Re: Setting up secure windows xp network

[James Taylor <james_n_taylor () yahoo com>]

Anna,

If you go down the Zone Alarm route use.....
http://forums.zonelabs.com/zonelabs

"but found out that I couldn't set my internet connected
network card to be in the Internet Zone, the NAT wouldn't
work. The only way it would if it was placed in the Medium
Zone" This sounds very odd, it will normally detect it out
of the box. 

If you used Zone Alarm Pro (the $49 version?) then it will
do that. You do *not* have to set the bar to Medium for the
Internet Zone and it is not reccommended. On the gateway
machine, where ZA is installed, you will also need to add
any external servers you use i.e. IP & port to the trusted
zone e.g. your mail provider. This will allow machines
internally to access those services (to pick up and send
mail). By default it should also allow the basic web
surfing service, but if not, once you start to surf on one
of the machines, ZA will detect these outgoing packets and
and a box will pop up asking if you want to allow x service
(e.g. port 80) to be allowed to connect to x.x.x.x? Say
yes. In the advanced tab for the 'Internet Zone' there
should already be a tick in the box 'Allow outgoing DNS
requests' (or something like that).

It does work, really.
Regards & Good Luck.
James

--- SML <sml () ukf net> wrote:
> I'd like to thank everyone for their input.
> I've tried several different configurations over past
> several days. I didn't
> like ICS with Windows own firewall. So I went to
> ZoneAlarm Pro, but found
> out that I couldn't set my internet connected network
> card to be in the
> Internet Zone, the NAT wouldn't work. The only way it
> would if it was placed
> in the Medium Zone. I wonder how secure it is this way?
> Am I too paranoid?
> :) Then I learned about Kerio WinRoute Firewall which in
> fact consist of NAT
> and Firewall all in one.
> Can anyone share their thoughts about it. I mean how good
> or bad it is in
> all aspects.
> I'm going to try the trial version today.
>
> Regards,
> Anna
>
>
> -----Original Message-----
> From: Lachlan McGill
> [mailto:Lachlan.McGill () au logical com]
> Sent: Tuesday, May 27, 2003 4:30 AM
> To: 'SML'; security-basics () securityfocus com
> Subject: RE: Setting up secure windows xp network
>
>
> As a very simple method, you can try just blocking ports
> on the network card
> level in its TCP/IP properties. This is very simple and
> also not necessarily
> the most secure.
>
> You should be able to get some success with third party
> apps such as
> Nortons, Mcafee and Zone Alarm. Its just a matter of
> configuring them
> properly to suit your setup.
>
>
> -----Original Message-----
> From: SML [mailto:sml () ukf net]
> Sent: Friday, 23 May 2003 12:57 AM
> To: security-basics () securityfocus com
>
> Hello list.
> I'm in the process of securing Windows xp prof network,
> consisting of 5
> computers.
> We use "workgroup" configuration.
> Also the computers are conected to internet through
> windows 2000 gateway
> computer with 2 network cards, where one card connects to
> ADSL router. NAT
> software is in place on the gateway.
> I'd much appreciate if somebody could point me to the
> internet recourses, or
> give advise on how to make the most of windows own
> security features,
> policies etc. Also what software firewall could we use on
> the gateway, since
> after trying norton and mcaffe firewals, we couldn't
> access the intrenet.
>
> Thanks,
> Anna
---------------------------------------------------------------------------
> Thinking About Security Training? You Can't Afford Not
> To!
>
> Vigilar's industry leading curriculum includes:  Security
> +, Check Point,
> Hacking & Assessment, Cisco Security, Wireless Security &
> more! Register
> Now!
> --UP TO 30% off classes in select cities--
> http://www.securityfocus.com/Vigilar-security-basics
----------------------------------------------------------------------------
>
---------------------------------------------------------------------------
>
----------------------------------------------------------------------------
>


__________________________________
Do you Yahoo!?
Yahoo! Calendar - Free online calendar with sync to Outlook(TM).
http://calendar.yahoo.com

---------------------------------------------------------------------------
----------------------------------------------------------------------------