Re: Linksys WRT54G and Firewall software
- From: Gerald Vogt <vogt@xxxxxxxxxxx>
- Date: Mon, 26 Mar 2007 11:06:34 +0900
Maximum Dog9 wrote:
Gerald Vogt wrote:Leythos wrote:
1) You don't need a personal firewall when you are behind a NAT device
that provides a private network without anything port forwarded.
3) The windows non-firewall included in XP SP2 will be more than enough,
but, if you take your laptop to other networks (school, work, friends) it
won't be enough in most cases.
That is not conclusive: The NAT does block (most) incoming connections. The XP SP2 firewall does block all (most) incoming connections when configured with no exceptions.
I am trying to figure out what you are talking about. The above statement makes no sense. The XP packet filter blocks all (most) incoming connections. And the NAT router blocks (most) incoming connections.
What does that have to do with the #3 statement when all that's being stated is that the XP FW may not be good enough when the OP's machine is not connected to the OP's network.
The NAT router and the XP SP FW basically do the same. Still the XP SP FW is not enough at some places while the NAT router is enough always?
The question is: if there is some reason why the XP SP2 FW is not enough in another network although NAT router and XP SP2 FW are basically doing the same, why does that reason not apply to the NAT router as well? But as it is not explained why the XP SP2 FW is not enough in another network I can only ask that unspecific question...
Where is the difference which explains why something else then the XP SP2 FW is needed elsewhere?
If the OP wanted to set a rule to stop outbound packets from leaving the machine, which the XP packet filter cannot do is one difference.
O.K. But that was not mentioned before. Plus the WRT54G with standard firmware does not do reliable outbound filtering.
Two or more firewalls running on a computer result on average in less security then a single one as it is unpredicted what actually is blocked and what not and by which firewall which will jeopardize the consistency of and state table in any firewall (as they are generally stateful).
The poster never said that. Where are you coming up with this conclusion that it was even said by the poster?
You're reading into it what you want to read into it.
As I wrote elsewhere I thought he was thinking of another firewall. But if he is not thinking of another firewall than it remains open what would be necessary to fill this "not enough" when the computer is connected to another network. Behind the NAT router the XP SP2 FW is enough. In another network it is not. So what is the suggestion here? Not to connect to another network? Is that the only point here?
5) More important than a firewall, when behind a NAT router, is the
Antivirus software and your security methods - like not running as an
Administrator (best to run as a limited user), installing Fire Fox, not
using Outlook Express or Outlook if you use POP3 for email....
Most important to keep your system up-to-date and reduce the number of software on your computer. The less software you are running the less is vulnerable.
This makes no sense. The point of the computer is to run software. That's why computers were invented, other than that, just connect a computerized toaster oven to the Internet.
Reduce the amount of software you are using and installing. I have seen computers of people where the windows start menu wrapped over four columns on a high-resolution screen filling well over 200 GB on the hard disc with software alone. Anything they installed for test purposes they simply left there. Why bother even deinstalling something if you still have space left?
Think about what you want to do with your computer and install the software you need for your purpose. That's it. If you need your computer, don't use it a toy to install any garbage you come across...
The less software the less you have to check for updates manually if it does not come with automatic updates.
That's life in the big city.
But as you have to check for updates yourself the situation is easier to manage if you only have 5 essential software products (plus the OS of course) on your computer than 50 most of them hardly or never used.
If you do all this you are very likely that your AntiVirus will never ever report anything relevant and thus will prove itself superfluous.
No one is going to do it. So why even bring it up.
Who is doing it what? It is an observation. Noone is doing anything.
If this is the advice you're giving your users, then they should kick you to the curb.
They would certainly prefer advice from someone uncouth...
Gerald
.
- Follow-Ups:
- Re: Linksys WRT54G and Firewall software
- From: Maximum Dog9
- Re: Linksys WRT54G and Firewall software
- From: Leythos
- Re: Linksys WRT54G and Firewall software
- References:
- Linksys WRT54G and Firewall software
- From: R.User
- Re: Linksys WRT54G and Firewall software
- From: Leythos
- Re: Linksys WRT54G and Firewall software
- From: Gerald Vogt
- Re: Linksys WRT54G and Firewall software
- From: Maximum Dog9
- Linksys WRT54G and Firewall software
- Prev by Date: Re: Linksys WRT54G and Firewall software
- Next by Date: Re: Linksys WRT54G and Firewall software
- Previous by thread: Re: Linksys WRT54G and Firewall software
- Next by thread: Re: Linksys WRT54G and Firewall software
- Index(es):
Relevant Pages
|
