| - Wireless Security (Plus version only)
- Home Internet Approach
- Almost any personal firewall separates the connected network into two main parts virtually - trusted and unsafe. The trusted network is local/home network typically; the network is accessible locally/directly. The remaining network part is accessible via the Internet and so expected unsafe.
- The approach works mostly. Your home PC can hardly be attacked from a "kitchen" PC or from a computer based home theater actually. All the network activities are expected safe and enabled by default in almost any personal firewall as the result. Personal firewalls do not make any distinctions between different types of activities in home network and enable all the traffic completely.
- The entire home network is protected by a standalone internet connection device (firewall/router) mostly. The connection device blocks all the most dangerous incoming connections from the Internet. If the computer is connected to the Internet directly all the incoming the connections are perfectly protected by Windows Firewall. Outgoing connections are (mistakenly sometimes) expected safe by definition or managed by personal firewall.
- Wireless Threats
- All the wireless home connections may be supposed safe as the wireless connection medium inside home local networks is equal to wired one functionally. Some actions must be undertaken to limit those wireless connections to home network only - disable SID broadcasting and encode transmitting data by WEP/WPA at connection point side of the network. Nothing should be done at PC side anyway.
- The situation is changed on public wireless connections completely. The local network turns out into entire airport, entire library, entire cafe or entire hospital. All the computers of such networks are connected to the Internet via a single connection device (firewall/router), so the wirelessly connected PC is in the local network still but the other locally/wirelessly connected PCs of such network must not be expected trusted or safe.
- Any approaches based on WEP/WPA traffic encoding do not help. The encoding saves from direct intercepting of the data between PCs and the public connection point. The encoding rather works to protect the access point and the public infrastructure, but the encoding does next to nothing for your PC. Even with WEP/WPA encoding your computer is accessible from other local network participants easily.
- Solution
- Firewall can satisfy the both types of requirements - home and public wireless connection security. The firewall has to be able to manage the both environments correspondingly and separately.
- Windows7FirewallControl Plus includes a special mode - Mode: Expensive/Insecure connections. Windows7FirewallControl can be configured for home local network as usual, by setting proper security zones to internet active applications.
 - Selected applications vitally required for public wireless network operability can be marked as "Allow in "Mode: Expensive/Insecure connections"" . No other special configuration options are required then.
 - On entering public wireless network "Mode: Expensive/Insecure connections" (TrayIcon/RightClick menu) has to be chosen. The vitally required and marked as "Allow in "Mode: Expensive/Insecure connections"" applications will be allowed to operate under selected security zone as the result; all the other applications will be gently blocked from the Internet and public wireless network access. Returning back to your home network will require reverting to "Mode:Normal" back only.
- Another benefit
- Practically the same problem arises on expensive connections: mobile, satellite or another expensive media. Suppressing almost any background internet activity of almost any application excepting several vitally required ones saves the internet connection expenses. Windows or antivirus update via expensive connection channel would hardly be required actually. The updates can be performed via a regular connection later.
|
