Do I need a software firewall in addition to a NAT router/firewall?

Discussion in 'Linux Networking' started by CRC, Sep 6, 2008.

  1. CRC

    CRC Guest


    I have operated Linux and Windows XP boxes behind a Linksys WRT54G NAT
    router with it's firewall enabled as well as blocking anonymous internet
    requests (black-hole) mode for years, and have not had any problems
    (that I am aware of). Because of the hw router, I figured I didn't need
    to run firewall software on the PCs behind the router. This includes
    running the XP box totally unsecured with it's firewall turned off, and
    no anti-virus software.

    Now I am worrying that maybe this isn't so true. There are several
    means by which things could go wrong. What comes to mind are (in order
    starting with what I think are the most likely risks): java and
    javascript code that runs in the web browsers (see note below), Active-X
    controls in M$ IE, recent exploits involving things which I would have
    considered passive such as images and flash video, downloading a program
    infected by a virus or trojan. Also, this recent DNS hijacking business
    is scary.

    We have used administrative controls to mitigate some of these hazards,
    by doing the following:

    1. Basically nothing about the java, javascript, and flash/images.
    2. For Active-X, my wife who uses XP frequently, only uses IE for
    accessing trusted sites such as a bank or a merchant that cannot
    function without IE (almost never). We primarily use Firefox on XP.
    She also uses XP to Skype.
    3. To avoid viruses we simply don't install programs that aren't from a
    source that is trusted. By that I mean, a vendor that we sought out and
    know well, like Vmware, Skype, Mozilla, OpenOffice, etc. We use
    Seamonkey or Thunderbird on Linux for email (including my wife). So
    attachments are of little danger. We are pretty good at spotting scams,
    and my wife knows how to look at full headers, etc. We use no M$
    software except for XP itself.
    4. In case the XP is compromised, which I regard as more likely than
    Linux, we don't run my Linux box at the same time as her XP, since I
    have the most important family data on my Linux box. Thus, the only way
    anyone could get to important personal data is if an exploit that got on
    her XP could access her ext2 partition (unlikely) and install something
    into the Linux partition, or crack the router, then wait in the router
    to attack either of the Linux machines when they are up. I consider
    these scenarios extremely unlikely.

    So it's mainly the browser scripts and other exploits that are the main
    danger. Should I be running software firewalls on both XP and Linux
    boxes, and anti-virus programs on XP, or is the router and our
    administrative policies enough?

    Thanks for comments.
    CRC, Sep 6, 2008
    1. Advertisements

  2. CRC

    Bit Twister Guest

    For starters.
    Not for me. Only thing I do on XP is TurboTax.
    Skype and banking are on done on linux.
    I will not do business with a merchant which requires Internet Explorer.
    Bit Twister, Sep 6, 2008
    1. Advertisements

  3. CRC

    CRC Guest

    David Brown wrote:[a lot]

    Thanks for the responses, folks.
    CRC, Sep 8, 2008
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.