Re: Software Firewall
- From: Duane Arnold <NotMe@xxxxxxxxx>
- Date: Mon, 27 Feb 2006 02:02:48 GMT
K2NNJ wrote:
So i'm good with what I got?
If you're not doing the high risks things with the router like port forwarding, then you should be OK. I see the router does have SPI and that's good and some other security features. For downloading things that you have indicated in your post, it's not a FW's job to be concerned about it. But most PFW(s) have some kind of application control that will alert on dubious applications that could be installed on your machine and ran. That feature can easily be defeated and I have disabled that feature on the laptop PFW that I use on the road. It's a worthless feature IMHO and I use other tools from time to time to tell me what is happening on the machine.
While I am at home, the FW appliance I use provides all the protection in stopping inbound and outbound traffic between LAN to LAN, LAN to WAN and WAN to LAN by port, protocol or IP and also logs all inbound and outbound traffic by WAN and LAN IP(s). If your router can stop inbound and outbound and there are those routers that are packet filtering FW routers that also have logging of traffic that can do it, then you're good to go wired or wireless. You don't need a PFW period.
However, you have a wireless solution and I don't think the router can stop outbound. Because it's a wireless solution, someone could hack the wireless, join your network and be all over the top of your machines wired or wireless. For that reason, you might want to keep the PFW(s) on the machines setting rules to only allow traffic between the approved IP(s) on your LAN between the machines.
PFW(s) and other packet filter solutions at the machine level have their place in the protection as long a they don't bring complication to the picture. As far as some kind of file download protection, that's not any FW's job period.
If you're comfortable without the need of a PFW or some other packet filter that can stop outbound behind the router, then go without the PFW. On the other hand, I myself would prefer to have a router that at least meets the specs in the link to be fully comfortable without the need of something supplementing the router. It's just my my opinion on it and some have a completely different view on it. It's something you're going to have to decide as to what's best for your needs.
http://www.firewall-software.com/firewall_faqs/what_does_firewall_do.html
Duane :)
.
"Duane Arnold" <NotMe@xxxxxxxxx> wrote in message news:Ji4Mf.3639$S25.861@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Woody wrote:
The software firewall will give you a heads up if you happen to download something that decides to send your information to the world.
Personal FW's have that trash in them. Host based network FW's, packet filtering FW routers and FW appliances have no such trash. Some would say that a PFW is not a FW since it doesn't separate two networks and is only machine level protection when it does its job as some kind of packet filter and not using all the other bloat trash in PFW solutions.
Duane :)
- Follow-Ups:
- Re: Software Firewall
- From: Volker Birk
- Re: Software Firewall
- From: K2NNJ
- Re: Software Firewall
- References:
- Software Firewall
- From: K2NNJ
- Re: Software Firewall
- From: Woody
- Re: Software Firewall
- From: Duane Arnold
- Re: Software Firewall
- From: K2NNJ
- Software Firewall
- Prev by Date: Re: Reliability of Networking Hardware?
- Next by Date: Re: Most Popular Hardware Firewalls?
- Previous by thread: Re: Software Firewall
- Next by thread: Re: Software Firewall
- Index(es):
Relevant Pages
|
