Google Answers Logo
View Question
 
Q: firewall and security settings for max security XP with webcam and wireless ( Answered 5 out of 5 stars,   3 Comments )
Question  
Subject: firewall and security settings for max security XP with webcam and wireless
Category: Computers > Security
Asked by: onetwothreefour-ga
List Price: $35.00
Posted: 26 Aug 2003 16:49 PDT
Expires: 25 Sep 2003 16:49 PDT
Question ID: 249064
PLEASE DO NOT ANSWER THIS QUESTION UNLESS YOU HAVE RATING OF 4* or 5* and
have answered at least three questions on google before

I would like to make my system as secure as reasonably possible - without
making my system so tight as to be unusable

This posting is divided into BACKGROUND info first then the QUESTIONS I want
answered next

The questions are subdivided as they are too much for one post I think. I am
firstly looking for an answer to questions in  part 1A


BACKGROUND
I have a Windows XP machine attached to the internet using a UK ADSL
provider

I have a netgear ADSL wireless router - NETGEAR DG824M Wireless ADSL Modem
Gateway - Router - DSL
http://www.netgear.co.uk/html/prod_routers_adsl_dg824m.htm

I appear to have three firewalls available to me:
a) XP Firewall
b) Firewall with ADSL router/modem
c) Norton firewall software - purchased but not yet installed

I use email, web, ftp upload and downloads
I occasionally use instant messenger programs  but mainly I turn them off
through believing they are a weakspot in my system

In future I would like to use a webcam to have a  video connection with the
person I am talking to (on the phone or via the web) at the same time

For good reason, I am concerned that the other person could inadvertently or
deliberately see my files or pass on a virus. I want to protect myself
against that.

I expect I will use Microsoft messenger combined with webcam and
occasionally AIM

I use IE 6 and Outlook Express mainly

I use Norton Antivirus


QUESTIONS

Part 1A
Ignoring wireless security aspects - what should my firewall settings be to
ensure good security ?
Do I need all three firewalls installed ?

What other settings are relevant eg messenger settings , XP system settings,
IE etc other applications

Will I be able to securely use my webcam and instant messaging?

I tend to "disable" my wireless connection - via the icon in XP - when I am
away from my pc - which somewhat defeats the always on aspect of having
ADSL - Am I doing myself any favours by doing that or is it a pointless
exercise from a security viewpoint?

Part 1B
wireless aspects
what should the settings be to maximise the wireless security aspects be

I may post a separate question on this if you don't want to answer here


PART 2
I also have a second machine running win98 which I intend to connect using
Ethernet on a wired (not wireless) basis via the modem/router/hub all in one
box that I have - I want to know how best to do that without making my
machine exposed to the other machine.
I am considering putting the webcam on the second machine if this will
enhance security .

I may post a separate question on this if you don't want to answer here

PART 3
Can I "see into"someone else's machine if we are hooked up via webcam for a
conversation ?
Answer  
Subject: Re: firewall and security settings for max security XP with webcam and wireless
Answered By: tisme-ga on 30 Aug 2003 06:52 PDT
Rated:5 out of 5 stars
 
Hello onetwothreefour, 
 
Part 1A 
Ignoring wireless security aspects - what should my firewall settings
be to ensure good security ?

ANSWER: Basically you should be blocking ALL ports except those that
you need. For example, if you use port 21 for ftp, you will have to
make sure that it is open. I recommend that you disable pings so that
random ip scanners will not be able to find you as easily.

Do I need all three firewalls installed? My personal opinion is no, I
would use the Hardware Firewall with your modem, and possibly one of
the software firewalls. You should use the Norton Firewall software
one because it will have more options/features available for you and
the default settings and in-program information will help you secure
your computer properly.

You really only need to have the hardware firewall, and if it is
properly configured there is no reason to have a software firewall
except for backup security purposes. My personal choice would be to
use the hardware firewall plus an application level firewall such as
Zone Alarm (Norton may have some application level features as well
but Zone Alarm is extremely easy to use). Basically if an application
tries to use one of the open ports to communicate, you will have final
say over whether or not it should be allowed to do so. You can
download ZoneAlarm free application level firewall here:
http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?lid=pdb_za1
 
 
What other settings are relevant eg messenger settings , XP system
settings, IE etc other applications.

ANSWER: Basically if an internet application does not work, you will
need to check the help files or website to see which ports it requires
to function. For example this web page has the information for Yahoo
Messenger including the protocols and ports it uses:
http://help.yahoo.com/help/us/mesg/twin/twin-36.html
 
Will I be able to securely use my webcam and instant messaging? Yes,
just don’t download anything that could be a Trojan to spy on you.
Even if you did, your application firewall (ZoneAlarm) would still ask
you for permission before allowing information to leave your computer.
I think the security issue has more to do with the wireless aspect of
your network.
 
I tend to "disable" my wireless connection - via the icon in XP - when
I am away from my pc - which somewhat defeats the always on aspect of
having ADSL - Am I doing myself any favours by doing that or is it a
pointless exercise from a security viewpoint?

ANSWER: As long as you have encryption enabled, there is no reason to
disable your wireless connection. Do you have 128 or 64 bit encryption
enabled? If yes, the only way someone can connect to your network or
unscramble your data is if they figure out what the code is that is
shared between only your computers. Instead of disconnecting your
computer network constantly, consider changing the encryption key
every month or every two weeks.
 
Part 1B 
wireless aspects what should the settings be to maximise the wireless
security aspects be.

ANSWER: What wireless network are you using? You should certainly have
128 or 64 bit encryption enabled as this makes it harder to get onto
your network, with 128 bit encryption even more so. If you do not have
encryption enabled, your network can be accessed by anyone within
range which is certainly not a good idea.
 
 
PART 2 
I also have a second machine running win98 which I intend to connect
using Ethernet on a wired (not wireless) basis via the
modem/router/hub all in one box that I have - I want to know how best
to do that without making my machine exposed to the other machine.
I am considering putting the webcam on the second machine if this will
enhance security . 

ANSWER: I am not sure I understand you 100% here. Are you saying that
you do not want computers on the wireless part of your network to be
able to access this computers files and folders? This is simple to
turn off, all you need to do is ensure that you are not sharing any
files or folders on this computer. Also in the Network Connection
Properties, you may want to turn of File and Printer Sharing for
Microsoft Networks, but this may prevent you from accessing other
computers on the network also.

Your internet connection will be more secure than the wireless
connection however, because anything your cable modem sends out to
this computer will not be broadcast wirelessly, it will be sent
through the cable to the computer only. Remember however that with 128
bit encryption enabled on your wireless network, you are already very
secure.

PART 3 
Can I "see into" someone else's machine if we are hooked up via webcam
for a conversation ?

ANSWER: If you are hooked up via webcam to another machine, you will
normally not be able to “see into” someone else’s machine because you
only have access to the network traffic that the webcam program is
sending to your computer from the other computer. If someone had
changed the webcam program on your computer to send information it
should not be sending, then this might be a problem, but any major
webcam software released by a reputable software company can probably
be trusted.

I hope these are the type of answers you were expecting. Please let me
know if you require any additional clarification or information and I
will do my best to get back to you as soon as possible.

All the best,

tisme-ga

Request for Answer Clarification by onetwothreefour-ga on 30 Aug 2003 11:05 PDT
Firstly, thanks for your answer, which is very much along the lines i
am looking for. And i was pleased to see that you answered all parts

Clarifications - sorry somewhat out of order
**
As regards Part 2 - the other computer:
I don't want to share any files between these pc's AT ALL - one is my
son's for games etc and the other is mine for work.

I was told by a techie friend that if the two pc's shared the
router/hub etc then effectively by default, they would be networked
together - is that not true then ?

***
As regards the wireless aspects - i take your points - but i am not so
worried about that because a)i found that bit easier to decipher and
have it largely locked down (though i haven't yet turned the
encryption on) b) i live in a fairly remote area where no one else is
wandering around with the relevant equipment c) I have the wireless
router set to only allow the mac address of this pc to connect.
I do find your points helpful though

***
Zonealarm - everyone seems to recommend this rather than Norton (Cause
it's free i guess) so i am inclined to install it instead of Norton
and sell the unopened Norton box on ebay ! - as ease-of-use is a big
seller for me.

