Re: Completely replace software firewall with hardware firewall?
From: Leythos (void_at_nowhere.lan)
Date: 03/21/05
- Next message: Chet: "Re: Completely replace software firewall with hardware firewall?"
- Previous message: sanman: "Re: auditmypc.com"
- In reply to:(deleted message) Sandi: "Completely replace software firewall with hardware firewall?"
- Next in thread: Jack Simmons: "Re: Completely replace software firewall with hardware firewall?"
- Reply:(deleted message) Jack Simmons: "Re: Completely replace software firewall with hardware firewall?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 21 Mar 2005 21:43:37 GMT
On Mon, 21 Mar 2005 21:43:04 +0000, Sandi wrote:
>
> Here in the UK, I am on NTL cable and have just one PC attached.
>
> My head is spinning with all the configuration rules and exceptions
> which need configuring for a software firewall.
>
> I thought I was doing ok with user guides like the section called:
> "Personal firewall configuration for cable modems"
> http://homepage.ntlworld.com/robin.d.h.walker/cmtips/security.html
>
> But it turns out that things are still more complicated than that.
> As an example, I installed Outpost and came across this advice page.
> http://www.outpostfirewall.com/forum/showthread.php?t=9858
> Oh wow. It's all too much! :-) I just want protection without
> becoming an enthusiast or even expert in firewall configuration.
>
> QUESTION ONE: If I buy a hardware firewall then will it completely
> replace the need for me to have a software firewall? That would save
> me some headaches!
Nothing is perfect and nothing can protect you from all threats, not even
a combination of Appliance and software.
In general, an appliance is a better bet than software, if your computer
were to be compromised by some means, with a software based (we call those
personal firewalls) the compromiser could disable your personal firewall
application. It's much harder to put a hole in an appliance from a
compromised machine that it is to put a hole in a PFW.
> QUESTION TWO: I might get a second PC and want to attach both PCs to
> the cable network at the same time. I have heard I can do it with a box
> which includes a hardware firewall as well as some other functions. But
> exactly what sort of box is it that I would need? Any suggestions about
> recommended hardware devices would be welcome.
Most of the devices you are going to be able to purchase under $400 are
called NAT Routers, they are not firewalls (even though they are called
Firewalls by their vendors), but they do provide what I consider the best
first layer of protection and would never setup a network without at least
that minimum layer. A NAT router acts to block unsolicited inbound
traffice, but in almost every case, it doesn't do anything to block
outbound traffic - this means nothing gets in unless your computer
requests it (and if you were compromised you don't personally have to
request anything, the virus/worm can do it without you).
I installed a NAT Router in a Sorority, 40+ girls in a house, all with
different computers and versions of Windows, not one of them has been
compromised since we installed it, not one unsolicited packet has made it
inbound, and they are able to do all they need.
Units like the Linksys BEFSX41 are nice, as are the DI804HV units from
D-Link, but something as cheap as the Linksys BEFSR41 unit will do as well
as most SOHO units.
One nice thing about the Linksys units is that you can also run a free
program called WallWatcher to monitor all inbound and outbound traffic
through the Linksys router - it lets you see what's happening in
real-time, so, once you learn to read it, you can see if your computer's
been compromised. I don't run a personal firewall on any computer behind a
NAT Router or Firewall Appliance, but I also know how to secure the
computers so that I don't need one.
-- spam999free@rrohio.com remove 999 in order to email me
- Next message: Chet: "Re: Completely replace software firewall with hardware firewall?"
- Previous message: sanman: "Re: auditmypc.com"
- In reply to:(deleted message) Sandi: "Completely replace software firewall with hardware firewall?"
- Next in thread: Jack Simmons: "Re: Completely replace software firewall with hardware firewall?"
- Reply:(deleted message) Jack Simmons: "Re: Completely replace software firewall with hardware firewall?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
