ICS & Firewalls

I contacted Freeserve last Thursday with a request to upgrade my Anytime
account. The modem arrived yesterday, and I was switched on this
morning. :-)

A 600 Duron laptop shares the connection using ICS. Both machines have
Norton IS and Anti-virus installed. The problem is that the already
sluggish laptop is dog-slow with Norton's overheads.

Can I switch off the fire-wall on the laptop and rely on the main
system? I suspect not. I shall eventually use a modem/router. Will its
hardware firewall be sufficient for the laptop.

If all else fails I suppose something like Zone Alarm would be less
resource hungry. How difficult is it setting up permissions for the peer
to peer LAN? (I am crap at networks)

--
Trevor Dennis
Remove s-p-a-m to email

"Trevor Dennis" <(E-Mail Removed)> wrote
in message news:LnCxq5Bl1Ka$(E-Mail Removed)...
>
> I contacted Freeserve last Thursday with a request to
upgrade my Anytime
> account. The modem arrived yesterday, and I was switched
on this
> morning. :-)
>
> A 600 Duron laptop shares the connection using ICS. Both
machines have
> Norton IS and Anti-virus installed. The problem is that
the already
> sluggish laptop is dog-slow with Norton's overheads.
>
> Can I switch off the fire-wall on the laptop and rely on
the main
> system? I suspect not. I shall eventually use a
modem/router. Will its
> hardware firewall be sufficient for the laptop.
>
> If all else fails I suppose something like Zone Alarm
would be less
> resource hungry. How difficult is it setting up
permissions for the peer
> to peer LAN? (I am crap at networks)

bite the bullet, dig into your pocket and buy a adsl
modem/router, you won't regret it. It's firewall (depending
on what you buy) will protect against intrusions for all
pc's on your network, you'll still need a virus scanner
though. Check out www.adslguide.org for models & reviews.

P.

"Trevor Dennis" <(E-Mail Removed)> wrote in message
news:LnCxq5Bl1Ka$(E-Mail Removed)...
>
> I contacted Freeserve last Thursday with a request to upgrade my Anytime
> account. The modem arrived yesterday, and I was switched on this
> morning. :-)
>
> A 600 Duron laptop shares the connection using ICS. Both machines have
> Norton IS and Anti-virus installed. The problem is that the already
> sluggish laptop is dog-slow with Norton's overheads.
>
> Can I switch off the fire-wall on the laptop and rely on the main
> system? I suspect not. I shall eventually use a modem/router. Will its
> hardware firewall be sufficient for the laptop.
>
> If all else fails I suppose something like Zone Alarm would be less
> resource hungry. How difficult is it setting up permissions for the peer
> to peer LAN? (I am crap at networks)
>


I have always understood it that the firewall needs be on the host pc only.
Mine, Blackice, asks for 'rules' where I allow the lan addies of the other
2 pc's.
As far as i can see , one external ip address, one firewall.
Obviously, have antivirus on all machines.
The router method may also provide a firewall but that sorta answers the
same question ie. 2pc' one router one firewall.


Peter
> --
> Trevor Dennis
> Remove s-p-a-m to email


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.518 / Virus Database: 316 - Release Date: 11/09/2003

Peter wrote:
> "Trevor Dennis" <(E-Mail Removed)> wrote in
> message news:LnCxq5Bl1Ka$(E-Mail Removed)...
>>
>> I contacted Freeserve last Thursday with a request to upgrade my
>> Anytime account. The modem arrived yesterday, and I was switched
>> on this morning. :-)
>>
>> A 600 Duron laptop shares the connection using ICS. Both machines
>> have Norton IS and Anti-virus installed. The problem is that the
>> already sluggish laptop is dog-slow with Norton's overheads.
>>
>> Can I switch off the fire-wall on the laptop and rely on the main
>> system? I suspect not. I shall eventually use a modem/router. Will
>> its hardware firewall be sufficient for the laptop.
>>
>> If all else fails I suppose something like Zone Alarm would be less
>> resource hungry. How difficult is it setting up permissions for
>> the peer to peer LAN? (I am crap at networks)
>>
>
>
> I have always understood it that the firewall needs be on the host
> pc only. Mine, Blackice, asks for 'rules' where I allow the lan
> addies of the other 2 pc's.
> As far as i can see , one external ip address, one firewall.
> Obviously, have antivirus on all machines.
> The router method may also provide a firewall but that sorta
> answers the same question ie. 2pc' one router one firewall.

But it depends on whether you want to control outgoing connections or
not, if you do then you will need a firewall program on all machines.

If you're wondering why you may want to control outgoing connects, you
have to remember that a lot of programs (bought over the counter as
well as freeware, shareware & indeed warez) install phone home add
ons, or spyware/malware & you may want to control what is allowed to
connect & what isn't. Also if you are unfortunate to be infected with
a trojan or even some viruses ( remember all AV programs are playing
a game of catchup no matter how good they are) then you would detect
any abnormal outgoing activity.

It's a personal decision, I run a RO318 security router & Norton
Personal Firewall 2004 but some people will say that's not required
but i do like having a say about who is going to phone home or not &
everything works ok whether I do allow them or not.
--
B-)
Life is pain.....
Deal with it!!

