ARE FIREWALLS NECESSARY ON ALL INSTALLS NOW.....?
Because of the coming flood of wireless interconnectivity, especially in the space of XP installations, the use of ICF is becoming a necessity, even behind a NAT/router. This is because the hackers are now coming at you on the wireless access you are providing behind your NAT/router! ........On your wireless service you have so gleefully installed to simplify your home networking. All those precautions we have been talking about in this website will come to nothing once you install that little wireless NAT/router, or you add a wireless Access Point (AP). Unless you take all the wireless cautions when you install your wireless network, your internal network is now wide open to the wily hacker. And it seems the vast majority of wireless installations are done by clueless people [hey, we have all been there.....], and the default wireless installs provide absolutely no security at all! Absolutely distressing..... Wireless was bad enough in its ability to provide unfettered Internet access, now it is providing brand new opportunities to hack your network. We have spent all this time trying to protect your Internet connection from the wily hacker by padlocking the front door - your (wired) NAT/router. Now the wily hacker is coming at your network from inside your house - your wireless network.
Even if you valiantly try to implement all the wireless security precautions, the initial implementations of wireless security possible in 802.11a/b/g are simply incapable of protecting you from determined hackers. The prevention of casual access is possible by following all the wireless security precautions. If I were a business I would not be providing wireless access that can get anyplace close to my company network right now. If you are a simple homeowner, you better be aware that your neighbor across the street now has the capability to see into your home network.
For maximum protection, you better go and install zonealarm on each PC, or turn on ICF on the XP PCs behind that wireless NAT/router. This includes ALL the PCs, the wired, and the wireless ones! Of course this will disable all of your home networking on that PC. Now this is a catch 22 situation if I ever heard of one. Of course that means none of your home networking will work now. So what I suggest is that you better have good wireless security precautions in place to deny the casual user access to your network, and that you in addition turn on the ICF on the wireless NIC when you do have the occasion to use the wireless access in the cold cruel world outside your ....supposedly.... friendly home environs. So you better learn how to enable/disable that wireless connection, depending on your current situation.
For XP, here is what you have to do. Go into control panel -> network connections. Right click on the wireless icon, go into properties and make sure the "show icon in notification area when connected" is checked. This will let you manage your wireless connection much easier. Right click on the Network icon in the system tray area [the two PCs in the lower right area]. There will be two since you (hopefully) have both ethernet and wireless NICs in your PC. Find the wireless one, or just "open network connections." Go into the advanced tab, and check the "enable firewall for this connection" setting. You have now turned on ICF for this network adapter.
This still doesn't address all our concerns we have with our home network. I see two possible approaches to counter the problems. One approach is to install a more capable personal firewall like zonealarm, and setup trusted zones, and specify the individual user computers on your network. In this case of course you would have to run static IPs, instead of DHCP. You can then run your home network and use the wireless connected PCs without having to run ICF. The firewall will limit access to those PCs that you specify as being in the trusted zone. ICF does not have this capability!
Another option is to install your wireless NAT/router behind your normal wired NAT/router. Now you need to go into that wireless NAT/router and make sure it provides a network that differs from your wired network. This is usually on the DHCP server settings somewhere. Just assign a different network than the one your home network uses. You will actually be doing "double NAT-ing" behind the wireless NAT/router, but most simple applications like browsing and emailing work OK in this setup. This is my current setup as I investigate various wireless NAT/routers and the wireless options available. Whenever you bring your wireless laptop home, you are actually not connecting to your home network, but to a second network, thus making your actual home network more secure. Be advised that VPN will likely not work thru two NAT/routers! See this page for some more info. This looks like the best alternative for adding wireless to your wired network!
This entire subject is an ongoing battle in the war for safe computing and home networking. Stay tuned for more information.