Router Config: Just Use Defaults? Why/Why Not?

Author	All Replies
BuckShot7 Am I Going Bald? join:1999-12-10 Smyrna, GA	Router Config: Just Use Defaults? Why/Why Not? Given the number of viruses that seem to be plaguing everyone, I thought I'd better tighten up my home system/network. I've never "configured" my Linksys BEFW11S4 V.2 router other than MAC address cloning and I don't even do that anymore. But I'm concerned I'm not getting the best protection (I do run Sygate's personal firewall on all connected PC's.) Are there settings or changes I shoudl make with regard to port blocking, filtering etc? Or is the default configuration ok to stick with? Thanks,
	to forum · permalink · · 2003-08-24 08:30:46 ·
Carr join:2003-06-20 Gardendale, AL	Interesting question-- I am running a LinkSys BEFSX41 router and Zone Alarm Pro here on an XP Pro system . Other than changing the default password on the LinkSys setup and MAC cloning, Im also running the Firewall portion of things pretty much default. My settings (and they are default on this router) are as follows: Advanced firewall protection enabled Web filtering section (and this is where Im uncertain) Proxy: Allow Java: Allow ActiveX:Allow Cookie:Allow I also would appreciate hints and suggestions from the experts here about settings. Thanks Carr McCormack
Carr join:2003-06-20 Gardendale, AL	to forum · permalink · · 2003-08-24 15:30:57 ·
adambpsu Adam Premium join:2003-02-08 Harrisburg, PA	reply to BuckShot7 Well, I personally block WAN Requests on my LAN. -- Adam... Also Known As Blue
adambpsu Adam Premium join:2003-02-08 Harrisburg, PA	to forum · permalink · · 2003-08-24 15:32:56 ·
Carr join:2003-06-20 Gardendale, AL	reply to BuckShot7 Correct thats done by default here as well
Carr join:2003-06-20 Gardendale, AL	to forum · permalink · · 2003-08-24 15:38:41 ·
z0ned join:2002-07-27 Los Angeles, CA	reply to BuckShot7 The default configuration puts your LAN behind NAT, which in and of itself blocks un-initiated-from-your-side incoming TCP connections from the WAN, unless you have forwarded ports or created a DMZ. NAT routing is not a firewall, but it's better than being wide open. People who will get infected by outbreaks like the recent ones are people whose machines have exposed (routable public) IP addresses and no software safeguards, and thus are wide open, largely dialup users, and users that plug a single client straight into their broadband modem, and are newbie enough to not have software firewalls and scanners. Which unfortunately, apparently, constitutes hundreds of thousands, if not millions, of U.S. users. Or, another population of likely targets includes corporate machines which nobody has maintained for months because it was assumed they were safe on the private intranet, until the threat gets loose inside. If you want to get proactive there are many tools to audit yourself. There are port scanners that will test the stealthiness of your network to the outside, and there are software "scoring" tools that check the configuration of individual client machines. The main thing that you cannot account for is humans. Your girlfriend. Your cousin's kid. They will come on when you're not looking and install some godforsaken evil program. So watch people closely around your expensive toys.
z0ned join:2002-07-27 Los Angeles, CA	to forum · permalink · · 2003-08-24 17:00:09 ·


Tuesday, 24-Nov 08:12:42	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF