18 |
EMINENT ADVANCED MANUAL
Fortunately, most routers currently use NAT.
Security for your computer and your network
A firewall can be a software- or a hardware solution placed, as it were, between the
internal network and the outside world. Firewalls generally control incoming and
outgoing data. Firewalls can be adjusted to stop or allow certain information from the
Internet. Firewalls can also be adjusted to stop or allow requests from outside. Rules
or policies are used to adjust firewalls. These state what a firewall must stop or allow
and thus form a sort of filter.
Most routers have various firewall functions. The big advantage of a firewall in a router
(hardware solution) is that an attack from outside is averted before reaching your
network. If you wish to use a software firewall, you could for example, use the firewall
built into Windows XP Service Pack 2. There are better alternatives such as the free
ZoneAlarm and the commercial packages from Norman, Norton, Panda and McAfee.
These commercial packages also offer protection against viruses if required.
Making a computer available for Internet
users in your network
The DMZ or DeMilitarized Zone is the zone between the outside world – the Internet –
and the secure internal network. The computer placed within the DMZ is accessible
via the Internet. This is in contrast to the computers that are outside the DMZ and are
therefore secure. The DMZ is therefore also often used for servers that host websites.
Websites must after all always be accessible via the Internet. A computer is also often
placed within the DMZ if one plays a lot of online games. It is however advisable when
you place a computer in the DMZ to fit a software firewall (such as the free
ZoneAlarm). This is because the firewall opens all ports of the router for a computer
within the DMZ. There is therefore no restriction on data transmission while this is
however desirable in some situations.
Just like the DMZ function, Virtual Server enables you to make a computer, set up for
example, as an FTP- or a web server, accessible from the Internet. You can state
which ports in the firewall must be opened when using a Virtual Server. This is also
the most important difference with the DMZ: when you place a computer in the DMZ,
all ports are opened for the respective computer. If you use Virtual Server, you can
open only the ports important for the respective computer.
Port Triggering or Special Apps is based on the same principle as Virtual Server. Port
Triggering also enables you to make a computer within your network set up for
example as an FTP- or webserver, accessible from the Internet. The ports you
allocate always remain open when you use Virtual Server. With Port Triggering