Re: Firewall and Home Network
From: David (davidwnh@adelphia.net)
Date: 11/20/02
- Next message: Bill Sanderson: "Re: Trojan Horses Popular To The Malicious Hackers"
- Previous message: Robert Dubenezic: "Re: Norton Personal Firewall 2003 or ZA Pro???"
- In reply to: Robert R Kircher, Jr.: "Re: Firewall and Home Network"
- Next in thread: ThomBa: "Re: Firewall and Home Network"
- Reply: ThomBa: "Re: Firewall and Home Network"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "David" <davidwnh@adelphia.net> Date: Wed, 20 Nov 2002 01:22:58 GMT
Damn straight Bob!
I agree with you on every point. With a router blocking incoming, up to date
antivirus, and an up to date well configured OS you eliminate the vast
majority of the problems, and with minimal configuration hassle to boot!
Most of the personal firewalls are too difficult to configure and use
properly by the average home user but hopefully this will change in the
future. Many people do learn how to use their security software properly
over time though. This is at some point a learning process for everyone and
debates like this should at least enlighten people as to what these devices
can and cannot do, so that they can make informed decisions based on their
particular needs.
Now let's address the vast minority of the problems and I'm not talking
about individual hackers. They are the least of my worries. The 1 out of 10
instances(or whatever it may be) that this setup doesn't protect, and the
growing number of companies that believe they have the right to datamine
personal information off your computer. If I can get my odds up to 99% from
90%(again whatever the true statistics may be) and eliminate unwanted
spyware from my computers then I'm even happier. The fact is the
virus/worm/trojan writers will always be one step ahead of the antivirus
software vendors. And sometimes all you have to do is change the name of
some trojans to make them undetectable. I have seen several instances
regarding worms and trojans that "walked right by" up to date AV software
and cable/dsl routers. And as far as spyware, programs such as AdAware don't
even come close to identifying all the "malicious" spyware activity going
on. I don't personally feel the need to isolate every application with
additional firewalling, but all my computers are proxied, and I use IDS and
access logging to cover for some of the shortcomings of my router. Most of
these routers provide some form of access logging, but in general they are
not very thorough. In saying this I do not necessarily believe people need a
software "firewall" behind their router, however I do believe some form of
additional detection and filtering is needed or at least helpful. Basically
what I'm getting at is that when something unwanted gets installed on your
computer, with only AV and many of these routers in use, that malware can
run without any means for it to ever be detected if it is not in your AV
software's definitions. Some people use personal firewalls not only because
they want filters at the application level, but many also provide access
logging, IDS, content filters, IP filters, protocol filters, and privacy
controls. It is the addition of some or all of these functions that I
advocate not unnecessary redundant protection. Any or all of these can be a
plus and are not included functionality of many routers. Having an
all-in-one software solution to address these shortcomings at minimal cost
(often free) is not a bad thing and the only affordable solution for many.
There are some routers that have some or all of these additional features,
but they are typically marketed as "hardware firewalls" and far surpass the
capabilities of your average cable/dsl router. Some of these devices
eliminate much of the need for separate software solutions. These are
usually designed from the ground up as firewalls and not simply devices
designed to connect multiple computers to the internet with a single public
IP address( although many do this also). Some of these are the devices that
should be touted as acceptable firewalls, not most of the simple cable/dsl
routers that provide some inherent protections albeit with minimal
configuration options. It is the differences in functionality between these
two classes of devices which needs to be noted. Most posts in this board do
not address these specific devices since they are only recently starting to
become affordable enough for the average Joe.
So in closing my contribution to this thread let's evaluate the risks. You
do not have to be specifically targeted in this day and age. The
worms/viruses/trojans/scripts are automated and make everyone connected to
the internet a potential target. Add children and a non computer savvy
spouse to your list of users and tell me if AV and a typical cable/dsl
router is an acceptable security solution? You will probably always think
so since if you do get some malware that is undetected by your AV software
you may never know that you have even been bitten if you don't have an
additional detection mechanism. No solution or suite of solutions is
perfect, however bettering your odds at minimal expense and generally
unnoticed performance cost is often desirable.
> First of all the posters that replied are correct. The real answer is
maybe
> yes, maybe not...
>
> The first thing you want to make sure is that you have good AND updated
> antivirus software on all your PCs. 9 times out of 10 I have to clean up
> after viruses over hacked PCs.
>
> Your NAT router should do a pretty good job of keeping unwanted and
> unsolicited traffic out. The exception to this is if you have any port
> forwarding turned on. In this case you are vulnerable and that PC should
> have a firewall installed.
>
> The other good reason for installing a desktop firewall is to manage
> OUTGOING traffic. Many Trojans call home to momma and if you have a FW
> installed and properly configured you can capture this traffic and then
> locate and remove the source.
>
> The key is to evaluate the risk. IMO you are more at risk from viruses
than
> hacking. Adding a Desktop firewall behind your NAT router may be
equivalent
> to putting on two rain coats. Ask yourself, How often has my installed
> firewall blocked a hackers attack?
>
> The second key is properly configuring the FW if you choose to install
it...
> I can't tell you how many people who I support have a FW installed but
> because they don't understand why they can't browse the web or get their
> email they either disable the FW or open it up wide for all the nasty
> traffic to get through...
>
> IMHO Desktop FW's aren't every day consumer ready yet. I've tested most
of
> the free and many of the pay FW's and I find them all difficult (for the
> everyday user) and time consuming to configure. This coming from someone
> who works with "corporate" firewalls. If you understand how internet
> traffic works you're ok but most of my home and home office clients have
no
> clue. Anti Virus software, on the other hand, is pretty much install and
> forget. The most you have to configure is the auto update and most do
that
> for you at install time...
>
> With all that said, I'd look at a HW firewall solution between your router
> and you PC's. This assumes that you are using Netgears Modem Router. If
> you are DSL or Cable then look into the Netgear ProSafe routers. They
have
> a very good FW built in which manages both incoming and outgoing traffic.
> Then you can get rid of the desktop FWs altogether.
>
- Next message: Bill Sanderson: "Re: Trojan Horses Popular To The Malicious Hackers"
- Previous message: Robert Dubenezic: "Re: Norton Personal Firewall 2003 or ZA Pro???"
- In reply to: Robert R Kircher, Jr.: "Re: Firewall and Home Network"
- Next in thread: ThomBa: "Re: Firewall and Home Network"
- Reply: ThomBa: "Re: Firewall and Home Network"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
