Results 1 to 8 of 8

Thread: Firewall Zones

  1. #1
    ricksgotadrama Guest

    Default Firewall Zones

    Hi all.

    Simple question - but not for me, or I wouldn't be asking.

    How should the zones be set up in ZAISS? After reading several posts here in an attempt to clear up some DNS errors I've been having, I've just changed some of the zones - so now the loopback adapter, DNS server, DHCP server and 192.168.1.0/255.255.255.0 (router IP and subnet?) are all set as trusted. While this has resolved a few issues, (like Microsoft update working again) I'm a bit concerned that the address of my router is in the trusted zone. I know the 192.168.1.0 address is private, but isn't it less secure (for programs etc) having this zone set as trusted?

    Please advise if I'm being an eejit and worrying over nothing.

    Thanks.

    Operating System:Windows XP Pro
    Software Version:8.0
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,291

    Default Re: Firewall Zones

    Hi!Network adapter address should be different than your router. Check again the configuration.Most likely 192.168.1.1? Or something similar? Add the router as trusted instead of the all LAN unless you are sharing resources on your LAN.Ensure your router is updated to the latest firmware and that you have changed the default password to a strong random alphanumeric sequence (minimum 8 characters).Disable UnPn for extra security (if you really are paranoic) and if you use wireless only use WPA2 with AES and a random key larger than 20 random characters. This way you are pretty secure.... Cheers,Fax

    Message Edited by fax on 03-25-2009 08:54 AM

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    ricksgotadrama Guest

    Default Re: Firewall Zones

    Hi Fax.

    Thanks for your quick reply.

    I was trying to put a screen shot on this thread, but can't for some reason, so I'll just type how the zones list in my ZAISS firewall:

    New Network 192.168.1.0/255.255.255.0 Network Trusted
    Mapped Drive 192.168.1.3 IP Address Trusted
    DHCP Server 192.168.1.1 IP Address Trusted
    DNS Server 192.168.1.1 IP Address Trusted
    Loopback Adapter 127.0.0.1 IP Address Trusted

    My actual router login address is 192.168.1.1, but this doesn't show up on any zones in the firewall.

    I do sometimes share a printer over the LAN from my laptop, but that's once in a blue moon. If it is generally far safer to have the LAN set to Internet zone then I'd be happy with the small inconvenience.

    My UPNP's disabled, I don't use Wi-Fi, router's at it's latest firmware, and I haven't used the default login and password since the day I bought the router.

    So just to clarify, Fax, are you recommending that I add 192.168.1.1 as a trusted zone address and move the 'New Network' entry back to the Internet zone?

    Thanks for your help!

  4. #4
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,291

    Default Re: Firewall Zones


    <BLOCKQUOTE><HR>ricksgotadrama wrote:
    So just to clarify, Fax, are you recommending that I add 192.168.1.1 as a trusted zone address and move the 'New Network' entry back to the Internet zone?

    Thanks for your help!
    <HR></BLOCKQUOTE>Hi!not really, your router 192.168.1.1 is already trusted and it is fine to keep it like this.But for extra security you could set the "New Network" to the internet zone. But rememeber to add the IPs of resouces you need to share within your LAN (e.g. your laptop IP to print).Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  5. #5
    ricksgotadrama Guest

    Default Re: Firewall Zones

    I've put the LAN back in to the Internet zone, and as my router address is already covered by the DNS and DHCP entries in the Trusted zone then I guess I'm all good.

    So I suppose this is as secure as it gets, as if any of the 192.168.1.1 addresses are placed back into the Internet zone then I'll just start getting DNS errors again?

    What I was really wondering when starting this post, Fax, was doesn't having my router in the Trusted zone allow programs a far greater amount of freedom - and therefore any malware far greater ease to call home etc'? Or for functionality of the DNS &amp; DCHP in a home user setup with a router is this unavoidable, and is therefore just to be countered by safe surfing and good program access practices in ZAISS?

    Cheers Fax. Apologies for being a technical ******...

  6. #6
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,291

    Default Re: Firewall Zones


    <BLOCKQUOTE><HR>ricksgotadrama wrote:
    What I was really wondering when starting this post, Fax, was doesn't having my router in the Trusted zone allow programs a far greater amount of freedom - and therefore any malware far greater ease to call home etc'? Or for functionality of the DNS &amp; DCHP in a home user setup with a router is this unavoidable, and is therefore just to be countered by safe surfing and good program access practices in ZAISS?
    <HR></BLOCKQUOTE>No problem, these are legitimate questions.There is very little risk to place the router in the trusted zone.The only risk may come from an 'evil' PC on yourLAN thatpoison your DNS address(es) managed by the router. You don't use Wireless... the systems are directly wiredto the router thus this is really a remote problem. You are perfectly safe.Router only deals with inbound unsolicited calls,theoutbound calls are not controlled thus not relevant for limiting malware calls. The outbound protection is performed by ZA firewall and ZA program control. Just a reminder: ZA Trusted zone should be set to MEDIUM and NOT to HIGH. Otherwise is like everything is set to Internet.Hope this helps.Cheers,Fax


    Message Edited by fax on 03-26-2009 01:11 PM

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  7. #7
    ricksgotadrama Guest

    Default Re: Firewall Zones

    Thanks for clearing that up, Fax.

    Okay - I'm all sorted.

    Cheers for all of your help!

  8. #8
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,291

    Default Re: Firewall Zones

    You're welcome!Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •