Re: Soft or hard fw?

From: Duane Arnold (notme@notme.com)
Date: 12/26/02 

From: "Duane Arnold" <notme@notme.com>
Date: Wed, 25 Dec 2002 23:37:51 GMT

> * Is the hardware firewall better than the software ones (zone alarm,
kerio
> etc).
>

The one thing the that router does is stealth you machines behind the router
from the Internet using NAT and SPI, if it has SPI. No software firewall can
do that. And some routers can accept or reject network traffic on specified
IP(s) and ports TCP/UDP.
Most routers have the ability to block access to the Internet based on given
MAC address of a machine's NIC card.
I have not seen a router that can block "phone home" attempts, although
there may be some.
I also have seen at least one router that has IDS.

On the other hand, software firewalls can stop "phone home" attempts.
Stop worms and Trojans and from running on your machine.
Close ports TCP/UDP on specified IP(s)
Scan network traffic for attack patterns and instruct firewall to block the
traffic -- IDS

> * The d-link can use something called dmz to expose one of the computers
to
> the network. Is this a good thing to do if the exposed computer has a good
> software firewall?

Well, I have done it on many occasions using a software firewall, but I try
to stay behind the router if at all possible.

> * Would dmz:ing one of the computers prevent filesharing with my other
> computer?
>

I have done it, but would not recommend it on a machine that was not running
a *harden* O/S like Win NT, 2K, or XP and the machine had a software
IDS/firewall application installed.

Duane :)

Relevant Pages

  • Re: Just venting (totally OT)
    ... the ame router to get access to the net! ... I'm paranoid about opening up my firewall "just in case..." ... not visiting dodgy Websites. ... The protection that it does supply is also provided by ...
    (uk.people.support.depression)
  • Re: Just venting (totally OT)
    ... how long it plays for because it's all been ripped on to hard disc ... the ame router to get access to the net! ... I'm paranoid about opening up my firewall "just in case..." ... The protection that it does supply is also provided by ...
    (uk.people.support.depression)
  • Re: What is broken:McAfeee firewall or my router ????? Urgent, ple
    ... your computer regardless of what McAfee firewall said. ... If your router is ... warned about those ports being available right away if you had any of those ...
    (microsoft.public.security)
  • Re: What is broken:McAfeee firewall or my router ????? Urgent, ple
    ... your computer regardless of what McAfee firewall said. ... If your router is ... warned about those ports being available right away if you had any of those ...
    (microsoft.public.security)
  • Re: Just venting (totally OT)
    ... long it plays for because it's all been ripped on to hard disc so it ... I'm paranoid about opening up my firewall "just in case..." ... having the protection of a router, not opening dodgy emails, and not ... The protection that it does supply is also provided by your router ...
    (uk.people.support.depression)
Quantcast