Unoffical empeg BBS

Quick Links: Empeg FAQ | RioCar.Org | Hijack | BigDisk Builder | jEmplode | emphatic
Repairs: Repairs

Topic Options
#135248 - 14/01/2003 23:11 DSL, Router, ReplayTV, etc.
DeadFire
addict

Registered: 30/05/2002
Posts: 695
I'm worried about security. Here's the setup:

          Verizon DSL Modem

||
||
Linksys EtherFast Cable / DSL Router
/\
/ \
/ \
ReplayTV Win2K Box


The router has the ability to work with ZoneAlarm Pro in order to protect PCs connected to it. Should I purchase a license for ZoneAlarm Pro in order to protect my computer? The router will enforce security with ZAPro once I've given it my ZAPro license key.

And what about the ReplayTV? Will this also protect it? Or should I look for some other way to protect both, or not bother at all? Any help from one of you networking smarties would be appreciated.

Top
#135249 - 14/01/2003 23:36 Re: DSL, Router, ReplayTV, etc. [Re: DeadFire]
Biscuitsjam
enthusiast

Registered: 22/01/2002
Posts: 355
What do expect the evil hackers to do to your ReplayTV?

Make sure you have DMZ (demilitarized zone) disabled on your router. If you are still concerned, put Zone Alarm on your PC. It is an excellent program, and catches incoming as well as outgoing connections.

There really isn't much more you can do to protect your ReplayTV, nor is there much danger to it.

On a side note, I would recommend that you get the latest version of Ad Aware and run it to remove any spyware or adware on your computer.

-Biscuits

Top
#135250 - 15/01/2003 00:37 Re: DSL, Router, ReplayTV, etc. [Re: DeadFire]
andy
carpal tunnel

Registered: 10/06/1999
Posts: 5916
Loc: Wivenhoe, Essex, UK
Do the PC and the Replay have real public IP addresses, or is the router NATing for them ?

If the router is NATing then it reduces the importance of having a firewall anyway. With NAT in place nothing should be able to make incoming connections to the PC or Replay.

Does the router not have a builtin firewall itself ? If so the only additional thing running Zone Alarm on the PC will give you is some protection from spreading trojans to other people. If you really want Zone Alarm on the PC then you don't need to buy the Pro version, the free version will give you all of the protection of the Pro version (though without some of the flexiblity).
_________________________
Remind me to change my signature to something more interesting someday

Top
#135251 - 15/01/2003 00:43 Re: DSL, Router, ReplayTV, etc. [Re: andy]
Biscuitsjam
enthusiast

Registered: 22/01/2002
Posts: 355
The linksys router is a NAT (Network Address Translation) device. It does not come with a firewall other than the built-in protection that NAT provides. Zone Alarm Pro is not necessary, but still recommended for most people. It can occasionally have problems with certain games and such, but for most people it will give you additional security.

-Biscuits

Top
#135252 - 15/01/2003 10:25 Re: DSL, Router, ReplayTV, etc. [Re: Biscuitsjam]
DeadFire
addict

Registered: 30/05/2002
Posts: 695
The only reason it worries me is this: When I first set up my DSL almost two years ago, I immediately went and fetched a copy of ZoneAlarm. Not long after it claimed to have blocked a REAL attack directed at my computer (this was quite a while ago, so I don't remember the exact information it gave me). It only happened just the once, and never since. Anyway...

I checked on DMZ Host in the router's advanced settings, and it tells me this: "This feature sets a local user to be exposed to the Internet. Any user on the Internet can access in/out data from the DMZ host. Enable the feature as you wish to use special-purpose service." The only option for it is DMZ Host IP Address. If the last number of that address is a 0 (as in 192.168.1.0), then it's not doing anything, right?

So I guess I'd just feel better to have something running on the computer, rather than relying on the fact that NAT simply hides it from the internet.

Top
#135253 - 15/01/2003 10:31 Re: DSL, Router, ReplayTV, etc. [Re: DeadFire]
Biscuitsjam
enthusiast

Registered: 22/01/2002
Posts: 355
NAT does a little more than just hide you. It is still fairly weak security, but imagine this scenario.

