Security .. Am I secure?

llol_slim

I have searched, but couldnt find anything similar :-(

My setup at work is as follows :

D-Link DSLG804V wired/wireless router
wired into D-Link switch
8 Desktops + 1 Laptop wired through switch to access the internet.

I had Zone Alarm free edition installed on my PC, and not on the others, however, I was struggling to get printer sharing, RealPopup (messaging program) and WinVNC (remote access program) to work properly unless I closed Zone Alarm.
Basically, are the computers safe behind a router and a switch? I cant find any documentation saying our router has a built in firewall.

Do I need a firewall?
Thanks

Laurie

(PS im not a complete newbie, but networks is something that I have VERY limited knowledge on)

mr_fishbulb

You should put a software firewall on all of the computers, not just your one. Even if your router has a firewall built in (I don't know if it does, but if you don't know either then it probably hasn't been configured) a software firewall will tell you if anything dodgy is sending information ouot to the internet (like your bank details!).

I've got a home network, only 2 pcs, but I run VCN through it with no problems. I use Sygate Personal Firewall as a software firewall. I'd reccomend you getting that instead of Zonealarm.

llol_slim

Thanks, I was aware of needing firewalls on all, but getting software is a toughy because we are a charity, which generally means we shouldn't really use the free versions, but then we have a limited budget, and pursuading our money man to buy software that he doesnt know about is harder than blood from a stone
But thanks, I'll look into Sygate.
Thank you very much
Laurie

meclive

Your router does have a built in firewall and personally I wouldnt use one in your situation, i'd just make sure I had decent up-to-date antivirus and spyware protection on all computers, but its up to you to decide how secure you need to be.

wolfman

I always run a software firewall. Having a hardware firewall/portblocker and software firewall is a very effective combination.

Things a software firewall will do, that a hardware firewall won't:
- Block outbound connections
- Block on a per application basis, so you can restrict what applications can use a certain port.
- Provide protection within your network.

It's a good second line of defense, and can help block any rogue dialers, keyloggers, trojans etc... from sending info home, should your AV, or Anti-Spyware not pick it up.

You shouldn't need to pay for a software firewall. ZoneAlarm, Sygate, and Sunbelt Kerio Personal Firewall are all free and very good. I personally use Kerio as I find it to be the lightest and most configurable.

From the sound of things, you just need to configure ZoneAlarm properly. If you do give in with ZoneAlarm, try Kerio.

albertross_2

If the wireless is turned on and unencrypted, then that may be the weak point in your network.

Putting software firewalls on all the PC's may cause you some headaches, especially if file sharing or any servers are in use (they can cause timeouts), and will stop vnc working, unless configured correctly..

As you suggested the free ones are usually free for home use, but not for commercial use, check the T&C's on the sygate, kerio, and zonelabs website if you want to stay legal.

If you have XP, then you could use the one built in, it doesn't offer outbound protection, but will help protect you from worms.

Realistically, most users will probably allow any outbound prompts, so outbound protection may be not much use anyway.

If you want to test the hardware firewall on the router, try running a port scan on https://www.grc.com or https://www.dslreports.com/firewalls.

Are you using NAT on the router?

llol_slim

albertross wrote:

If the wireless is turned on and unencrypted, then that may be the weak point in your network.

Are you using NAT on the router?

We dont broadcast our SSID and we have a 128key wpa password :angel:

NAT ... Um as far as I know, we aren't which I guess probably means if we were, i would know about it, seeign as i set the system up (setup in inverted commas!)

THanks for all the help, ive contacted our head of finance and will see what he comes up with

Laurie

Andy_Davies

albertross wrote:

Are you using NAT on the router?

As there are 9 (?) client PCs I'd guess he is...

albertross_2

If you are using wireless, just turn it off.

https://www.grc.com/passwords produces strong keys if you need it enabled.

llol_slim

albertross wrote:

If you are using wireless, just turn it off.

https://www.grc.com/passwords produces strong keys if you need it enabled.

thats what we used :-)

Is a NAT the same as a 20 port switch?

Andy_Davies

llol_slim wrote:

We dont broadcast our SSID and we have a 128key wpa password :angel:

NAT ... Um as far as I know, we aren't which I guess probably means if we were, i would know about it, seeign as i set the system up (setup in inverted commas!)

Unless you've got lots of external ip addresses (and ISP don't particularly like handing them out) I'd guess you're almost certainly using NAT.

Based on the information you've given in this thread I reckon you're fairly secure without needing software firewalls on the PCs but do they all have up-to-date anti-virus software and does it get run?