Firewall Question

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Probably a daft question, but here goes anyway. Ive got a wireless ADSL router, its got a hardware firewall built in. Ive got 3 pcs connected(2 wired, 1 wireless) do i need a software firewall on them or is it not necessary. Cheers

Mick

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Depending on the level of security that the hardware firewall provides then it may not be necessary, but there is never any harm in running one if you feel the need to.

 

Do the computers talk to each other behind the router? If so I would say 'yes' you do.

Also how strong is the firewall in the router? If you are confident it's going to prevent 99% of intrusions then maybe you do not need a software firewall. It wouldn't hurt to have one anyway, but make sure it doesn't conflict with the router.

 

i've been told that its always good to have a software based aswell, but not necessary... but never was given a reason why...

 

How do ya know how strong the firewall is on the router? If i use a software based one aswell, would i use it on all three pcs?

 

Hmmmm, good question. I would look for some independent tests and analysis of firewalls online and see what they say.

If you want a decent FREE software firewall then you can't get much better than Zone Alarm.

 

try the sheildsup test from www.GRC.com

 

Ah yes, shields up, that's the fella to tell ya!

 

Ok just ran all these tests from my laptop (no firewall). And it passed everything, apparantly im behind an advanced stealth mode thingy. So it seems im pretty secure from the router. Unless there are weakneses that this site doesnt test.

Mick

 

HackerWhacker and PCFlank are also good security testing sites.

For my part, I would say unless there is a real need to keep PCs on your LAN fairly well isolated, why invest in a hardware firewall if you're still going to run software ones as well? These things are there to reduce the hit on system resources and administration overheads, if you're running software firewalls aswell there's no benefit. I've seen few, if any, corporate environments that run separate firewalls on all their desktops, my current place certainly doesn't, for the very reason that a single LAN based firewall gives you a single point of administration.

 

correction windows firewall is running

 

if its XP SP2 Firewall, remember it only block incoming connections and not outgoing, or is it the other way round? anyway, its a one way street and not dual carriageway (Trip - thats a Freeway in USA terms )

 

Ive already got a hardware firewall, its built into my router. So can i uninstall the software ones?

 

Baba- Thanks for the links.

Personally, i would rather sit behind a good hardware firewall and just use SP2 within my LAN. As long as you don't go to any <naughty> sites and are generally sensible, you are have a fair amount of protection from being behind NAT and the firewall within the gateway.

Si (runs as Zeb comes along with a great, involved technical answer )

 

Just ran the other tests and passed them aswell

 

its all good then, but remember, even if you pass the test, and you get a trojan on your PC, which your AV dont pick up, then your ports can open to penetration, remember its not always the outside the can screw your network, the people inside your network can also screw it up aswell... (people seem to forget how easy it is to get screwed, so i though i remind ya'all)

 

Boyce: What are naughty sites? I don't understand!

 

There's security and then there's secure!

As most have stated a single well secured appliance will do a pretty reasonable job as long as the person managing it can do it well.

Most security advice now discuss ayerd security techniques, Edge + core + inter domain/site/subnet firewalls then you also have desktop software based firewalls and physical security i.e. locking doors etc.

Are you being paranoid or are you protecting a valuable resource? Most people will not be interested in hacking into a personal network while a finanacial instution is likely to be prime target.

Statistically speaking the most frequent cause of intrusion by those physically attached i.e users snooping or inadvertantly installing malware. This is why a good edge appliance combined with software firewall that can monitor in and outbound communication will provide the best security, but it will come with the highest overhead for resources, cost, time and confusion.

 

Im being paranoid and secure lol, its just my home pcs im protecting. Coz i cant be hassled with having to recover data etc, like they say prevention is better than cure

Mick

 

lol... you still have to recovery data if thinks goes pear shaped... well, not if you doing regular back-ups, which im sure you are...