Re: Software vs. hardware firewalls

From: Thor (ithork@REM0VEyahoo.com)
Date: 11/17/02 

From: "Thor" <ithork@REM0VEyahoo.com>
Date: Sun, 17 Nov 2002 05:30:51 GMT

> > Are there attacks that
> > Zonealarm will let through that a hardware firewall would stop?
>
> I think you should reverse your thinking on that.

Err... how do I reverse my thinking about a question (for which I don't know
the answer)?

> And Thor, you know a lot about this computer stuff to begin with. So, I am
a
> little surprised that you're asking this. :)

Do I know you, Duane?

"Duane Arnold" <darnold92@Insightbb.com> wrote in message
news:hEEB9.23675$__1.13258@rwcrnsc51.ops.asp.att.net...
> > >What advantage does a hardware firewall like the Linksys BEFSR41
> > > have over a software solution like Zonealarm?
>
> Why try to explain it?
>
> http://www.homenethelp.com/web/explain/about-NAT.asp
>
> Now, the latest version of the Linksys firmware SPI has been removed,
> because that were having too many issues implementing SPI into the
firmware.
> Apparently, SPI has never worked right on any of the Linksys firmware.
>
> > Are there attacks that
> > Zonealarm will let through that a hardware firewall would stop?
>
> I think you should reverse your thinking on that.
>
> > Will I have
> > any hassles getting various multiplayer games working with a hardware
> > firewall?
>
> By using Port Forwarding or Triggering, you will be able to tell the
router
> to map specified port traffic to a specified IP/machine needing the port
> opened. So there should be no issues with playing games. It's just network
> traffic.
>
> However, by doing Port Forwarding or Triggering you have open the port to
> the public Internet, and therefore, the machine is open too. Because
others
> know about the port being opened for certain games to be played, the
machine
> can be attacked. On a Linksys router prior to firmware 1.43 which doesn't
> have SPI, SPI must be disabled in order for Port Forwarding or Triggering
to
> work. So you will need something like ZA.
>
> But also think about this, what is looking at the network traffic between
> two machines when a valid connection is made between the two? The
router's
> NAT and SPI are out of play and ZA on the machine is out of play. Who is
to
> say that the machine your connecting to has not already been compromised?
> What's to say that the machine is getting ready to attack your machine
with
> a self populating worm, virus, etc.
>
> You may want to think about an Intrusion Detection System such as BlackIce
> IDS/firewall or Snort/IDS setting behind ZA
>
> http://www.uksecurityonline.com/husdg/windowsxp/ids.htm
>
> By the way I use Linksys and it's a good product, but other brands of
> routers have SPI that work. I have BlackIce on the machines to compensate
> for SPI being disabled.
>
> And Thor, you know a lot about this computer stuff to begin with. So, I am
a
> little surprised that you're asking this. :)
>
> Duane :)
>
>