Re: do i need a hardware firewall?
From: Duane Arnold (notme_at_notme.com)
Date: Sun, 22 Feb 2004 19:06:00 GMT
tarquinlinbin <email@example.com> wrote in
> I run xp pro with NIS 2003. Do i need a router with built in HW
> firewall,if so i'd prefer linksys but which ones have this facility?
> I'm just a bit cautious at the moment as i seem to have been
Linksys is a good product and I use one myself. But does it have a FW or
does any NAT router have a FW that falls into this category, NO. They
have FW like like features and maybe SPI. You should get a router that
has SPI for sure. I think the BEFSX and SR series have SPI. You should go
to the www.linksys.com and review product data sheets.
A router sits as a stand alone device infront of the machine and is
better than a host based FW in stopping unsolicited traffic/attacks, that
the machine and it's O/S and FW would be using the machine's resources to
If the router had a true FW, then it would meet the specs in the link.
You can use Wallwatcher for the router and Active Ports on the machine to
see what's happening yourself.
You should look into *hardening* the XP O/S to attack by disabling
services that shuts down unneeded ports. Why is MS File and Print service
active, if the machine is not doing LAN communications. Why is the
Wireless Zero Configuration service active if there is no wireless card
installed, which can be used by malware to phone home.
Use the Host to supplement the protection and it's not just for *ad
Think about using IPsec to further supplement the protection behind the
NAT router and NIS, because the router doesn't stop outbound and the NIS
can be knocked out by malware.