Re: do i need a hardware firewall?

From: Duane Arnold (notme_at_notme.com)
Date: 02/22/04


Date: Sun, 22 Feb 2004 19:06:00 GMT

tarquinlinbin <fleagle@myrealbox.com> wrote in
news:qbrh309tgdu52mnhuigtov7793gnmn8lje@4ax.com:

> I run xp pro with NIS 2003. Do i need a router with built in HW
> firewall,if so i'd prefer linksys but which ones have this facility?
>
> I'm just a bit cautious at the moment as i seem to have been
> attacked!!
>
> thanks
>
>

Linksys is a good product and I use one myself. But does it have a FW or
does any NAT router have a FW that falls into this category, NO. They
have FW like like features and maybe SPI. You should get a router that
has SPI for sure. I think the BEFSX and SR series have SPI. You should go
to the www.linksys.com and review product data sheets.

A router sits as a stand alone device infront of the machine and is
better than a host based FW in stopping unsolicited traffic/attacks, that
the machine and it's O/S and FW would be using the machine's resources to
do.

http://www.homenethelp.com/web/explain/about-NAT.asp

If the router had a true FW, then it would meet the specs in the link.

http://www.firewall-software.com/firewall_faqs/what_does_firewall_do.html

You can use Wallwatcher for the router and Active Ports on the machine to
see what's happening yourself.

You should look into *hardening* the XP O/S to attack by disabling
services that shuts down unneeded ports. Why is MS File and Print service
active, if the machine is not doing LAN communications. Why is the
Wireless Zero Configuration service active if there is no wireless card
installed, which can be used by malware to phone home.

http://www.uksecurityonline.com/husdg/windowsxp.php

Use the Host to supplement the protection and it's not just for *ad
blocking*.

http://mvps.org/winhelp2002/hosts.htm
http://accs-net.com/hosts/HostsToggle/

Think about using IPsec to further supplement the protection behind the
NAT router and NIS, because the router doesn't stop outbound and the NIS
can be knocked out by malware.

http://www.petri.co.il/block_ping_traffic_with_ipsec.htm
http://www.analogx.com/contents/articles/ipsec.htm

Duane :)

http://www.uksecurityonline.com/husdg/windowsxp.php

  



Relevant Pages

  • ~~~~~~~~~~~~~~ STATIC IP ~~~~~~~~~~~~~~
    ... setup rvl2 with dsl static ip ... static ip windows 23 server problems ... static network ip dynamic dhcp router ... setup linksys befvp41 static ip ...
    (sci.techniques.spectroscopy)
  • Re: Linksys BEFSX41-PPTP is Broken with SPI
    ... SPI Issues on all of the Router Products ... Thank you for contacting Linksys Customer Support. ...
    (comp.security.firewalls)
  • Re: Avoid Linksys like the Plague
    ... displeased with his new Linksys router. ... located a vendor selling "Brand New Shrinkwrapped Linksys" routers. ... I've determined I will never purchase from them again. ...
    (alt.internet.wireless)
  • Re: router for firewall on home PC?
    ... >> packet inspection. ... > horse's mouth (Linksys) that they are having lots of issue with it. ... Or is it just another NAT router with SPI? ...
    (comp.security.firewalls)
  • Re: Need help with DHCP Client & Name servers
    ... Choose a private IP subnet for your LAN. ... The Linksys router defaults to 192.168.1.1 (IIRC, ... DNS server definitely does. ...
    (comp.os.vms)