Page 1 of 2 12 LastLast
Results 1 to 16 of 18

Thread: with a hardware router do i need a software firewall ?

  1. #1
    Senior Member
    Join Date
    Sep 2003
    Location
    glasgow
    Posts
    1,450
    Thanks
    0
    Thanked
    1 time in 1 post

    with a hardware router do i need a software firewall ?

    i hear often that i dont need a software firewall if i have the one in the router (linksys)

    and to be honest id like to get rid of it !

  2. #2
    Member
    Join Date
    Sep 2005
    Posts
    92
    Thanks
    1
    Thanked
    5 times in 5 posts
    Correct me If Im wrong but a hardware router is not the same as hardware firewall. Being behind a router it is a lot more difficult to see your real ip. Your router helps by making it harder to establish a direct connection to your personal pc if you're on a LAN.

    I would keep your software firewall as it gives you added protection and control over apps establishing incoming/outgoing connections.

  3. #3
    unapologetic apologist fuddam's Avatar
    Join Date
    Nov 2005
    Location
    UK
    Posts
    1,954
    Thanks
    363
    Thanked
    275 times in 146 posts
    yep, you wanna stop the stuff going OUT more than the stuff coming in

    the router won't help in that respect - ya need the software

  4. #4
    Senior Member
    Join Date
    Sep 2003
    Location
    glasgow
    Posts
    1,450
    Thanks
    0
    Thanked
    1 time in 1 post
    i know hardware routers and firewalls are different things but you also get routers with a firewall built in since they control everything that is inbound or outbound on a network

  5. #5
    Administrator Moby-Dick's Avatar
    Join Date
    Jul 2003
    Location
    There's no place like ::1 (IPv6 version)
    Posts
    10,664
    Thanks
    53
    Thanked
    385 times in 314 posts
    most router / firewalls are not application aware - they dont know if its IEXPLORE.EXE or SOMENASTYTROJAN.EXE that wants access to port 80 , they just know to let port 80 outbound.

    Think of a layered approach to security and keep that firewall on
    my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net

  6. #6
    Senior Member
    Join Date
    Sep 2003
    Location
    glasgow
    Posts
    1,450
    Thanks
    0
    Thanked
    1 time in 1 post
    bugger i dont like em

  7. #7
    Administrator Moby-Dick's Avatar
    Join Date
    Jul 2003
    Location
    There's no place like ::1 (IPv6 version)
    Posts
    10,664
    Thanks
    53
    Thanked
    385 times in 314 posts
    why not - you dont really need much more than the builtin XP firewall. I can understnad not wanitng ot use some of the 3rd partys ones...their erro messages are irritatingly alarmist.
    my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net

  8. #8
    Senior Member SilentDeath's Avatar
    Join Date
    Aug 2003
    Posts
    4,745
    Thanks
    38
    Thanked
    16 times in 11 posts
    or if you belive that if nothing dogy gets onto your pc then nothing dodgy will be sent out, then you dont need one

    that basicly means you need to be behind a hardware firewall/router if connected to net, and only run trusted programs.

    has worked for me for 10+ years and while not perfect i consider it safer than any system with just a software firewall.

  9. #9
    Administrator Moby-Dick's Avatar
    Join Date
    Jul 2003
    Location
    There's no place like ::1 (IPv6 version)
    Posts
    10,664
    Thanks
    53
    Thanked
    385 times in 314 posts
    Quote Originally Posted by |SilentDeath|
    or if you belive that if nothing dogy gets onto your pc then nothing dodgy will be sent out, then you dont need one
    it also means dont let anyone else use your machine , dont visit any website with unknown content or redirects. Actually you'd better not let any machines inside your network at all. Dont let anyone connect a storage device to your machine. Dont connect it to any unknown networks.

    Given that the XP firewall is free and actually works I can't see any sensible reason not to use it.

    Defence in depth is the only sensible security approach and if an extra layer does not affect day to day running , then I can't see a valid reason not to use it.
    my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net

  10. #10
    Ex-MSFT Paul Adams's Avatar
    Join Date
    Jul 2003
    Location
    %systemroot%
    Posts
    1,926
    Thanks
    29
    Thanked
    77 times in 59 posts
    • Paul Adams's system
      • Motherboard:
      • Asus Maximus VIII
      • CPU:
      • Intel Core i7-6700K
      • Memory:
      • 16GB
      • Storage:
      • 2x250GB SSD / 500GB SSD / 2TB HDD
      • Graphics card(s):
      • nVidia GeForce GTX1080
      • Operating System:
      • Windows 10 x64 Pro
      • Monitor(s):
      • Philips 40" 4K
      • Internet:
      • 500Mbps fiber
    Quote Originally Posted by weebroonieuk
    i hear often that i dont need a software firewall if i have the one in the router (linksys)
    Complete and utter bobbins.

    A hardware (or perimeter) firewall built into a broadband router is going to do absolutely nothing to outbound traffic, and even if it did it has no possibility to be "application aware" (as Moby points out).

    The only way to have application-level protection is to have a process running on the machine itself which get identify processes attempting to make outbound connections from your machine.

    A perimeter firewall (even those with stateful packet inspection and rudimentary intrusion detection) typically looks only at ports and/or protocols for determining what is and is not allowed through.


    My list of security measures for layered security on Windows, in no particular order:
    - perimeter (or "hardware") firewall
    - application-aware (or "personal"/"software") firewall
    - AV, automatically updating (I use Avast as it is very vocal when it updates and it is clear if the service is disabled)
    - enable Automatic Updates
    - log on as a limited user, not an admin
    - periodically use AutoRuns from Sysinternals.com to check what is running on machine startup and/or user logon, editing as necessary
    - if using a 32-bit version, periodically run Rootkit Revealer from SysInternals.com
    - never use any "remember this password" features for sensitive or financial services
    ~ I have CDO. It's like OCD except the letters are in alphabetical order, as they should be. ~
    PC: Win10 x64 | Asus Maximus VIII | Core i7-6700K | 16GB DDR3 | 2x250GB SSD | 500GB SSD | 2TB SATA-300 | GeForce GTX1080
    Camera: Canon 60D | Sigma 10-20/4.0-5.6 | Canon 100/2.8 | Tamron 18-270/3.5-6.3

  11. #11
    ?!
    Join Date
    Sep 2004
    Posts
    1,045
    Thanks
    2
    Thanked
    6 times in 5 posts
    Quote Originally Posted by Paul Adams
    - enable Automatic Updates
    - log on as a limited user, not an admin
    Clearly your more lucky than most. A lot of my applications functionality breaks switching to 'limited user'. And as for automatic updates, one time I had to spend 5mins in System Restore thanks to whatever it updated!

    And you forgot one thing - enable no execute protection on all applications and not just vital services. This again will break old apps but there is an exclusion list if need be.

  12. #12
    Administrator Moby-Dick's Avatar
    Join Date
    Jul 2003
    Location
    There's no place like ::1 (IPv6 version)
    Posts
    10,664
    Thanks
    53
    Thanked
    385 times in 314 posts
    Quote Originally Posted by javalord
    Clearly your more lucky than most. A lot of my applications functionality breaks switching to 'limited user'. And as for automatic updates, one time I had to spend 5mins in System Restore thanks to whatever it updated!

    And you forgot one thing - enable no execute protection on all applications and not just vital services. This again will break old apps but there is an exclusion list if need be.
    The "run as" functionality is v usefull here

    I like to download updates and install them when I'm readyu ( just in case )
    my Virtualisation Blog http://jfvi.co.uk Virtualisation Podcast http://vsoup.net

