Re: Firewall needed behind router?

From: Chuck (
Date: 06/10/05

Date: 9 Jun 2005 19:44:02 -0500

On Fri, 10 Jun 2005 11:18:50 +1200, "Peter in New Zealand"
<> wrote:

>Peter in New Zealand. (Pull the plug out to reply.)
>Collector of old cameras, tropical fish fancier, good coffee nutter, and
>compulsive computer fiddler.
>"Chuck" <> wrote in message
>> On Thu, 9 Jun 2005 20:09:09 +1200, "Peter in New Zealand"
>> <> wrote:
>>>I have three PCs on a LAN which is connected to the Internet via the
>>>modem/router unit. Is there any advantage in having a software firewall
>>>this case McAfee) on these machines, or would the router be sufficient
>>>protection? There's no requirement for inter-PC protection - just from the
>>>Internet. We just recently upgraded to broadband after a decade of dialup,
>>>so it is all a bit new to me. The tech told me the router is configured to
>>>prevent DOS and hacker attacks, and I understand a little of the theory,
>>>not a lot, so I apologise if this is a silly question. Thank heaps for
>> Peter,
>> This isn't a silly question. This question gets asked almost daily, and
>> should
>> be asked more.
>> If you have multiple computers on a LAN, and any one of them is used for
>> Internet access of any type, you should have a personal firewall on each
>> one of
>> them. If any one of them should get infected, it could be with a combined
>> threat that enters the LAN as browser data, and then attacks other
>> computers on
>> the LAN. Having a PFW on each one could save the others, and could alert
>> you to
>> the infection.
>> The broadband tech needs to educate himself a bit more. Why do you think
>> that
>> there's no requirement for inter-PC protection?
>> --
>Brilliant, that's what I needed to know. It makes a heap of sense to me,
>which was why I needed some expert guidance, and I enjoyed reading the blog.
>The "tech" perhaps needs a brief explanation. Telecom NZ have been
>threatened with being forced to unbundle their lines for other ISPs unless
>they make it easier and cheaper for people to get onto broadband. The
>deadline is looming and their are keen to get the required numbers onto it
>before it expires. That's how I got onto it after a decade of dialup. The
>whole deal, with the cabling and router supplied cost me a grand total of
>$56NZ. This sort of deal has triggered a huge surge of demand, and anyone
>who can push a plug into a hole basically is being called a tech and put
>into the field to meet the demand. Mostly their answers are canned responses
>learned by rote to set questions. They're a sort of walking robot FAQ I
>suppose. It's really funny when you ask them a question they are not
>programmed to answer. They kind of jam up, and stop responding.
>I must hasten to add that the one I dealt with was courteous, helpful, and
>quite ready to admit that he wasn't sure about the firewall issue, hence my
>question here.
>I appreciate your responses, and I will keep the software firewall on my
>machines as you suggest. Many thanks.


Thanks for the update, and for the encouragement.

Paranoia is not a problem - it's a normal response from experience.
My        email         is          AT         DOT
   actual       address    pchuck       sonic      net.