The Host machine firewall allows all traffic straight through to the client
machine .

Check here if you don't believe this statement:-

https://grc.com/x/ne.dll?bh0bkyd2

--
Paul Woodsford
Remove ****NOSPAMPLEASE**** to Reply
"Peter" <(E-Mail Removed)> wrote in message
news:bkakch$4j5$(E-Mail Removed)...
>
> "Trevor Dennis" <(E-Mail Removed)> wrote in message
> news:LnCxq5Bl1Ka$(E-Mail Removed)...
> >
> > I contacted Freeserve last Thursday with a request to upgrade my Anytime
> > account. The modem arrived yesterday, and I was switched on this
> > morning. :-)
> >
> > A 600 Duron laptop shares the connection using ICS. Both machines have
> > Norton IS and Anti-virus installed. The problem is that the already
> > sluggish laptop is dog-slow with Norton's overheads.
> >
> > Can I switch off the fire-wall on the laptop and rely on the main
> > system? I suspect not. I shall eventually use a modem/router. Will its
> > hardware firewall be sufficient for the laptop.
> >
> > If all else fails I suppose something like Zone Alarm would be less
> > resource hungry. How difficult is it setting up permissions for the peer
> > to peer LAN? (I am crap at networks)
> >
>
>
> I have always understood it that the firewall needs be on the host pc
only.
> Mine, Blackice, asks for 'rules' where I allow the lan addies of the
other
> 2 pc's.
> As far as i can see , one external ip address, one firewall.
> Obviously, have antivirus on all machines.
> The router method may also provide a firewall but that sorta answers the
> same question ie. 2pc' one router one firewall.
>
>
> Peter
> > --
> > Trevor Dennis
> > Remove s-p-a-m to email
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.518 / Virus Database: 316 - Release Date: 11/09/2003
>
>


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.518 / Virus Database: 316 - Release Date: 11/09/2003

On Wed, 17 Sep 2003 23:04:52 +0100, "Paul Woodsford"
<paul.woodsford****NOSPAMPLEASE****@virgin.net> wrote:

>The Host machine firewall allows all traffic straight through to the client
>machine .
>
>Check here if you don't believe this statement:-
>
>https://grc.com/x/ne.dll?bh0bkyd2

I don't need to run that scanning program because I know that ZA on my
host machine was blocking FTPs from a laptop working via ICS.

So the statement is not 100% correct in all situations.

Phil

"Paul Woodsford" <paul.woodsford****NOSPAMPLEASE****@virgin.net>
wrote in news:7U4ab.2232$(E-Mail Removed):

> The Host machine firewall allows all traffic straight through to
> the client machine .

That statement does not make sense as it stands.

1) Please would you clarify what you meant.

2) Which firewall(s) are you talking about?

3) In a setup with (say) a host (i.e. ICS gateway) PC and two client PCs,
which client machine(s) would receive an inbound request?

--
BRG
===
http://www.brgservices.co.uk/

On Wed, 17 Sep 2003 20:47:31 +0100, "PJB" <(E-Mail Removed)> wrote:

>
>"Trevor Dennis" <(E-Mail Removed)> wrote
>in message news:LnCxq5Bl1Ka$(E-Mail Removed)...

>> A 600 Duron laptop shares the connection using ICS. Both
>machines have
>> Norton IS and Anti-virus installed. The problem is that
>the already
>> sluggish laptop is dog-slow with Norton's overheads.
>>
>> Can I switch off the fire-wall on the laptop and rely on
>the main
>> system? I suspect not. I shall eventually use a
>modem/router. Will its
>> hardware firewall be sufficient for the laptop.
>
>bite the bullet, dig into your pocket and buy a adsl
>modem/router, you won't regret it. It's firewall (depending
>on what you buy) will protect against intrusions for all
>pc's on your network, you'll still need a virus scanner
>though. Check out www.adslguide.org for models & reviews.

An affordable mainstream hardware router only acts as a firewall for
incoming traffic, so in this respect it's no different than using a
software firewall on an ICS host. Outgoing traffic from client PCs
(eg. from trojans) will escape unhindered via ICS or a hardware
router. If you are not concerned about this possibility, then you can
remove the firewall from the laptop. If you wish to stop unauthorised
outgoing traffic from client machines, then you'll need a firewall on
each one.

On Thu, 18 Sep 2003 07:43:30 GMT, BRG
<(E-Mail Removed)> wrote:

>That statement does not make sense as it stands.

Quite. Having done a test it is clear that "shields up" probe tests
can be initiated from any machnie via ICS but it always probes the ICS
host machine as that is the one with a visible IP address, so in my
case the POP3 server shows up regardless which machine I test but it
is only on the host machine.

Phil

Kraftee Writes

>If you're wondering why you may want to control outgoing connects, you
>have to remember that a lot of programs (bought over the counter as
>well as freeware, shareware & indeed warez) install phone home add
>ons, or spyware/malware & you may want to control what is allowed to
>connect & what isn't.

Would something like Ad-aware help in that respect? You're no doubt
gonna tell me only when I think to run it, and even then, only on apps
included in its far from frequent up-date list. :-(

--
Trevor Dennis
Remove s-p-a-m to email