Even a simple firewall is better than no firewall at all
As a systems administrator for an ISP, my primary function is to support several thousand customers by ensuring that equipment and services are operating correctly. Depending on the customer, this job can include maintaining on-site routing and firewall equipment, which can vary depending on the specific needs of the customer.
When it comes to supplying Internet access, ISPs provision a single IP address or a subnet for their customers. Either way, I always suggest that anyone accessing the Internet protect systems with a hardware or software firewall.
Of course, IT pros know that a firewall is anything that protects a computer or network from the ravages of the Internet. But when talking to end users, I try to describe the level of questionable activity on the Internet in terms of worldwide accessibility.
Because public Internet addresses are readily accessible from anywhere in the world, even a simple dial-up Internet connection with a public IP address exposes your computer to the rest of the world while you're connected. This means your computer can be identified by anyone on the Internet and perhaps scanned to see whether it's running vulnerable software or services; it can even be broken into unless, of course, you use a firewall to try to protect it.
Hardware vs. software firewalls
As I tell my customers, deciding what type of firewall to use depends on what you're trying to protect. If you're just worried about a single computer system with Internet access, ZoneAlarm works well enough for most people.
ZoneAlarm not only alerts you when someone tries to access your computer, but it alerts you when a program on your computer attempts unauthorized access to the Internet. If the access is valid, you can instruct ZoneAlarm to remember the program and allow access in the future without alerts. Although it's not an antivirus program, ZoneAlarm can also detect Trojan horse and spyware programs.
I suggest using a hardware firewall in these situations:
Even though it's possible to share an Internet connection and firewall software using one computer as the router, I think it's a bad idea to use a workstation in this manner. Everyone on the network becomes dependent on the reliability of someone else's computer.
If it locks up or gets rebooted, the Internet gets cut off. Then people call the ISP to complain, even when it's not the source of the problem. Hardware firewalls don't have to be expensive. For instance, NetGear and LinkSys models have sufficient features and cost less than $100.
Do you need advanced firewall features?
If clients telecommute or are setting up a branch office of a larger corporation, they probably need to use virtual private networking (VPN) features. Clients may also need Network Address Translation (NAT) when there are multiple internal computers and only one public IP address.
If customers need a subnet to support public Internet servers, I recommend using port forwarding and "hiding" the real service behind the firewall. No matter which advanced feature your clients need, they should choose a hardware firewall that supports these advanced features.
Another thing to keep in mind when dealing with telecommuters or branch offices is to always check with the company's IT department before buying anything. I can't tell you how many times I've needed to replace equipment and fix VPN settings because branch offices and telecommuters didn't check with their IT department before buying equipment.
Regardless of your clients' specific needs, using a firewall does improve security. Anything they can do to "hide" their computer systems and services from the public Internet reduces risk.
My personal preference is to always use hardware firewalls, but software programs such as ZoneAlarm are better than nothing at all. Firewalls can't prevent your computer from being taken over by a virus or worm--that's typically the job of antivirus software. Internet security is accomplished in layers. Consider a firewall system to be the first layer of your clients' security needs.
Jonathan Yarden is the senior UNIX system administrator, network security manager, and senior software architect for a regional ISP.
We want your feedback
Do you agree with Jonathan Yarden that a hardware firewall is more effective than a software firewall? How do firewalls fit into your organization's security strategy.
Initiate a continuous Ping operation
Windows XP's Ping command-line utility helps verify IP connectivity to another computer or device on a TCP/IP network. When you issue the Ping command, it attempts to connect to the target device four times, and then it terminates.
In many troubleshooting situations, pinging the target device four times isn't enough. You may find yourself issuing the Ping command multiple times, which is time-consuming and frustrating.
However, the Ping command provides you with a parameter that configures the command to continuously ping the target device until you manually terminate the operation:
Ping -t xxx.xxx.xxx.xxx
In this command, xxx.xxx.xxx.xxx is the IP address of the target device.
To temporarily interrupt a continuous Ping operation and display the statistics, press [Ctrl][Break]. To completely terminate a Ping operation, press [Ctrl]C.
Add Internet time servers
Windows XP has a built-in time synchronization feature that's designed to automatically synchronize your computer's clock with an Internet time server on a regular basis. To access this feature, double-click the clock in the notification area of the taskbar. From the Date And Time Properties dialog box, select Internet Time. Make sure that the Automatically Synchronize With An Internet Time Server check box is selected.
The Server drop-down list contains two time servers: Microsoft's time server at time.windows.com and the
While you can manually type the name of any time server that uses the Simple Network Time Protocol (SNTP) in the Server text box, it's more convenient to add time servers to the list. Here's how:
1-Launch the Registry Editor (Regedit.exe).
2-Go to HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrent
VersionDateTimeServers.
3-Right-click the Servers key, and select New | String value.
4-Name the value 3, and press [Enter] twice to access the Edit String Value dialog box.
5-Type the address of the SNTP time server in the Value Data text box, and click OK.
6-Repeat Steps 3 through 5 for each additional SNTP time server you want to add, incrementing the value name each time: 4, 5, 6, and so on.
Close the Registry Editor.
Note: Editing the registry is risky, so be sure you have a verified backup before making any changes.
Simultaneously close all open windows
Have you ever been on a troubleshooting expedition and needed to shut down all the running applications on a system before you could proceed? More than likely, you probably accessed each window and manually shut down the application.
If you've ever had to do this on a system that had multiple windows open at the same time, you know how time-consuming it is to manually shut down each application's window. Wouldn't it be great if you could quickly shut down all running applications at the same time? Here's how to implement this trick:
When you select the Close Group command, Windows XP initiates a standard exit procedure for each open application. If any application has unsaved information in an open document, the application will prompt you to save the document before it closes.
Adjust the Level 2 cache setting
During Windows XP installation, Setup queries the system processor to determine the size of the Level 2 cache. However, it doesn't always succeed. When this happens, Setup configures a default setting of 256 KB in the registry.
If your computer has a larger Level 2 cache than Setup configured in the registry, your system won't perform optimally. To significantly increase the performance of your system, change the value in the registry to match your Level 2 cache.
Here's how:
Launch the Registry Editor (Regedit.exe).
Go to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession ManagerMemory Management.
Double-click SecondLevelDataCache DWORD value.
Using the options below, change the value in the Value Data text box to a number that matches the size of your Level 2 cache. Then click OK. Level 2 cache
Value Data setting
256 KB 0
512 KB 200
1024 KB 400
Click OK and close the Registry Editor.
You may need to restart the system or log out of Windows XP for the change to take effect.
If you're not sure of the actual size of your system's Level 2 cache, copy this script and save it as L2Cache.vbs:
Set ProSet = GetObject("winmgmts:").InstancesOf("Win32_Processor")
For each Pro in ProSet
WScript.Echo "Level 2 Cache:" & " " & Pro.L2CacheSize & " KB"
Next
Double-click the script to run it, and you'll see a dialog box that displays the size of your system's Level 2 cache.
Note: Editing the registry is risky, so be sure you have a verified backup before making any changes.
Jump in the XPert discourse
بالاخره وبلاگ دانلودآل
برگشت
فعال شدن وبلاگ و برنامه جدیدش را به گردانندگان آریان بلاگ
و دوستان دانلود آل تبریک می گویم .
add to favorites
http://Downloadall.arianblog.net