Untrusted computers sharing router

Discussion in 'other firewalls' started by NoHolyGrail, Aug 15, 2007.

Thread Status:
Not open for further replies.
  1. NoHolyGrail

    NoHolyGrail Registered Member

    Joined:
    Nov 14, 2005
    Posts:
    46
    Beginning with the assumption that a software firewall is not necessary when behind an NAT router, does a software firewall become necessary when you do not trust the other computers connecting with that router?

    For example, I'm going to be sharing a wireless internet connection with housemates. I trust them not be doing anything malicious, but I don't trust their computers to be clean from infections at all times. What risks, if any, does this create for my computer?
     
  2. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    A software firewall is used for outbound protection when using a router, and that router allows your network in. So if they get infected there is notthing to protect you. Get a s/w-f/w!!!
     
  3. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    monty is correct, The router only protects things from getting in at the gateway to the internet. It will not protect you from the other computers behind it. If one computer gets infected, it could very well infect all others on the network.

    From what I understand, even windows firewall can protect you against all inbound attempts. If you have Vista firewall, it can protect both inbound and outbound connections on your machine. Outbound protection is useful if you do happen to get infected to stop the malware from calling home or sending out your personal information/passwords/bank accounts etc. There are other nasty things malware can do with an outbound connection.
     
  4. beads

    beads Registered Member

    Joined:
    Jun 1, 2005
    Posts:
    49
    You could look into investing in a MS ISA type proxy as well for additional protection. You'd need a cheap or older machine running MS Web server or Standard, etc. Other options would include numerous forms of Linux, etc.

    From there you could look into running Trend Micro IWSS for about $200 (USD) a year and have no worries. That sounds a bit draconian but still for a handful of dollars and some old hardware you could probably do all of this on the cheap with some homework and old pieces and parts.
     
  5. NoHolyGrail

    NoHolyGrail Registered Member

    Joined:
    Nov 14, 2005
    Posts:
    46
    Along those lines of configuring a spare computer as a hardware firewall, would it be possible to connect a second router between my computer and the main router?
     
  6. wat0114

    wat0114 Guest

    It does not have to be complicated or expensive. Just disable Windows file sharing and use the built-in firewall whether it be XP or Vista.
     
Loading...
Thread Status:
Not open for further replies.