Greetings. One of the things I always liked about Zone Alarm is that it let me define networks by the MAC address of the gateway. This was the perfect way of doing things, IMO; because when you do it by the system’s ip address (which seems to be how Comodo does it by default, unless i"m missing something), it doesn’t distinguis between a private and a public lan.
In otehr words, let’s say my laptop gets the ip address 192.168.1.5 in my home network. Under these circumstances, I want file shairing ports open so that my computer can to each other. This is still safe, because not only do I have a business-class hardware firewall, but my LAN si completely secure due to the fact that my wireless network can’t penetrate the lead paint in my walls (look, the rent’s all I can afford).
The trouble is, what if I go to public hotspot, and I get the same ip address there? Suddenly, I’m shairing a LAN with a bunch of total strangers, and I’ve got wide-open ports.
By defining the network using the gateway’s MAC address, no matter what ip address I get on my home network, I know I’ll be able to shair files, while no matter what address I get in a hotspot, I know I’ll be secure.
if I understand you correctly this is what you might want:
go Firewall / Common Tasks / My Network Zones
There you should be able to add networks that are MAC-based.
Since CFP cannot read ARP tables remotely you’ll need to add the MAC of any PC in case you want to use the OS’ file- and printer-sharing abilities (depending on your switch/router).
No, I want to define the network zone by the MAC address of the router. Basically, what ZA does is it finds teh MAC address of the router that all the computers in a network are running through, and it uses that MAC address to recognize which LAN it is hooke up to. Then, it applies whatever rules have been set for that LAN.
I’m afraid CFP cannot do this. However, you can set up several configuration profiles and switch between them manually.
One question, though…
Why not put everything into a single ruleset while having 2 network zones in your configuration?
This means: do standard things with standard zone and additionally allow more for the MAC-based network.
Alternatively, set your DHCP router up to serve addresses in an uncommon address range - like 172.16.126.X. It’s highly unlikely that you’ll find a public hotspot using this.
I just decided to simply enter the MAC of the computers on my home LAN. This works fine for home, but obviously it’s not something I’d want to do with corporate networks. I do think that Comodo’s default behavior of recognizing networks by the IP address assigned is a rather serious flaw, though. Most hotspots will give an IP in the same range as most small businesses.
I have just been given a Netgear Wireless router and Firewall and am not yet up to speed,
but I note that the Wireless settings can allow encryption to be disabled or enabled,
and for greater protection there is an Access Control list that can prohibit traffic with any MAC address that is not registered as “Trusted”. I have no experience, but it sounds to me that this is what you need.
I have a dedicated hardware firewall with a seperate wireless access point. My wireless network is encrypted using WPA, but it’s really not all that necessary, because thanks to the cheap-o lead paint in my apartment, nothing wireless can penetrate my walls, anyway. I’m not worried about my home network. It’s the transition to public or client networks that concerns me.
If the first hop in a public connection is your concern, TrustConnect was designed to specifically cover this by providing an encrypted VPN connection to a secured server.
