Jubal

I thought this would be an easy research but it's not proved to be so. I have a couple of XP PCs at home on a wireless network. I want to share files and printers but be secure from the ravages of the net. The net connection is a router/switch/AP/ADSL modem combo, (NATed and firewalled). All PCs run Kerio firewall.

In order to share files I have to add the local lan 192.168.x.x. IP address range into Kerio as a "trusted" network. In my view this means that I've now opened up everything beyond the router and am now 100% relient upon the router's security. Something I'm not happy with.

Am I doing this right? Is there a way to still share files but be more secure?

TIA

Chris L

True about the trusted network. If you lock down the ports and only allow the file transfer ad printer ports on the firewall, then you've certainly reduced your risk. Do you have a firewall on the DSL modem / router ? If so, you could enable this too. The other thing here is to assess the level of risk. I assume that you are using encryption on your wireless connection? Personally I think you've got more security in place than I've seen in many commercial networks!

class_A

The NAT routing and firewall functions of the router at the perimeter of the LAN prevent anyone from the Internet from seeing that you have opened any ports on the PC's themselves, hence why you have to use techniques like port forwarding to punch through your firewall if you want to allow outside users any access.

However, one possible weak point is the fact that you are using WiFi equipment. What security measures have you taken to prevent unauthorised use of that section of your network?

mike1210

I took the router option about 6 months back, a draytek vigour 2600g. I dont use any software firewall not even the windows one and have never had any problems. All the PC's are behind the NAT mechanism of the router (only allow in what you send out), this in itself acts like a good incoming SPI firewall.

I have however limited outgoing ports on each PC to only allow what that PC needs, my dads laptop for example is only allowed outgoing tcp 80 and 443 for HTTP and HTTPS and UDP port 53 for DNS lookups. Everything else is blocked. My router allows me to do this but not all do

Wireless is WPK/PSK only with a hidden SSID and Mac Filtering enabled.
PC's have anti-virus and strong login and local admin passwords.

This is fine with my network as I can trust the local network computers, but with this configuration PC's on the local network are open to attack from other PC's on the local network. Internet (external) should be fine

I could put the windows sp2 firewall on and enable file and print sharing but this in itself opens the PC to attack on the local network also

you could check the security on the net at certain sites like

www.symantec.com/cgi-bin/securitycheck.cgi

this should give you some peace of mind unless it says you are exposed

Another factor is what services you are running on the pc's, if you are constantly running P2P apps and the like this will increase the chances of viruses and attacks etc.

Jubal

Thanks guys. The router I use is a Linksys which has a firewall etc. Wireless fully encrypted, hidden SSID, mac filtering. I guess I'll follow Mike and Chris and lock down the ports. It'll minimise the holes I guess. Not sure what I was expecting but I thought it would be neater somehow. TVM.