You have a flimsy pathetic lock on your door
None of your neighbors have any locks

Even breaking your pathetic lock will take time and a small amount of expertise. It is unlikely anybody would bother. That being said, the average user probably gets portscanned about a dozen times a day. If you leave yourself entirely unprotected, you will probably get somebody probing or attacking your system every day Damage will occur extremely rarely however. In fact, you will probably never experience any damage.

"If the last number of that address is a 0 (as in 192.168.1.0), then it's not doing anything, right? "
Everything is fine then. That is the proper setting for most people.

-Biscuits


Top
#135254 - 15/01/2003 10:42 Re: DSL, Router, ReplayTV, etc. [Re: Biscuitsjam]
DeadFire
addict

Registered: 30/05/2002
Posts: 695
Thanks for the info. Knowing that, I'd still like to have something running on the PC. Granted I may be no *nix guru or a genius in, well, any field of computers, but I still like to *try* and minimize the number of things that are going on without my knowing about it.

Top
#135255 - 15/01/2003 10:47 Re: DSL, Router, ReplayTV, etc. [Re: DeadFire]
Biscuitsjam
enthusiast

Registered: 22/01/2002
Posts: 355
Install ZoneAlarm and run AdAware every week or so.

-Biscuits

Top
#135256 - 15/01/2003 10:54 Re: DSL, Router, ReplayTV, etc. [Re: Biscuitsjam]
DeadFire
addict

Registered: 30/05/2002
Posts: 695
I already use Ad-aware. Forgot to mention that. I have it run a quick scan on bootup (memory, registry), and then I do a full scan when I feel like it; no less than once a month.

Do you think the firewall that comes with McAfee VirusScan 7 would be good for the job?

Top
#135257 - 15/01/2003 10:54 Re: DSL, Router, ReplayTV, etc. [Re: Biscuitsjam]
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31597
Loc: Seattle, WA
You have a flimsy pathetic lock on your door
None of your neighbors have any locks
Even breaking your pathetic lock will take time and a small amount of expertise. It is unlikely anybody would bother.


Bad analogy. The internet isn't like the real world in that respect. If you have inadequate security on a fixed IP address, it'll simply get broken.
_________________________
Tony Fabris

Top
#135258 - 15/01/2003 10:55 Re: DSL, Router, ReplayTV, etc. [Re: tfabris]
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31597
Loc: Seattle, WA
And you know what, I'm not even sure the real world works that way.
_________________________
Tony Fabris

Top
#135259 - 15/01/2003 10:57 Re: DSL, Router, ReplayTV, etc. [Re: tfabris]
DeadFire
addict

Registered: 30/05/2002
Posts: 695
If you have inadequate security on a fixed IP address, it'll simply get broken.

This is why I'd like to have something for the computer. The router is using DHCP to assign IPs to the ReplayTV and the PC, but since the ReplayTV is always on, I don't think its IP has changed since I set it up.

Top
#135260 - 15/01/2003 11:02 Re: DSL, Router, ReplayTV, etc. [Re: tfabris]
Biscuitsjam
enthusiast

Registered: 22/01/2002
Posts: 355
Do you do logging on your setup Tony?

Try opening yourself up sometime and watch the flood of attacks. The truth of the matter is, most script kiddies set up port-scanning programs before they go to school/bed to find unsecured computers. Then, they go through the lists of open computers and break into those. Most are not going to know how to get through a simple NAT router any more than they will know how to open a simple door lock.

We have had people go through our neighborhood before and rob every house with an unlocked door. Similarly, I had my car looted when I left the door unlocked a few weeks ago. There were a dozen other cars in the parking lot. Did any of them get broken into?

-Biscuits

Top
#135261 - 15/01/2003 11:08 Re: DSL, Router, ReplayTV, etc. [Re: Biscuitsjam]
Biscuitsjam
enthusiast

Registered: 22/01/2002
Posts: 355
It is possible to get hacked even if you do have security, but it is not LIKELY unless you make yourself a target. I've had my computer crashed multiple times by online game opponents. I have even had somebody launch a DDOS attack on me once which lasted for about 4 hours. When I ran a game server, we pissed off a few cheaters by banning them from the server. They responded by hacking the linux box repeatedly.

I had quite a bit of security in all those instances. Nothing is infallable. However, like your car, people are unlikely to break your lock/windows unless they have an incentive.

-Biscuits

Top