***
I think i need to turn off the XP firewall - can you remind me how to
do that?
and install Zonealarm and then figure out what ports are used for
what.
And having done that i may post some clarifications if i get stuck ok
?

I guess my main concern is that i have to open certain port for the
webcam, and that port is abused by another piece of software eg a
trojan on the other person's pc. But i think you are saying that the
risk of that is reduced by my antivirus software

***
I have to sign off now though i may post again later - and certainly
will after installing the software firewall - it may not be until
Monday though - so please don't think i have forgotten you !!

Thanks for good answer so far 
regards
1234

Request for Answer Clarification by onetwothreefour-ga on 30 Aug 2003 11:17 PDT
also - re part 2 - i forgot - i don't know if i explained - the only
reason for them being connected at all is that i want the second pc to
have access to the adsl line - and that facility comes via an ethernet
socket on the router - which is a combined router/hub etc

Clarification of Answer by tisme-ga on 01 Sep 2003 06:30 PDT
Firstly, thanks for your answer, which is very much along the lines i
am looking for. And i was pleased to see that you answered all parts
 
Clarifications - sorry somewhat out of order 
** 
As regards Part 2 - the other computer: 
I don't want to share any files between these pc's AT ALL - one is my
son's for games etc and the other is mine for work.
also - re part 2 - i forgot - i don't know if i explained - the only
reason for them being connected at all is that i want the second pc to
have access to the adsl line - and that facility comes via an ethernet
socket on the router - which is a combined router/hub etc
 
I was told by a techie friend that if the two pc's shared the
router/hub etc then effectively by default, they would be networked
together - is that not true then ?

##ANSWER##
In this case I recommend that you go into the Network Connection
Properties and disable File and Printer Sharing for Microsoft Networks
for all of the computers you do not need file sharing on.

By default this is enabled, but also by default folders are not
“shared”. One still has to right click a specific folder and in the
properties of the folder, share it on the network. Turning it off will
solve this problem.
 
*** 
As regards the wireless aspects - i take your points - but i am not so
worried about that because a)i found that bit easier to decipher and
have it largely locked down (though i haven't yet turned the
encryption on) b) i live in a fairly remote area where no one else is
wandering around with the relevant equipment c) I have the wireless
router set to only allow the mac address of this pc to connect.
I do find your points helpful though 

##ANSWER## 
Good, it seems you have this covered then.
 
*** 
Zonealarm - everyone seems to recommend this rather than Norton (Cause
it's free i guess) so i am inclined to install it instead of Norton
and sell the unopened Norton box on ebay ! - as ease-of-use is a big
seller for me.

##ANSWER##
I had purchased McAffee and installed it, and ZoneAlarm is without a
doubt a better Application firewall. I have not tried Norton because I
have not needed to at this point. If you have a router that can act as
a hardware firewall, all you need is a software application firewall
to get the programs and connections that are trying to get through any
open ports in your hardware firewall. ZoneAlarm is perfect for
catching these. You can give permission for trusted programs to always
connect to the internet, but any program that attempts to do so
without permanent permission will result in a window where you have to
authorize the connection.
 
*** 
I think i need to turn off the XP firewall - can you remind me how to
do that?
and install Zonealarm and then figure out what ports are used for
what.
And having done that i may post some clarifications if i get stuck ok
?

##ANSWER##

Sounds Good. I will try to help you with any problems that come up. To
disable XP Firewall, go into your Control Panel and double click on
Network Connections. Double click the connection where you turned on
the firewall and click Properties. Then click then Advanced Tab and
remove the checkmark under Internet Connection Firewall. You should
check to make sure that all computers have this disabled.

I guess my main concern is that i have to open certain port for the
webcam, and that port is abused by another piece of software eg a
trojan on the other person's pc. But i think you are saying that the
risk of that is reduced by my antivirus software.

##ANSWER##

If you have an open port and there is a Trojan on someone else’s
computer, the Trojan on the other person’s computer will not be able
to do anything to your computer unless you somehow download and
activate it. Your antivirus program should catch this however. If for
some reason a Trojan makes it onto your computer and it uses a port
that is open, ZoneAlarm would stop it and you would need to give it
permission to access the internet (it does this with all programs on
your computer and this can be done on a case by case basis, or you can
give certain programs permanent permission).
 
*** 
I have to sign off now though i may post again later - and certainly
will after installing the software firewall - it may not be until
Monday though - so please don't think i have forgotten you !!


Thanks for good answer so far  
regards 
1234

Sorry for the delay in posting. I have been trying to get as much out
of my summer break this weekend and to make things worse, my internet
connection was flakey over the weekend.

I hope this helps and please let me know if you need any more
clarifications,

tisme-ga

Request for Answer Clarification by onetwothreefour-ga on 01 Sep 2003 10:36 PDT
ok i have installed zonealarm and am getting used to it it seems well
behaved except one odd moment where it appeared to crash xp but i
think it was due to an xp update just completing and za's fault.

the only worry i have about zone alarm is that sometimes i won't
recognise the thing it is asking me to decide on and so i might get
into a habit of saying yes to the zonealarm alerts without
questioning! However the zonelabs webpages that you get directed to
automatically seem very good and the help is very helpful.

for info - as regards the webcam issue  - the webcam i bought
completely trashed my system when i tried to connect it - in a very
very weird way that i don't yet get. luckily i managed to do a system
restore using xp rollback feature otherwise i'd have lost all my
network connections settings and anti virus software was wiped too.
That is a totally separate issue though and it occurred before you
replied to my original question !
But it means i can't yet test out the webcam thing
I *think* you have answered all my questions well, but I must rush out
now so i will review things properly later this evening (i got caught
up with sorting out the unrelated xp issues today) and so i will rate
you then. Thanks v much in meantime.
1234

Clarification of Answer by tisme-ga on 01 Sep 2003 11:25 PDT
Regarding ZoneAlarm, if you don't know what the program is that is
trying to make an internet connection, you can temporarily deny it
access. If you find that something is not getting on the internet that
should be, you can always allow access the next time it tries to
connect, or change the options in zone alarm if you have it set to
always deny access.

You should make sure your webcam is fully Windows XP compatible. If it
is XP compatible and is not working properly, you should get a refund
or store credit at the store where you purchased it from.

tisme-ga

Request for Answer Clarification by onetwothreefour-ga on 01 Sep 2003 14:02 PDT
Thanks for your comments on the webcam
it was a creative labs pro ex and I plan to return it to Amazon. I am
not sure if it is "fully compatible" with xp but I would think so.
However it's not fair to ask questions of you here on that so I will
figure that out separately.


Regarding your earlier points - sorry to go back on this but I am not
clear
on these things
(there will be a good tip for all your work if you can answer these)

1.
"Basically you should be blocking ALL ports except those that
you need. For example, if you use port 21 for ftp, you will have to
make sure that it is open. I recommend that you disable pings so that
random ip scanners will not be able to find you as easily."

How exactly do I do that - or is zone alarm doing that for me already
?

When I tell zonealarm that  a particular program is ok , does it allow
all
ports access to that program or only the port that used it that time?

2. You really only need to have the hardware firewall, and if it is
properly configured there is no reason to have a software firewall
except for backup security purposes

What would be the "proper configuration" for the hardware firewall
then ?

3. I was asking  "What other settings are relevant eg messenger
settings ,
XP system
settings, IE etc other applications"

You didn't explicitly advise me to switch off the download files
ability of
instant messenger -  it seems to me that if I allow the instant
messenger
program through the firewall then it won't protect me against
something bad
coming in that direction - although maybe antivirus software will ?

Can you give me some further thoughts on this bit i.e. weaknesses in
specific
applications that I mentioned , which will not be stopped by the
firewall
(as I will have ticked to let them through the firewall)

4. I said "I tend to disable my wireless connection "
actually I meant to say that I disable the adsl connection - the
wireless
part is irrelevant
zone alarm seems to be saying I should use the lock internet feature -
what are your comments on that?

5.  I don't get the points made by a commenter about NAT - also made
by my techie friend - what's the issue with that ?


thanks

1234

Clarification of Answer by tisme-ga on 01 Sep 2003 16:25 PDT
Regarding your earlier points - sorry to go back on this but I am not
clear
on these things 
(there will be a good tip for all your work if you can answer these) 
 
1. 
"Basically you should be blocking ALL ports except those that 
you need. For example, if you use port 21 for ftp, you will have to 
make sure that it is open. I recommend that you disable pings so that
random ip scanners will not be able to find you as easily." 
 
How exactly do I do that - or is zone alarm doing that for me already
?

--ANSWER: This depends entirely on what firewall you have installed
and how it works. My firewall works by me going to http://192.168.2.1
(in internet explorer) and from there selecting which posts to open
up. Any ports not opened up should be automatically closed when your
firewall is activated. Disabling pings is a feature that may or may
not be included in your firewall. You may need to see your hardware
firewall documentation for more information on how to access these
settings.
 
When I tell zonealarm that  a particular program is ok , does it allow
all
ports access to that program or only the port that used it that time?
 
--ANSWER: Well it’s your hardware firewall that determines which ports
may or may not be accessed. If the ports a program needs are closed,
and you allow the program to access the internet with ZoneAlarm,
although ZoneAlarm would let the program go though, your hardware
firewall would not. For a program to work both of these conditions
have to be met: A) The ports it needs have to be open on your hardware
firewall and B) The program needs specific permission from you through
ZoneAlarm.

2. You really only need to have the hardware firewall, and if it is 
properly configured there is no reason to have a software firewall 
except for backup security purposes 
 
What would be the "proper configuration" for the hardware firewall
then ?

--ANSWER: Block all ports except the ones you need. Your software
firewall will act as a backup in that it will ensure that certain
programs do not use the ports you have opened without your permission
and knowledge.
 
3. I was asking  "What other settings are relevant eg messenger
settings ,
XP system 
settings, IE etc other applications" 
 
You didn't explicitly advise me to switch off the download files
ability of
instant messenger -  it seems to me that if I allow the instant
messenger
program through the firewall then it won't protect me against
something bad
coming in that direction - although maybe antivirus software will ? 

--ANSWER: Having an instant messenger installed and working (such as
MSN Messenger) with file transfers on certainly does not mean that you
are at risk of receiving a Trojan or virus. You actually would have to
ACCEPT the file transfer (these are not done by themselves) and then
manually open and run the file that you just downloaded. There is no
way that this can happen by itself. If you do not need file transfers
in MSN messenger or similar applications, you can disable them, but
this is not something I would worry about. Even if you downloaded a
file transfer thinking it was something important, your virus scan
would probably still catch it. The best policy is not to download
anything on the internet you do not trust 110%.
 
Can you give me some further thoughts on this bit i.e. weaknesses in
specific
applications that I mentioned , which will not be stopped by the
firewall
(as I will have ticked to let them through the firewall) 

--ANSWER: As a rule, you should only give applications permission to
access the internet that you trust completely! Unfortunately there is
no way your firewall or zonealarm can protect you if you allow a bad
program, virus or trojan to access the internet. Your only hope is
that your viruscan would catch this. For example, if you download a
Trojan through MSN messenger, it is not an issue of MSN messenger not
being secure, but you are choosing to download the program yourself.
(It cannot just download itself, there is absolutely no way that can
happen.) You would then need to actually RUN this program and give it
ACCESS to the internet. In the case of an email virus such as Outlook
Express, you would only need to run the program because Outlook
Express probably already has permission, but in that case your virus
scan would hopefully catch it.
 
4. I said "I tend to disable my wireless connection " 
actually I meant to say that I disable the adsl connection - the
wireless
part is irrelevant 
zone alarm seems to be saying I should use the lock internet feature -
what are your comments on that? 

--ANSWER: Lock Internet Feature is fine, I would not recommend you
disable your ADSL connection with all the security on your system.
 
5.  I don't get the points made by a commenter about NAT - also made
by my techie friend - what's the issue with that ?

For some information about what NAT is see this website:
http://www.dslreports.com/faq/530

The problem is that having NAT alone will not solve your problems, but
closing the ports you do not need will. If you want to run a security
check on your computer, I recommend this website:
http://grc.com/default.htm Click on the ShieldsUP! Link and then click
on “File Sharing” and “Common Ports”. Note that if you run an ftp
server, and other servers on your computer, these ports will obviously
be open as you need them to be so that other people can connect to
your computer.

All the best,

tisme-ga

Request for Answer Clarification by onetwothreefour-ga on 01 Sep 2003 18:18 PDT
thanks for your good answers
i am not sure that i agree with your point that there is "no way" a
program can run itself - surely this is the issue with scripting
-programs can actively do stuff without being instructed to do so -
and thus why security people always instruct you to turn off windows
scripting host ? (although as legitimate applications increasingly use
wsh i can't do that)

i note that a similar issue is addresssed here regarding scripting in
IM applications:

http://enterprisesecurity.symantec.com/article.cfm?articleid=1341&EID=0

so perhaps we will agree to differ on that point !

anyway i think your responses were very helpful so i will rate you and
tip you now and close out this question
thanks
Judy

Clarification of Answer by tisme-ga on 01 Sep 2003 20:44 PDT
Thank you for the rating and tip. 

I do agree with you, for example I know that AIM used to be and still
is to some extent a security risk, but have not seen many people with
problems who use MSN Messenger. I do not believe that the latest
version of MSN messenger allows any sort of scripting, and I know that
files cannot be transferred without the express permission of the
owner.

I would not consider Outlook Express and vulnerable apps which have
scripting to be secure applications. It is also true that with buffer
overflows other seemingley safe applications can quickly go bad, but
the best way to protect oneself against this is to be careful and to
stay informed and updated with the latest patches. It is also
important to have backups made in case something goes very wrong.

Thank you for the link, I have started reading it and it is quite
interesting. I wish you the best,

tisme-ga
onetwothreefour-ga rated this answer:5 out of 5 stars and gave an additional tip of: $10.00
very helpful, knowledgable and explained well

Comments  
Subject: Re: firewall and security settings for max security XP with webcam and wireless
From: snsh-ga on 27 Aug 2003 00:16 PDT
 
Have you ever had a chance to run Zonealarm?
It's fun when it spits out messages like "Zonealarm has blocked access
to your computer from 192.168.0.11".
Works at the application level not the port level -- effective when
combined with a hardware firewall.
Anyway it's a free download from zonlabs.com.
Subject: Re: firewall and security settings for max security XP with webcam and wireless
From: deeeej-ga on 30 Aug 2003 02:43 PDT
 
Wow!  That's a long one.  I don't have a rating, but I think I can
offer some useful information.

First, you're doing great by having both a hardware and software
firewall.  The hardware firewall is in the router.  It is called NAT
or Network Address Translations.  This means that for every incoming
communication, there must have first been an outgoing request for that
information.  It prevents that bored 15-year-old kid from California
with a newly downloaded Trojan horse client program from knocking
(port scanning your PC) on your computer's door (there are many – 64k)
and getting an answer.

But that's all the hardware firewall will do for you.  You still have
to worry about email!!

The problem with email is that it provides a means for hackers and
folks up to the general ill the opportunity to infect or connect to
your system without your authorization.  Because you're running Norton
Antivirus, you're relatively safe from viruses and Trojan horse
programs, though you should still be cautious about opening suspicious
email (email from an unknown source or email from a friend that looks
strange...e.g., Bob sends his co-worker, Stan, an email that expresses
his undying love).

Make sure you keep up with your virus definitions!

So, you can surf the web without unknowingly answering your door, and
because you keep your virus definitions up-to-date and you are careful
about opening suspicious email, you are at least more secure than your
neighbor.  But let's take it one step further...

You already have Norton Internet Security (NIS).  That's a great
program.  By the way, the program snsh-ga recommended (ZoneAlarm Pro)
is a good one too.  I prefer Norton, but they all generally do the
same thing.  Moving on...

So, NIS default settings will add some muscle to your system's
security.  You can really just install it, go through the
configuration wizard, and then peacefully surf.  There's only one
thing I like to do differently than the installation wizard
recommends.  I like to wait to define program access until NIS prompts
me as I use my computer.  This serves two purposes.  First, it allows
me to control what programs can and cannot access the web.  This is
important when you consider how Trojan horse programs work. 
Essentially, you’ll be able to see when an inadvertently downloaded
and installed Trojan horse program tries tell everyone on the web that
you’ve been infected and are ready to be abused.  The second purpose
it serves is it allows me to see what “legitimate” programs are trying
to access the web (you'd be surprised how many do it without your
knowledge).  A perfect example of this is RealOne Player.  After it
installs, it wants to connect to real.com so that it can start popping
up messages every time you logon to your computer.  NIS paid for
itself when I was finally able to prevent RealOne from accessing the
web.  You’ll really like the program control feature!

Ok, so now you don’t answer the door when someone knocks, you’re
protected from viruses or Trojan horse programs received via email,
and you’re protected even more so with NIS.  At this point, I believe
you are as secure as you’re going to get.  You could tweak NIS to
increase your system’s security even more, and I know you’ll likely do
this as you get more familiar with features in NIS, but you could just
let the installation wizard complete and then forget about it.

Even this level of security is not failsafe.  You’ll always have open
doors into your system.  There are too many people out there working
to out smart the big guys.  However, you at least have a fighting
chance.  As long as your system is at least a harder nut to crack,
hackers will likely bypass you for an easier target.

Be smart and prosper!

Answers to questions…

1.	Go with NIS and router default settings…they’re good
2.	You could get away with just NIS, but I like the added security of
two barriers (you’ve already got them, so go for it)
3.	NIS will cover you in most cases when it comes to the OS and the
various programs that run on it.  You are right to ask about messenger
programs.  They are tricky because they tend to bypass firewalls.  In
the newest version of NIS due out this year, I believe there are
messenger security features included.  In the mean time, be smart when
you IM.
4.	Yes, you can use IM and your webcam.  The horror stories around
webcams in the past have been centered on Trojan horse programs. 
Trojan horse programs are really just remote control programs like
pcAnywhere or LapLink.  Surfers unknowingly install them on their
machines by clicking on an executable in an email attachment or by
some other means.  Once installed, the server side of the Trojan horse
program makes it known that you’re infected and available for
establishing a connection.  Surfers with the client side of the Trojan
horse program can then connect and pretty much do anything, even turn
on your webcam and peer into your bedroom!
5.	Disconnecting your network connection is not necessary.  I love
that you’re that cautious, but with NAV, NIS, and your router’s
firewall, you’re pretty much covered.
6.	Just make sure that you’ve set some level of encryption on your
wireless network (128 bit is typical, but I’ve scaled my back to 64
bit…slight performance improvement and I know my neighbors).  You
don’t want your neighbor using up your bandwidth by connecting to your
wireless network with his laptop!!   You also don’t want your
neighbors “listening” in on your bank account transfer or statement
download.
7.	If you put the second machine on your network, you’ll want to take
all the precautions with it that you have with your laptop.  It should
have antivirus software installed and should go through a firewall to
access the web.
8.	Well yes you can.  How depends on the IM program you’re using.  MSN
is the easiest, but Yahoo! isn’t too far back.  I prefer Yahoo!

Hope this helps.
Subject: Re: firewall and security settings for max security XP with webcam and wireless
From: tisme-ga on 01 Sep 2003 15:46 PDT
 
This is just to let you know that I am still working on a response for
you. I should have it completed in approx 45 minutes.

tisme-ga

Important Disclaimer: Answers and comments provided on Google Answers are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Google does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. Please read carefully the Google Answers Terms of Service.

If you feel that you have found inappropriate content, please let us know by emailing us at answers-support@google.com with the question ID listed above. Thank you.
Search Google Answers for
Google Answers  


Google Home - Answers FAQ - Terms of Service - Privacy Policy