Results 1 to 3 of 3

Thread: OK a little clarification ;) let me restate what i'm looking for

  1. #1
    tomfor Guest

    Default OK a little clarification ;) let me restate what i'm looking for

    I am a Subway Franchisee.

    Subway has little or no IT support for us.

    We use a POS System that runs on PC platforms. The only application that I need to run is Subshop for doing transactions. Built into Subshop is the Credit Card Software and encryption. Currently we use dialup but it's REAL slow for the transactions. I want to install DSL and speed up service times. When DSL gets installed I need to block all internet access except for Subshop.

    If I install zonealarm and tell it to shut off everything except Subshop will it do that for me?

    Can I password protect zonealarm so that I can turn off the firewall to download updates to the menu and Subshop program regularly?

    Or do i need a different program to almost completely cut off internet access. Nothing needs to be networked to anything else.

    Thanks for the help. It's great to have a forum to ask questions before taking the plunge into software and finding out you bought the wrong program.


  2. #2
    watcher Guest

    Default Re: OK a little clarification ;) let me restate what i'm looking for

    Dear tomfor:

    Just because Subway has little or no IT support does not preclude you from obtaining it. That said, yes, the ZAPRO edition allows you to kill all programs but Subshop, its updater, and critical Windows components from the Programs tab of the Program Control panel. Using expert firewall rules, you can block all IP addresses but the ones or IP range that you would be using(depending upon static or dynamic IP assignment). You can get even more granular by using program expert firewall rules to use specific IP addresses/ports/dns servers/etc..

    Yes, you can password protect ZAPRO so no one can make changes but yourself(or your proxy).

    Neither of these, alone or in conjunction with each other, is a guarantee against your employees using the Internet. As Oldsod pointed out, you must secure the hardware that you use. If the computer has a CD/DVD drive, an employee, during a lull in business, could insert a bootable Linux LiveCD like Ubuntu and reboot. Running off a different operating system and with its own web browser, the employee would be able to surf to his/her heart's content. If there is an available USB port, an employee could attach a flash memory device containing a minimal Linux operating system like **bleep** Small Linux. Again, it has its own operating system and it would be possible to reboot to run this operating system. There are other possibilities as well.

    In summary, please seek out an IT consultant who can help you find the ideal solution for your business. As Oldsod pointed out, cutting corners to save money could cost you dearly down the road.

    Hope this helps.


  3. #3
    treborg Guest

    Default Re: OK a little clarification ;) let me restate what i'm looking for

    Tom, regardless of "networking" use a soho firewall/router between your DSL and the PC.
    You *CAN NOT TRUST* any software application running on the pc to protect the pc from all attacks.
    An external firewall would be configured (usually by default) to block all inbound traffic that was not initiated by your pc going out bound.
    Relying solely on the software running *ON* the pc does not work.
    Its the next flaw in that application that prompts updates.
    And ZoneAlarm is no different from any other application... any flaw in it, and you potentially loose all security.
    You can usually put in URL filters on most of the average soho firewalls, say allow ... but deny others.. and even if you needed to get to some other site to update your point of sale software, you can add that, or later log into the external firewall and disable the filter while getting any updates you need.
    As an over simplified example of solely relying on zone alarm ...<blockquote>would you hang your lock's key on a 6 foot *string* 10 feet from the door?
    .... Probably not, because someone could simply cut the string, walk the 10 feet and they'd get into your store.

    Again.. that's a complete dramitization, &quot;they don't actually hand you a muffin with butter and jam&quot;, but again.. its overall point is valid ... the security there, is in having the key on a 6 foot teather ... no one could make that string go the 10 feet to the door ... without breaking the string.. and if that's the only security you have.... someone will break the string and will take the keys to the store... if the only security you rely on, is running on a flawed and well attacked platform, you risk that machine when someone finds the way to kill the software protecting it.

    Please also keep in mind.. if you do get a firewall/router, turn off any wireless options (if so purchased), other options that aren't needed (UPnP), make sure you change its default password, don't allow it to be ping'd from the internet, and don't allow it to be accessed remotely for configuration changes..

    An added step / blockade to get to your POS terminal is just a smart investment in your future, and that investment is as cheap as 25 bucks (14 dollars after rebates) .... check out or any on line well established retailer.. el cheapo firewall router using nat only, or better ... go to newegg and search for SPI firewall ... sort the results on price... and for under 50 you get better firewall options..

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts