Reply
Thread Tools Display Modes
#1
Old 04-08-2009, 08:29 PM
Charter Member
Join Date: Jan 2003
Location: The Sunflower State
Posts: 5,504
Wireless cable modem - do I need to have the firewall enabled?

After many years of waiting, I finally got a laptop at work last week. One of the first things I tried out on it was bringing it home and seeing if I could VPN into work from home. I was unsuccessful at getting the VPN client to connect until I completely disabled the firewall on my wireless cable modem (Motorola SurfBoard SBG900). If I put it back to even the minimum level of firewall protection, the VPN client was unable to connect.

The IT folks at work have not been at all helpful about troubleshooting this. Their opinion is that if I can connect with the firewall down, then it's not an issue with the laptop and therefore not their problem.

I've always been under the impression that having the firewall on the modem configured for maximum protection was a good idea, but I'm wondering if it's overkill and if firewall software will provide sufficient protection?
#2
Old 04-08-2009, 08:58 PM
Guest
Join Date: Jul 2003
Location: Chicago
Posts: 8,265
Does your cable modem have a "VPN pass through" option that you can enable? I briefly glanced through some manuals for the SBG900 and they suggest the feature exists but doesn't go into detail about how to enable it, sorry.

And to answer your question: There's always a tradeoff between convenience and security. Every layer of security you add helps but potentially makes your setup more difficult to use (as you're finding out).

My opinion is that you're probably fine with a software firewall + a router, but I'm not sure if "wireless modem" qualifies as a router. On your laptop, do you get an internal IP address like 192.168.1.1 or an Internet-accessible address? If you're not sure, go to whatismyip.com and remember what you see there. Then, if you're on XP, go to Start -> Run and type in "winipcfg". If you're on Vista, go to Start -> Run and type in "cmd", click OK, then type in "ipconfig" in the resulting window.

Compare the two IP addresses.

If they are different, you're probably as safe as you need to be.

If they're the same, however, that means you DON'T have the protection of router -- your cable modem is forwarding all inbound traffic directly to your laptop -- and so a hardware firewall (i.e., on the cable modem) WOULD be helpful in case your laptop and its software firewall gets compromised.

(To get technical, I think a hardware SPI firewall would grant questionable (minimal) protection over a standard router if you already have a software firewall. Basically, the only thing it'll protect against is malware smart enough to make an outgoing request prior to listening for a response but dumb enough to route its traffic over nonstandard ports AND wait beyond standard timeout for a return signal. That particular combination of factors would be really odd.)

Last edited by Reply; 04-08-2009 at 09:03 PM.
#3
Old 04-08-2009, 09:22 PM
Guest
Join Date: Apr 2009
Location: Upstate NY
Posts: 82
If you don't have a router, I would definitely recommend getting one and making sure it is WEP enabled with the passkey. We have three computers (two desktops and one laptop) running on a wireless network that is WEP enabled. This basically means that unless you set up the computers wireless device with the passkey, you can't get onto the router. Drive around your neighborhood with the laptop and open the network and sharing center (Vista) or similar for XP. You'll probably be able to see dozens of networks broadcasting. Some will say they are security enabled, which means you need the WEP passkey, others will not and you could probably connect to them.
#4
Old 04-08-2009, 09:33 PM
Guest
Join Date: Mar 2000
Posts: 2,084
I really dont think the router firewall is a big deal. A software firewall does what it does and considering youre probably using NAT then incoming connections that you havent initiated are blocked by default.

Seconding checking for a VPN passthrough option or calling your ISP and seeing if they have a solution for you.
#5
Old 04-08-2009, 10:25 PM
Guest
Join Date: Jul 2003
Location: Chicago
Posts: 8,265
Two things: Apparently the SBG900 IS a hybrid modem + router, so you're probably ok, but I'd check using the whatismyip.com method I described earlier to make sure it is operating in the correct mode (meaning non-passthrough/non-DMZ). What you're primarily looking for is a different IP address on whatismyip.com than the 192.x.x.x that you should get from ipconfig.

Ideally, you should still leave firewall settings on high and turn on VPN passthrough if you can find it (I wasn't able to with the manual). If you can't, you're probably ok even with the firewall on something lower because of the nature of the NAT (network address translation) that your router/modem performs behind the scenes.

Secondly, the SBG900 supports WPA-PSK using AES, which is safer than WEP, so if your laptop supports that I'd go with that. Instructions for configuring this are on printed page 66 (or PDF page 73/139) of the manual. Note that "WPA-PSK over AES" is just technobabble for "password protecting your wireless access using a safer technology" and isn't as terrible as it sounds

Last edited by Reply; 04-08-2009 at 10:27 PM.
#6
Old 04-08-2009, 10:36 PM
Charter Member
Join Date: Jan 2003
Location: The Sunflower State
Posts: 5,504
Reply, I checked the IP addresses like you described, and I did get two different ones. The IP address from whatismyip matched what the Motorola settings show as the WAN address, and the IP address from ipconfig matched what the Motorola settings show as the LAN address.

I do currently have WEP enabled on the modem, but I'll take a look at the WPA-PSK over AES.

I looked in the manual and on-line and yeah, there's not a whole lot of information about the VPN passthrough. I will do some more digging around and see if I can come up with something.
#7
Old 04-09-2009, 09:11 AM
Guest
Join Date: Dec 2002
Posts: 2,944
Quote:
Originally Posted by Varrius View Post
If you don't have a router, I would definitely recommend getting one and making sure it is WEP enabled with the passkey. We have three computers (two desktops and one laptop) running on a wireless network that is WEP enabled. This basically means that unless you set up the computers wireless device with the passkey, you can't get onto the router. Drive around your neighborhood with the laptop and open the network and sharing center (Vista) or similar for XP. You'll probably be able to see dozens of networks broadcasting. Some will say they are security enabled, which means you need the WEP passkey, others will not and you could probably connect to them.
WEP has been practically useless for some time now. It will only stymie the clueless grannie next door, not anyone you'd need to worry about.
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 07:57 AM.

Copyright © 2017
Best Topics: expensive butter glycerin shelf life eshield reviews 6 way intersection nervous as a hatchet versus genital ibuprofen before tattoo quesadilla etymology moving a dishwasher godspell wikipedia suck blowjobs emperor zing submarine race 190 cc engine bill adama muslim pacifism pyrex no broiler double sawbuck me chinese pk nail chicken breast weight man waxing face jay watson dallas phone number recycling define tramp airplane fuel dump popeye theme lyrics top 40 acapella asian dwarfs colonoscopy jokes ups package delayed number cube clear waivers what is navy ocs like how to wear tube socks i dont speak french whore costumes for halloween parking lot payment boxes like murder she wrote usps lost mail key cash out 401k after layoff coal wood burning stove microsoft word trademark symbol what do spies eat can ambien show up on a drug test how long is a dagger god made man but sam colt how to give someone diarrhea if her daddy's rich take her out for a meal lyrics how to convert a satellite dish to tv antenna vending machine for rent can w be a vowel do birth certificates have blood type susanna clarke new novel 2012 can a high school diploma be revoked how to make cracker barrel pancakes at home me at family gatherings boots of spanish leather meaning songs with streets in the title rashida jones boston public how much does it cost to blow up a picture god willing and the creek don't rise origin how to remove stitches from finger amazon video dr strange the law of one debunked homemade night splint for plantar fasciitis how to dull a knife