Firewalls -- Rehashed

[Phaeton]

I'm sure many, if not ALL of you, are running some form of either Cable or DSL. And with that, I'm also sure most of you are using a router of some sort, be it a D-Link or a Linksys. Now with that in place and ports properly filtered, do you also run a software firewall just for extra paranoia? Is there really a reason to use one... I can answer that one. Unless a hardware firewall is in place, a router with filtered ports is still not a hardware firewall ;-)


Phaeton

[Ferrit]

Well I dont about the rest but for myself.
The main reason I run zonealarm in particular is.
I want to know everything that is trying to go out onto the net.
Things trying to enter is important I agree, but I also want to know whats accessing the net.

[NooNoo]

Yes, hardware firewalls stop stuff coming in, and some stop stuff going out... BUT if its using a legitimate port for nefarious purposes, then a hardware firewall is useless.

The point about software firewalls is that they interrogate the packet to find out what software is sending or receiving. Thus if you have a trojan horse program, it is revealed because it does not have specific permission until you grant it.

People find this a "pain because I keep having to tell it yes" My answer? It shouldn't be after a week or two.... if you are just granting accesses willy nilly, it may as well be not there.

Granted the user has to read the warning and understand it... but the firewall software should have a "more explanation link" to clarify what is being asked of them.

Rule of thumb? deny it - if what you wanted to do doesn't work then the requrest for access was probably generated as a result of your own activity and not someone elses.

[craigmodius]

I think most hardware firewalls should call themselves Half-Firewalls since most of them only block incoming traffic.

Computer firewalls can be compared to their real-world counterparts. At work we have real-world firewalls that are rated to stop actual fire from spreading, and they have varying degrees of burn time. If a real world firewall (such as fire putty) only stopped a fire from spreading in one direction and not the other there wouldn't be much point in using it.

I use a software firewall at home, but I don't use a router. I'm quite happy to have it let me know whenever something is trying to access the internet.

[Poseidon]

a little off subject, but a good step above the basic Linksys firewall (I am currently using this at home):
Firebox SOHO 6



Features a true hardware firewall - with the ability to close outbound ports.

And if you have an old pc lying around a cheaper alternative: Smoothwall

[ilovetheusers]

This is a good topic. I use a linksys and I never see scans of my PC anymore or attacks of any kind. They really do work quite well though they are not a true firewall. Anyone trying to get "in" is blocked, they just don't see you and the PC's on your subnet.

The issue comes when malicious software that the user opens that tries to connect out, which the router alows without issue. This is why you need the additional protection. I like Sygate a lot as it has almost no quirckyness that the others have and it's fairly brainless to complex as you need it to be.

My home network has my computers set up to be protected from the other computers in the house (the girls think nothing of opening any attachment to e-mail, clicking any OK button or link, etc.) for an extra measure of protection.



If you are using this for any busines app or network, you want a real firewall in place that YOU can manage and the users get no say so but to call you for connectivity issues. It will increase your call volume but it's worth it.

[Tr!une]

Yes, hardware firewalls stop stuff coming in, and some stop stuff going out... BUT if its using a legitimate port for nefarious purposes, then a hardware firewall is useless.

The point about software firewalls is that they interrogate the packet to find out what software is sending or receiving. Thus if you have a trojan horse program, it is revealed because it does not have specific permission until you grant it.

People find this a "pain because I keep having to tell it yes" My answer? It shouldn't be after a week or two.... if you are just granting accesses willy nilly, it may as well be not there.

Granted the user has to read the warning and understand it... but the firewall software should have a "more explanation link" to clarify what is being asked of them.

Rule of thumb? deny it - if what you wanted to do doesn't work then the requrest for access was probably generated as a result of your own activity and not someone elses.

Then there are home users. Worked on one computer, cleaned viruses, cleaned spyware and re-invigorated the whole PC and internet connection. I installed ZA ,spybot and anti-virus and told them what they were. Told them that ZA may be a bit noisy at first but will quiet down, when in doubt, say no.
A few months later I have to go back because they have a virus. Ran AVG and found 400 some viri, several trojans and other malware. ZA was no longer running - the guy removed it because "he was tired of it" bothering him. So, I guess I can expect them as a repeat customer.

[dddwarp]

a little off subject, but a good step above the basic Linksys firewall (I am currently using this at home):
Firebox SOHO 6



Features a true hardware firewall - with the ability to close outbound ports.

And if you have an old pc lying around a cheaper alternative: Smoothwall

I loved smoothwall. I work in network security and this a grea little product. THANKs! I agree with most of the responses. Use ZA not so much as a traditional firewall blocking inbound packets (which you have to have these days) but to know what is happening with your system. I like to know what program is accessing the net. In the old days you knew, it had to dial, now, every program wants to talk to something and I hate that. ZA will block the ones you don't need talking on the net.