  13. #13
    Ex-MSFT Paul Adams's Avatar
    Join Date
    Jul 2003
    Location
    %systemroot%
    Posts
    1,926
    Thanks
    29
    Thanked
    77 times in 59 posts
    • Paul Adams's system
      • Motherboard:
      • Asus Maximus VIII
      • CPU:
      • Intel Core i7-6700K
      • Memory:
      • 16GB
      • Storage:
      • 2x250GB SSD / 500GB SSD / 2TB HDD
      • Graphics card(s):
      • nVidia GeForce GTX1080
      • Operating System:
      • Windows 10 x64 Pro
      • Monitor(s):
      • Philips 40" 4K
      • Internet:
      • 500Mbps fiber
    Quote Originally Posted by javalord
    Clearly your more lucky than most. A lot of my applications functionality breaks switching to 'limited user'.
    Perhaps I am lucky, the only bugbear I have is with IrfanView not remembering file associations for non-admin users.
    For only specific tasks or programs do I need to use "Run as" and give admin credentials - trying to compile BHOs or driver in Visual Studio would be interesting without those permissions for example.
    But day-to-day stuff I have no problems with being logged in as a regular user.

    Quote Originally Posted by javalord
    And as for automatic updates, one time I had to spend 5mins in System Restore thanks to whatever it updated!
    Whatever updates are installed by Automatic Updates or manual Windows Updates are listed in the System event log under "NtServicePack" events, and the KBs listed can be checked on http://support.microsoft.com so you can see the specific files that were replaced.

    Quote Originally Posted by javalord
    And you forgot one thing - enable no execute protection on all applications and not just vital services. This again will break old apps but there is an exclusion list if need be.
    Not necessarily old apps - Skype and Oblivion are on my list of exceptions as they crash with DEP enabled.
    But you are right, I did miss it off the list - to be honest as a standard security practice it might cause more problems than it potentially solves - it is not the first thing you think of when an application crashes shortly after (or on) launching, if you enabled this feature a long time ago or under advice from someone else without knowing what it means.
    Last edited by Paul Adams; 26-03-2006 at 10:48 AM.
    ~ I have CDO. It's like OCD except the letters are in alphabetical order, as they should be. ~
    PC: Win10 x64 | Asus Maximus VIII | Core i7-6700K | 16GB DDR3 | 2x250GB SSD | 500GB SSD | 2TB SATA-300 | GeForce GTX1080
    Camera: Canon 60D | Sigma 10-20/4.0-5.6 | Canon 100/2.8 | Tamron 18-270/3.5-6.3

  14. #14
    Senior Member
    Join Date
    May 2004
    Location
    Essex
    Posts
    2,435
    Thanks
    0
    Thanked
    4 times in 2 posts
    • BenW's system
      • Motherboard:
      • ASRock Dual SATA2
      • CPU:
      • AMD64 3500+
      • Memory:
      • 1GB Crucial DDR
      • Storage:
      • 160GB Samsung 8MB Cache
      • Graphics card(s):
      • Sapphire Radeon HD 3850
      • PSU:
      • Seasonic S12 600W
      • Case:
      • Silverstone TJ-04
      • Monitor(s):
      • Dell 17" Ultrasharp
      • Internet:
      • Virgin 8Mb
    interesting, i disabled all firewall since getting my router/firewall.

    I'll enable the XP firewall again

  15. #15
    Senior Member
    Join Date
    Jul 2005
    Location
    Cambridge
    Posts
    225
    Thanks
    1
    Thanked
    0 times in 0 posts
    you could add Kerio Personal Firewall which is free and a really good firewall read about it here and for the download

    http://www.sunbelt-software.com/Kerio.cfm

    Herb

  16. #16
    Senior Member
    Join Date
    Sep 2003
    Location
    glasgow
    Posts
    1,450
    Thanks
    0
    Thanked
    1 time in 1 post
    i just want one that will pop up like most do and stop any processes that try to send or receive anything without my permission then remember it and the firewall will not alert me to it again unless the exe changes ir is changed by something malicious!

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Router to router connection
    By ajbrun in forum Networking and Broadband
    Replies: 17
    Last Post: 28-02-2005, 11:03 PM
  2. Best Software Firewall?
    By Jonny M in forum Networking and Broadband
    Replies: 35
    Last Post: 07-11-2003, 06:36 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •