Zonealarm/Shields Up question from a newbie

Foregive my ignorance please.

I've used Zonealarm for some time, running XP and connecting to the internet using a USB ADSL modem. Every so often I ran a test at the Shields Up site and every time every port was in perfect stealth mode.

Recently I changed to an ethernet router with a NATS firewall and things seem to have gone haywire. The Shields Up test shows loads of ports as closed and (I think) some open. I've tried to read up on all this but am too stupid to work out if there's a problem. Is it the router that is being tested by Shields UP, rather than my PC? I can hardly credit that getting a hardware firewall and using Zonealarm behind it would make things worse, but maybe it does.

If it is the router then would you expect Shields Up to show my correct IP address (ie the IP address assigned to me dynamically by my service provider), which is what it does?

Thanks for any advice. I got an ethernet router because I'd been thinking of moving on to Fedora but am now wondering whether I've got the know-how.

Regards,

David Halliday
Scotland

 

Hi David,

Welcome to Wilders! You have taken the first step toward erradicating security ignorance. There's tons of great info here on Wilder's.

ZoneAlarm (free) is good, ZoneAlarmPro is better because it has password protection (if configured) that helps thwart termination of the firewall (amongst other things). It is a good firewall for beginners and users that don't want to get into too many details.

Just a basic question. Are you still connected to the USB ADSL modem? If you are, then you are totally bypassing the ethernet router. If the ADSL modem can be hooked up via ethernet, then connect the modem to the router and then connect the router to your ethernet network card. Some modems that are dual mode USB/Ethernet require you to move a switch to choose. Also disconnect the USB cable since it is not used anymore.

Basically, learn how to configure everything. The Router especially as that will be your first line of defence. Read the manual for it and learn how to adjust the settings (usually has a web interface). Make sure you change the default password to something secure (most are just blank or "password").
You should also do all the firewall configuration when you are offline (physically unplug the router from the modem). Once it is properly configured, then plug it in and go from there.

Shields Up and other port scanning sites will scan your IP address that you connect to the internet through your ISP. Unless you are using an Anonymous Proxy (like Anonymizer or JAP), then it will show their IP.
An improperly configured router could expose your LAN(or single computer) to the internet, so that is important.

Hope this Helps

 

Hi David

... and welcome to Wilders

You are still secure with closed, but you should double check for any that are showing as open.

Yes it will be the router that is being tested as your router now maintains your public (WAN) IP. Systems behind the router will have private (LAN) IP's.

The router will add to your overall security, not make things worse, providing it is configured properly. It is not uncommon for routers to respond as closed instead of dropping packets (stealth). As I mentioned above, you are still secure if everything shows as closed. Depending on the router and configuration options, you may have some settings that will change how the router responds to unsolicited inbound packets.

The router's WAN IP should be the public one obtained from your ISP. PC's behind the router should now have private IP's ie. 192.168.xxx.xxx which will be assigned by the routers DHCP server.

Regards,

CrazyM