[Dshield] adsl and 2 pcs

David Kennedy CISSP david.kennedy at acm.org
Mon Jul 16 15:26:57 GMT 2001


-----BEGIN PGP SIGNED MESSAGE-----

At 10:28 AM 7/16/01 +0100, Steve Mainwaring wrote:
>I read its not a good idea to have 2 different firewalls running on
>same pc, how about 2 different firewalls on 2 pcs?
>
>1 'internet pc' connected via usb to ADSL. 2nd 'data pc' connected
>via 100base-T using Netbeui. Have Zonealarm on internet pc but
>nothing on data pc. Is this safe? Is it a good idea to put zonealarm
>on 2nd pc? or some other software firewall?

I don't have sufficient information about your environment, but I'm
not as comfortable as the other replies that your risk is low.

How is the Internet PC connected to the DSL router?  If you have two
network interface cards, one connected to the DSL router and one to
hub, then I would agree with the other posters that the "data pc" has
a relatively low risk.  

If you have two cards but use Windows98 SE or ME or NT or 2000 and
allow Internet connection sharing, the data pc is at nearly the same
relative risk as the Internet PC.

If however, your Internet PC has one network interface car and it is
connected to the hub and the hub is connected to the router, and the
data PC is connected to the hub, only configuration settings on the
router and the data pc would prevent it from being visible to and at
risk from the Internet.  Those setting are probably to complex to
diagnose simply via e-mail.

Johannes is absolutely correct that having an up-to-date anti-virus
is essential as there are several viruses "in the wild" that would
seek out your data pc if your Internet pc became infected.  Given the
relative costs of a desktop firewall versus the cost of the data and
the PC itself, wouldn't it be a better idea to just install a
firewall on the other PC and sleep better?


-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.8
Comment: When was the last time you backed-up your hard drive?

iQCVAwUBO1MHv/GfiIQsciJtAQFdIgP/d+wciwJURm8zma6ckR7e+usMAs+uFiCp
K9apGQVvurZeKKIAf+7f27cO2f+rKUCiOatvCpBKAYNe0xp41T4++4eVPsRwoccv
CbN4CXhf0HEbyMaZSOYRFprOAUTVOrlNWsfpk8uA8NPMLkYyKH4L+9VpkAOhazzD
hbeZHnLtugQ=
=gd8u
-----END PGP SIGNATURE-----

-- 
Regards,

David Kennedy CISSP
Director of Research Services, TruSecure Corp. http://www.trusecure.com
Protect what you connect.
Look both ways before crossing the Net.




More information about the list mailing list