2024-12-24, 03:19 *
Welcome, Guest. Please login or register.

Login with username, password and session length
 
Pages: [1]
  Print  
Author Topic: Firewalls (how many do you need?)  (Read 8731 times)
0 Members and 4 Guests are viewing this topic.
shambler
 
Icon of Sin
**********
Posts: 999

« on: 2006-04-03, 18:08 »

Question:

If you have a router with firewall, do you need a software firewall as well?
Logged
Tabun
Pixel Procrastinator
 

Team Member
Elite (3k+)
******
Posts: 3330

WWW
« Reply #1 on: 2006-04-03, 19:40 »

Software firewalls are laughable. Just set up a nice NAT-'protection', preferrably with the router set up to be a firewall aswell, and leave it at that. Software firewalls are only popular amongst so called 'home users' (ie. the kind that needs to be kept away from electronics at all times).
« Last Edit: 2006-04-03, 19:40 by Tabun » Logged

Tabun ?Morituri Nolumus Mori?
Phoenix
Bird of Fire
 

Team Member
Elite (7.5k+)
*********
Posts: 8815

WWW
« Reply #2 on: 2006-04-04, 02:07 »

Most software firewalls are more of an annoyance than actually useful.  A NAT-enabled router, like Tab said, really is the best way to go on broadband.

Software firewalls aren't completely useless, nor are all software firewalls completely laughable.  8-signs is about the only software firewall I would recommend at this point because it gives you absolute control over what you're doing, as well as having a clean interface and advanced logging utilities.  Of course, that also requires knowing what you're doing to operate this kind of firewall, as well as knowing how TCP/IP ports work.  So-called firewalls like ZoneAlarm tend to give people a false sense of security while letting the most dangerous traffic through.  The only good firewall is one that blocks EVERYTHING by default, and you pick explicitly what traffic you want to get through.  That's why I like 8-signs.  No software firewall is ever going to be perfect, but where you really need a good software firewall is if you're on a dialup connection since you're not behind a NAT.  This may seem moot with everyone on broadband now, but should someone be out and about and have to use dialup from lack of an ethernet node, well, it's nice to have that protection.  It's also nice if you're, say, using someone else's wireless node (in an internet cafe, for example).  I won't touch wireless myself but if I had to I would damn well have a software firewall since there's nothing in the line of a NAT to protect a system on wireless from other systems on the same node.  You're trusting whoever set up the node to have properly secured it - big mistake!

One other thing I will warn about with NAT-enabled routers.  There is a port trick that's being used now to attempt access to machines, and that's utilizing port 0.  Port 0 is not a standard port, but I've found you cannot tell the routers to block it using a ruleset, and they let the traffic right through to your machines.  It may show stealth in a scan, but it may still be forwarding through the router.  8-signs picks it up and blocks it.  That's how I found out about it is a person I know runs 8-signs (she's a bit paranoid) on top of the hardware firewall, and it was reporting the access attempts.  Whether or not the operating system does something with that port is another question, but it's good to be aware of this.  I've also found that a lot of routers are now allowing adaptive behavior with port 113.  This is so IRC networks will let the "newbies" on that don't know how to open their ident port.  You can't block it half the time, so you have to forward it to a non-existant LAN IP address if you want to stealth the port.  I actually rolled back my firmware version because the newer firmware wasn't allowing me to blackhole the port using my ruleset.

If you think want to know if you're secure, I recommend visiting Shields Up and testing your ports.
Logged


I fly into the night, on wings of fire burning bright...
Moshman
 
Beta Tester
Vadrigar
**********
Posts: 615

Yarg!

« Reply #3 on: 2006-04-04, 17:44 »

I just use the damned Windows firewall. But ZoneAlarm is pretty decent if you need a 3rd party firewall.
Logged

Lopson
 

Elite
*
Posts: 1133

Still Going In Circles

« Reply #4 on: 2006-04-04, 19:22 »

MS Defender also works as a firewall in a way.  Besides that, Windows firewall for me. Can't overload my PC with stuff in the startup, you know.
Logged

shambler
 
Icon of Sin
**********
Posts: 999

« Reply #5 on: 2006-04-04, 22:51 »

I have been using Norton 2003 since it came out, and have a netgear router. I've tried zonealarm, but it seemed to foul up a few games, so i swopped.
Logged
Lopson
 

Elite
*
Posts: 1133

Still Going In Circles

« Reply #6 on: 2006-04-05, 01:11 »

Zonealarm is nice, specially when working together with IMSecure. But still, Norton kicks the hell out of the rest.
Logged

Moshman
 
Beta Tester
Vadrigar
**********
Posts: 615

Yarg!

« Reply #7 on: 2006-04-05, 15:06 »

Norton... BARF! Pay money for what? The same thing that you can get for free? There is avast, MS anti-spyware... hundreds of programs for free, that work just as good, if not better, than Norton does. It was good in the days of Win 95/98/2000, but now has pretty much faded away from the computer security scene, especially since the rumors surrounding Norton for creating viruses themselves to keep their industry running.
Logged

shambler
 
Icon of Sin
**********
Posts: 999

« Reply #8 on: 2006-04-05, 15:51 »

Quote from: Little Washu
Pay money for what?
How would do that then?

Apart from games, I once paid ?20 for paint shop pro 8. think thats my lot.
Logged
Phoenix
Bird of Fire
 

Team Member
Elite (7.5k+)
*********
Posts: 8815

WWW
« Reply #9 on: 2006-04-05, 21:09 »

All piracy discussions aside, regardless of how you get your software I wouldn't make a product decision based solely on unsubstantiated rumors.  Besides, nobody *needs* to create viruses or other malware to keep the antivirus/antispyware industry alive.  There's enough crooks doing that as it is.  I use Symmantec Antivirus Corporate, used to be called Norton, but it's basically the same thing.  The corporate version is far superior to the home edition.  It has a low memory footprint, catches damned near everything, and is not subject to their stupid subscription policies that the home use versions are.  It works very well.

I wouldn't go for anything security related that's put out by Microsoft.  Their record on security is laughable at best and criminal at worse.  If you want to keep spyware out I recommend using Counterspy, Spybot, and Ad-Aware.  If you don't want to pay for a Counterspy subscription I believe you can do manual updates.  Definitely use Spybot and Ad-Aware, both free. You really shouldn't run more than one antivirus program as they tend to fight each other and bork things up, but using one good active protection antivirus program, one good active protection anti-spyware program, and doing occasional scans with more than one anti-spyware gives pretty good protection.  I also recommend using Noscript and adblock for Mozilla.  No java script except on trusted sites and removing most ads = much safer and more enjoyable surfing.
 Thumbs up!
Logged


I fly into the night, on wings of fire burning bright...
Lopson
 

Elite
*
Posts: 1133

Still Going In Circles

« Reply #10 on: 2006-04-05, 22:27 »

I actually like the MS Defender, as I have said. It hunts down spyware quite well and it is a interesting firewall, a rare thing in the MS products. You should try it. Oh, and NoScript and Adblock are simply a must for all Firefox users. Blocks lots & lots of garbage & stops those malicious javascripts.
« Last Edit: 2006-04-05, 22:29 by [KruzadeR] » Logged

Xypher
Carbon-based Homosapien with an affinity for c++
 

Team Member
Chton
**********
Posts: 210

« Reply #11 on: 2006-04-28, 07:41 »

Firewall? Whats that?

My NAT Router works just dandy! Slipgate - Smile
Logged

Sliders
Uptime: Yes!
Last Idle: 6 Years

http://hellbat.mine.nu
Pages: [1]
  Print  
 
Jump to: