Re: Hardware, software or both?

From: Leythos (void_at_nowhere.com)
Date: 05/23/03 

Date: Fri, 23 May 2003 12:42:06 GMT

In article <Xns9383DB64AA1C6donut@216.102.43.227>, none@none.com says...
> "Stephko" <stephko12nospam@attbi.com> wrote in
> news:vmdza.700654$Zo.149802@sccrnsc03:
>
> > Good afternoon, I am new at this and trying to decide which "route"
> > to follow. This is for a home computer, I am the only user and right
> > now I am checking the Sygate Personal firewall and like it a lot.
> > Shall I invest on a hardware firewall or the software will do just
> > fine. I not sure I understand what the difference is ... Shall I use
> > both and if so will this be overkill or even screw up my system?
> >
> > I am following the directions of http://www.geocities.com/yosponge/
> > (thanks to other posts) in the meantime.
> >
> > Thanks so much for any feedback
>
> The other posts so far are right on, and I wouldn't worry too much about a
> router unless you are connected 24/7 or plan to network.
>
> I'm a Kerio fan myself, but I am thinking about giving Sygate another
> whirl, based on what I have been reading about it lately.

I think that EVERYONE needs to understand the skill / experience level
of the user above, and the type of user (like the above) that asks about
these firewall questions. Here are my thoughts concerning software
firewalls and routers:

1) Software firewalls are great when you know how to configure them and
when an experienced security person is managing them.

2) Software firewalls are easy for the non-technical computer user to
open holes through - they don't understand the warning messages and
"may" create an opening.

3) Routers are very cheap - often cheaper than the registered copy price
of the personal firewall applications.

4) Routers are not easy for the home user to misconfigure and don't
prompt them for something every time a new attempt is made.

5) Routers block all inbound traffic by default - nothing gets in unless
their machine is already hacked.

6) Routers allow you to run an internal network with file/printer
sharing without the fear of sharing it with everyone on the internet.

7) Routers isolate your run unsolicited inbound traffic, so your machine
is not exposed to the extra CPU processing power / Memory needed to
defend itself. Think about how many people are running XP with 128MB
ram!

8) Software firewalls can mess with the operating system on some users
machines - I've not had this problem, but many people do.

9) Software firewalls are needed for dial-up connections and for people
that move their system from one network to another network (laptops).
You can be hacked just as easily on a dial-up connection as you can ona
DSL/Cable connection. When on another network, Company / Private, your
computer is fully exposed unless you have a software firewall on it.

10) No matter how much you explain it to a firewall novice or non-
technical person, they will eventually misconfigure their software
firewall.

I ALWAYS install a NAT/Router for clients, and then a software firewall
for the ones that need the extra security. The NAT/Router is first, then
the personal firewall.

Don't get any of this wrong, I love CheckPoint FW1 and others, but these
personal firewall apps, while great applications, are extremely easy to
misconfigure - the difference being the level of expertise of the person
doing the configuration.

Get a router if you have cable/dsl, get a personal firewall of you have
anything that is not always-on.
  

-- 
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

Relevant Pages

  • Re: Neither, buy a router.
    ... I don't use a "personal firewall" myself, ... personal firewalls with their routers, and it is not just a marketing ploy. ... > 1) Software firewalls utilize CPU cycles on the machine they run on. ...
    (comp.security.firewalls)
  • Re: Hardware, software or both?
    ... one more question please regarding routers. ... > 2) Software firewalls are easy for the non-technical computer user to ... > of the personal firewall applications. ...
    (comp.security.firewalls)
  • Re: Recurrent question
    ... The windows firewall comes with it's own set of problems. ... think Microsoft's security reputation speaks for itself. ... Logs may be sorted by source IP, source port, ... "Software Firewalls versus Wormhole Tunnels ...
    (comp.security.firewalls)
  • Re: Software Firewalls are "Snake Oil" !
    ... I had a look at the specs for Tiny Personal Firewall - it says specifically ... > Outpost is one package whereas these are five (I recommend DNSKong ... >>So, bottom line, are these software firewalls worth a hoot? ...
    (comp.security.firewalls)
  • Re: XP Firewall will not enable at system boot
    ... I have WF turned off because I've given McAfee control of the firewall. ... wise to have two software firewalls, although it is OK to have a hardware FW ... >I have Norton Internet Security Personal Firewall, disabled, but Norton ...
    (microsoft.public.windowsxp.security_admin)