edit]
    yeah, I\'m gonna need that by friday...

  4. #4
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    It only uses the resources on the slave machines (user machines). From what I've understood from K of C is that these machines are Windows boxes. They should have AntiVirus on them but it couldn't hurt to have a host-based FW on them. Often, the host-based FWs have IDS built into them.

    Couldn't hurt.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  5. #5
    Member
    Join Date
    Jan 2003
    Posts
    36
    Usually it is sufficient to protect your LAN with one firewall placed on the machine which is connected to the internet or directly behind it.

    Some examples showing several firewall architectures you can find here: http://www.tldp.org/HOWTO/Firewall-HOWTO-3.html

    I hope this helps

  6. #6
    Shadow Programmer mmelby's Avatar
    Join Date
    Jul 2002
    Location
    Ft. Myers, FL
    Posts
    291
    I have the same setup. 5 PC's sharing an Internet connection through a cable modem. I have a Win2K server with 2 NIC cards set for Internet connection sharing. I use the Pro version of Zone Alarm because the free version does not support ICS. I also use NAT just for an additional level of comfort.
    Work... Some days it's just not worth chewing through the restraints...

  7. #7
    Senior Member IKnowNot's Avatar
    Join Date
    Jan 2003
    Posts
    792
    I use firewalls and anti virus on all the machines.
    Just ask yourself:
    . is everyone who uses these machines as security conscious as you?
    . does anyone on the LAN ever download files and forget to virus check them?
    . are there ever any new Trojans that your anti virus program hasn’t caught up with yet?
    . if one machine on the LAN gets compromised, can it spread to the rest of the LAN?
    . are you SURE your server can’t be compromised and be used to infect your LAN?
    " And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes

  8. #8
    Junior Member
    Join Date
    Aug 2002
    Posts
    15
    Very well put IKnowNot...

    This is what I use @ home:

    4 PC's (XP) and 6 VM's (2000,98,SuSE8,Novell6,Solaris9x86,&XP)
    CableModem to NAT (My router has the option to log to a couple of software firewalls) to SonicWall to ZAP (ZoneAlarmPro) but only on one PC is ZAP because I have dedicated this PC to be my "Internet" PC but all the other PC's have NAV therefore I am not worried about WAN traffic compromising my nitwit

    My SonicWall 75 is probably a bit of overkill but configuration is always the key in a home LAN environment...there's my 2 cents

    Have fun

  9. #9
    Senior Member
    Join Date
    Mar 2002
    Posts
    137
    Alright thanks for the replies guys, it has been very useful.

  10. #10
    Member
    Join Date
    Jan 2003
    Posts
    36
    Originally posted here by IKnowNot
    I use firewalls and anti virus on all the machines.
    Just ask yourself:
    . is everyone who uses these machines as security conscious as you?
    . does anyone on the LAN ever download files and forget to virus check them?
    . are there ever any new Trojans that your anti virus program hasn’t caught up with yet?
    . if one machine on the LAN gets compromised, can it spread to the rest of the LAN?
    . are you SURE your server can’t be compromised and be used to infect your LAN?

    @IKnowNot

    You are right asking these questions. I agree with you, that *every* client, as far as it is driven by a Mircosoft-OS, has to be virus-protected. But I think you shouldn't intermix virus-protection with a firewall.

    A well configured firewall is designed to protect a whole LAN from unwanted connections to and from the Internet. The advantage is, that one central firewall can be maintained by qualified persons aka sysadmins. I wouldn't trust all users to be able to configure their personal firewalls accordingly. As soon as they want to share music or something else they would open port by port. So installing a personal firewall on our users desktops and workstations would be meaningless and just burning their resources.

    In fact on our laptops a personal firewall is installed though. That is because they are mobile and move to environments (hotels etc.) which can't be protected by us.

    You might ask now, why we don't limit the laptop-users rights to not be able to configure their personal firewalls themselves. Most of them are IT-Consultants working at our customers all over Europe. Because of this they must have the possiblity to install and configure their needed applications (databases etc.). In addition to it they should at least have a basic knowledge concerning computer security and they are advised to act accordingly.

    I want to summarize: In a plain LAN *one* dedicated firewall is sufficient and advantageous. If you have mobile users with laptops additional personal firewalls should be used. And as in real live: you can't be absolutely sure. There is always remaining a "rest-risk" (correct englisch?). One of my tasks as a sysadmin is to minimize it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •