PDA

View Full Version : Router and security

Keef
22nd Jan 2004, 09:17
I finally got round to installing the adsl router that's been sitting on the bench here for months. I had some problems, now fixed, and now I'm cleaning up some of the junk.

I assume I should keep ZoneAlarm on each PC, despite the native firewall in the router?

I also see that an application called "Generic Host Process" keeps accessing the internet - it seems to like 212.23.8.1:53. Should it be doing that?

A while ago someone posted a link to a list of stuff that sits in Win XP, much of which can/should be disabled. I had done that disabling - and it stopped the LAN card talking to the router till I turned several items back on.

Is there a definitive list of all these apps and what is/is not safe to leave running? Clearly DHCP is needed, for example (no LAN otherwise).
Naples Air Center, Inc.
22nd Jan 2004, 09:54
Keef,

With a Router, ZA is not needed. You could leave ZA on for a couple of weeks just to verify your Router is doing its job. Then delete it.

You can run Routers with or without DHCP. For work, I manually assign all the IPs and DNS's. At home, I just use DHCP. It is all personal preference.

As for Generic Host Process, this article might help:

A Description of Svchost.exe in Windows XP (http://support.microsoft.com/default.aspx?scid=kb;en-us;Q314056)



For what services to run, there is no better recourse than Black Viper:

Windows XP Home and Professional Service Configurations (http://www.blackviper.com/WinXP/servicecfg.htm)

Take Care,

Richard
goates
22nd Jan 2004, 21:51
One thing that ZoneAlarm and most other software firewalls (WindowsXP's built in firewall is one exception) do that most routers don't is control the outgoing connection from your computer. If you get a virus or trojan that your anitvirus software doesn't know about it could connect to the internet and the hardware router would happily let it. ZoneAlarm could easily stop these malicious programs from getting out, either because the virus wants to infect other computers, or because it's trying to call home to download more software onto your computer. If you want to read a little more, you go here (http://www.grc.com/) and go to the Shields Up! section.

goates
Memetic
22nd Jan 2004, 23:21
goates is spot on about outbound protection, it's a last line of defence from spreading stuff to the rest of your net / collegues etc if your AV fails or somone runs something they should not.

Also if you have any sort of wireless link inside of your router protected area, i'd keep ZA on.
The Nr Fairy
23rd Jan 2004, 00:55
Keef:

212.23.8.1 resolves to "ns0.zen.co.uk" i.e. Zen Internet's name server.

Port 53 is DNS - so this seems normal, on the face of it.