/* ----------------------------------------------- Blogger Template Style Name: Minima Black Designer: Douglas Bowman URL: www.stopdesign.com Date: 26 Feb 2004 ----------------------------------------------- */ CompuDave: Firewalls - ZoneAlarm on small LANs

Tuesday, October 12, 2004

Firewalls - ZoneAlarm on small LANs

I've mentioned before using a firewall like ZoneAlarm. It really is a good idea. However in some cases there needs to be a little knowledge applied when using it. Yesterday I had a client in a small office call and tell me they couldn't get on to a shared folder on another computer.

I walked them through several steps and couldn't quite get what was up. The other computer showed up under workgroup computers but if you tried to open any of it's resources you couldn't. Now windows doesn't give very good messages on network errors. It just kept reporting the folder was unavailable. Finally I had them go to the computer with the shared folder. "Try to look at workgroup computers" I say. No luck at all, network unavailable. Then she says something about Zone Alarm asking permission. AHA! I knew right off.

Trouble was I've never put ZA on computers in this office. Someone had on this one, and they didn't understand the effects it would have. (I reccomend not allowing individuals in a business office to install software and this is a good reason why. Good intentions - bad results).

First in these small LANs a basic router offers pretty good protection. It will hide your individual computers from the internet under most circumstances. It won't do firewall duties like port blocking unless you configure it to (and maybe not even then or very well). I like ZA because nowdays so many computers become infected with spyware and trojans. Once this happens these basic routers will just let the machine spew out practically anything. With ZA installed you get alerts when unexpected programs start trying to act like servers.

But ZA will also start blocking the NetBios messages (thats the windows networking that lets you see other computers in a peer-peer network by name). Basically the answer is to set up a trusted zone in the firewall to allow all this messaging to go on. Most of these small routers have the DHCP turned on. This assigns addresses to computer on the local side of the router. That's good, it simplifies things. The local address will look something like this : 192.168.1.x where x will be a number between 1-255. This is also good - it is part of a group of addresses that are defined as non-routable, this keeps your local traffic off the internet.

Now here's the trick that lets you use ZA for safety but lets your local area network work.
(you need to know your local network address - the following is an example but very common on small router based LANs)
1. Bring up the ZA panel by double-clicking the ZA box in the system tray.
2. Go to Firewall on the left column and Zones on the upper tabs
3. Go to add and choose IP Range
4. Choose a trusted zone. Enter 192.168.1.0 in the first address and 192.186.1.255 in the second
Enter a description like LAN.
5. Click Apply

Now it will all work right.

0 Comments:

Post a Comment

<< Home