I have read a number of threads but really cannot make head or tail on how it might help my config. Appreciate some advice please.
Most of the time my Dell laptop is connected via ethernet cable to my home network via a Zyxel router. I have set the range 192.168.1.1 - 192.168.1.20 as a trusted network (maybe that is too broad as there are only 4 or 5 other PCs and devices used?).
I occasionally use the secure WLAN on the same router instead of ethernet. Comodo does not prompt me to establish another network however. I guess that is because it is in the same IP range?
Today I connected my laptop to a secure WLAN at an office that I was visiting. Again I did not get prompted to allow a new network, and again I guess that’s because the IP range is the same as my home network.
My concern is that I would be allowing other devices on that office network to access my laptop unrestricted since the IP range is the same as my home network.
Second concern is that on both WLAN connections, what is CPF2 actually doing to to stop anything connecting to my laptop within that trusted range?
What should my setting be on CPF2 for these 3 scenarios please? Any leads greatfully appreciated.
Since we can only control the things that we own, the easiest way would be to change the IP address range used on your local LAN to a different private address range.
As you have observed, 192.168.1.X is pretty much the most popular private address range used. You could change the address range on your Zyxel router to 192.168.xx.X (where xx= any number other than 0 or 1, up to 253). Alternative private address ranges are 172.16.0.1 to 172.31.255.255 and 10.0.0.0 to 10.255.255.255
what is CPF2 actually doing to to stop anything connecting to my laptop within that trusted range?
If you have told CFP that X.Y.Z IP address range is trusted and there is an attempted connection from an address within that range. then CFP will do exactly what you have told it to - allow it. It’s a firewall, not a mindreader. With CFP V3, the easy way to cater for different locations is to create multiple configurations, and then make the appropriate configuration active, depending upon your location.
Hope this helps,
That’s useful and makes a lot of sense, thanks.
I thought that maybe Comodo could differentiate the connection types - sp same ip range but one connected via WLAN not ethernet ? That way different rules could apply.
Maybe I am missing something really obvious ?!
The problem is you’re using both WLAN and ethernet to connect to your trusted network using the same IP range. Therefore, 192.168.1.X on both wired and unwired are seen as trusted, regardless of whether you;re connecting to home or to another LAN somewhere else.
You need to introduce some definitive means of differentiating between home and elsewhere (trusted and untrusted).
I’d suggest changing the IP address range used on your LAN to 172.16.X.X and apply a static IP within this range to your ethernet network card. The WLAN network card on your laptop could be left to auto acquire its IP address (DHCP), assuming that you have this enabled on your Zyxel router.
This way, when you go out and about and connect to an untrusted WLAN, it will acquire an IP in the range of the untrusted network and CFP would alert you. When you went home, it would then acquire an address in the 172.16.X.X range from the Zyxel and CFP would allow the traffic.
Hope this helps,
Just to add - now that I am installing Trustconnect, that should deal with the security of access outside of home network.