+- The Un-Official Proxomitron Forum (https://www.prxbx.com/forums)
+-- Forum: Forum Related (/forumdisplay.php?fid=37)
+--- Forum: General Discussion (/forumdisplay.php?fid=16)
+--- Thread: Router Setup and Security (/showthread.php?tid=85)
- Ralph - May. 05, 2004 03:35 PM
Since this site was down the past week or so I purchased a Netgear 624 Router and the Netgear 511t wireless Adapter to give me some more mobility around the house . Everything was working just great on the default settings but as is my style "tweak it until it's broke " . I started to increase security by enabling WEP at 64 bits and was doing well until I tried WPA encryption . I locked myself out , couldn't get anywhere and was on the line to India for over an hour trying to get the system back up . I'm up but I'm not sure of the settings . Should I just stay with the default , go with WEP @ 64 or 128 or WPA ? Security is important to me but not at the expense of slowing my system to a crawl . I don't share files and rarely do anything other than browse . I want to stay clear of viruses , tracking bugs , and bad hackers but still want to browse and enjoy the web . Thanks for your advice , Regards , Ralph
- Oddysey - May. 05, 2004 04:15 PM
Ralph;
In general, wireless encryption shouldn't add more than 1% to your total time to to transfer data - it should be invisible, timewise, for all practical concerns.
The debate rages on over whether WEP or WPA is the better method, so I'll let you decide for yourself. My Netgear router only came with WEP, so I took the 128 bit method, and all is well for me.
But be aware that a hardware firewall can't protect you from virii, trojan horses, worms, etc. They only do one thing, and that is keep out unrequested packets. If something is coming along for the ride with a requested stream (an HTML page, for example), the firewall will gladly let it through. After all, you requested that page, so everything on it must be OK! Stupid, I know, but that's the current state of the art.
And it's why we have Proxo to monitor the data stream itself (on Port 80) - there's where the filters do the job of scuttling the bad-guy stuff.
As for any other Port, you'll need a software firewall, either on your machine, or on a gateway machine between you and the hardware firewall, to check those data streams.
Good luck, and keep us posted.
Oddysey
- Ralph - May. 05, 2004 05:16 PM
Thanks , Oddysey .The boys at Netgear in BomBay ( I just love it ; talk about outsourcing ; like getting advice from Mars , but that's another story ) advised to un-install the software firewall . I did have Outpost installed but went along with their advice ; it did slow things down some . So I gather I need to reinstall it .
- Oddysey - May. 16, 2004 07:17 PM
Ralph;
Firewalls, and for that matter, every device that's "in the loop", will add some amount of time to the overall transfer speed. Whether it's soft- or hardware, some decrease in speed is inevitible. That said, most of us find that we are perhaps losing only 1 or 2 percent of our possible throughput speed. A few users might be losing a greater percentage, but that would more likely be because they have a greater number of devices in the chain.
Outpost is fast, it shouldn't be noticible unless you have either mis-configured it, or you have encumbered it with far more rules than necessary. Of course, you determine what's necessary for your system, not me or anyone else. But unless we see some feedback otherwise here, I'm gonna go on record as stating that neither Kerios nor Outpost should add more than 1 to 2 percent to your time to process a datastream. But I do emphasize the "should" - you may experience greater delays for reasons that make perfect sense to you, even if another person might not understand or agree with your reasons for doing so.
For best safety practices, re-enable your software firewall. At least that's how we do it here on Mars! [lol]
Oddysey
- Ralph - May. 16, 2004 11:03 PM
Oddysey , I re-installed Outpost and raised the WEP security level to 128 as you suggested . I did notice a slightly slower speed but not appreciable . Thanks for getting back to me . BTW , Outpost has a DNS cache plugin which I had been using but decided it really didn't make much difference in surfing speed . I'm glad that this forum is up again !
- Oddysey - May. 30, 2004 04:47 AM
Ralph;
Here's a site I just came across: Internet Firewalls FAQ.
Don't know if you're still interested, just thought I'd pass it along. I haven't read it myself yet, so if you find anything that contradicts what I've said so far, then they're wrong! [angry]
Oddysey
- Ralph - May. 30, 2004 01:58 PM
Great resource , Oddysey . I read some of it and you are right ; they're wrong !
- Oddysey - May. 30, 2004 03:44 PM
Ralph;
Perhaps I should have read it before I so blithely posted the link, eh? :P
Since you are now the officially designated "beta" tester, I'll defer to your judgment. If it gets to the point where they are talking more trash than truth, we can just pull the link, or at least I can modify my first post to include a disclaimer:
<span style='color:red'>Warning! This link may expose you to untruths and innuendo that are known to the State of California to cause brain cancer in laboratory rats. Please adjust your standards downards accordingly!!</span>
Truly, I had hoped that it would be good background, if not a be all, end all FAQ. I hope they don't let me down.... I don't have the time to write one of these myself! [angry] (Not that I'm the most qualified guy around these parts, but I do seem to get my licks in when it comes to pouring out the verbiage. :o
)Oddysey
- Ralph - May. 30, 2004 07:13 PM
[lol] ACS " Fingers sometimes faster than brain "
- Ralph - May. 30, 2004 07:14 PM
LOL