Re: Firewall yes, but where?
From: Leythos (void_at_nowhere.lan)
Date: 02/20/05
- Next message: Klaus Haber: "Re: Firewall yes, but where?"
- Previous message: Jason Edwards: "Re: Should I worry about NTOSKRNL.EXE ?"
- In reply to: Klaus Haber: "Firewall yes, but where?"
- Next in thread: Klaus Haber: "Re: Firewall yes, but where?"
- Reply: Klaus Haber: "Re: Firewall yes, but where?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 20 Feb 2005 14:47:27 GMT
On Sun, 20 Feb 2005 14:58:45 +0100, Klaus Haber wrote:
> Hello,
>
> I have an understanding problem. There are different meanings concerning to
> use firewalls or not. But generell I heard, that a firewall in a _router_
> in connection with a DSL-PC is better than a firewall integrated in the
> same PC, connected to the net by a _modem_. (Firewall means personal
> firewall).
The home user routers that you are talking about don't have firewalls,
they use routing and NAT to protect you, which does not make the device a
firewall no matter what the marketing hype calls it.
> My understandig ist, that there is no differenz between this both
> configurations. If the router firewall leaks, the attack will reach the PC.
> The same happens, if the PC-firewall will leak. I see only one advantage in
> a router-firewall, if you have a local net with different PCs. In this case
> you need only one firewall for all connected PCs.
There is a big difference between the two solutions:
1) A NAT Router will not allow (by default config) an unsolicited external
connection to your internal systems - there is just no means for it to
make it inbound (unless you open a port and direct it inbound in the
routers configuration - and this is not done by default). In general,
unless you open ports (and you have to manually set this up on the device)
there is no real way for unsolicited traffic to reach your computers
inside the private network. Additionally, misconfiguring your personal
computer will not have any impact on the inbound protection features of
the router.
2) Personal firewalls are very susceptible to misconfiguration at all
levels by the user running the computer. Since most users also run as an
Administrator level account they run the risk of allowing malware to
reconfigure or disable the firewall application. A firewall application
methods means that your computer is still reachable by unsolicited
external connections, but the firewall will drop/reject the connection if
properly configured. With this method, unless you follow proper steps, you
run a serious risk of improperly configuring the firewall and rendering it
useless.
3) Personal Firewalls have an added benefit of being able to detect what
applications on your computer are listening and sending information
outside your computer and may alert you to such activity. In most cases
the user blindly allows things like IE to access the internet silently and
renders this detection useless.
4) Most of the routers, the good home user ones, have logging ability -
this means you can run a logging program on your computer and watch the
inbound traffic and outbound traffic in real-time, you can see the source
IP, port, destination IP and port. This is a after-method of securing your
network in that if something were to compromise your computer and you
didn't know about it, you might be able to see it in the router logs -
such as a rogue SMTP engine installed on your machine spamming the world.
If you get a router with NAT and SPI you will not see any "leaks" inbound.
-- spam999free@rrohio.com remove 999 in order to email me
- Next message: Klaus Haber: "Re: Firewall yes, but where?"
- Previous message: Jason Edwards: "Re: Should I worry about NTOSKRNL.EXE ?"
- In reply to: Klaus Haber: "Firewall yes, but where?"
- Next in thread: Klaus Haber: "Re: Firewall yes, but where?"
- Reply: Klaus Haber: "Re: Firewall yes, but where?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
