Do you still need a software firewall if you have a NAT router?

Discussion in 'Broadband' started by steve.anon, Apr 19, 2005.

  1. steve.anon

    steve.anon Guest

    Hi, I plan to get a NAT/SPI router from buffalo tech. (WBR2-G54S -
    http://www.buffalotech.co.uk/webcontent/products/wireless/index.php?cat=125&itemID=wbr2-g54s)


    I'd like to know if it then become unnecesary to use a software
    firewall such as zone alarm? It would save me some resources and money
    to ditch ZA. So you think that the Buffalo claim that their router has,
    I quote "Dynamic Packet Filtering,
    Intrusion Detector & SPI Firewall" can be trusted?

    I'm running win xp sp2.

    Best,

    Steve.
     
    steve.anon, Apr 19, 2005
    #1
    1. Advertisements

  2. steve.anon

    Peter M Guest

    It is widely accepted that while a router will block many sorts of incoming
    traffic, it won't stop your machine 'calling home' if your PC gets infected,
    or simply 'causing a nuisance' (which may be sufficient to get your ISP to
    disconnect you)... The first warning you may have is that your firewall
    is asking for permission to 'send' data... so I'd always recommend using
    a software firewall, however much of an 'overhead' you consider it. Peter.
     
    Peter M, Apr 19, 2005
    #2
    1. Advertisements

  3. the depends on your definition of unnecessary. I wouldn't (and don't)
    bother, you can use the SP2 firewall if you like as its free. MS also
    have an anti-spyware beta
    http://www.microsoft.com/athome/security/spyware/software/default.mspx
    that montors undesirable activity.

    Personally I can't be doing with software firewalls asking me if I
    want to allow the computer to do what I just instructed it to do :)

    Phil
    Tiscali - dialup speeds at Broadband prices :)

    --
     
    Phil Thompson, Apr 19, 2005
    #3
  4. The response implies that it is better to place all your resources into preventing a PC from being
    infected in the first place rather than having a mechanism to trap outgoing data of a dubious kind.
    Is not timely patch management, latest AV signature files loaded and regular sweeping of the PC to
    confirm it is 'clean' a more responsible approach rather than the reliance on a software firewall
    where the configuration could well give a false sense of security? Prevention rather than cure
    seems to me to be more sensible.

    David Bradley
     
    David Bradley, Apr 19, 2005
    #4
  5. steve.anon

    Peter Guest

     
    Peter, Apr 19, 2005
    #5
  6. steve.anon

    Dave Guest

     
    Dave, Apr 19, 2005
    #6
  7.  
    David Bradley, Apr 19, 2005
    #7
  8. steve.anon

    Alex Heney Guest

    So you think the response is "implying" something that is near enough
    the exact opposite of what it said.

    Interesting idea.
    The ONLY sensible option is to do BOTH.

    No matter how good your prevention, there is going to be a possibility
    of something beating it at some point.
     
    Alex Heney, Apr 19, 2005
    #8
  9. steve.anon

    Alex Heney Guest

    On Tue, 19 Apr 2005 12:40:50 +0100, David Bradley

    Only because it stated it pretty explicitly.
     
    Alex Heney, Apr 19, 2005
    #9
  10. steve.anon

    Peter M Guest

    You've completely misread my comment, if you really think what I wrote had
    the meaning you've posted! Mine was solely a response to the question as
    written, with no "implied"! The question, in case you've forgotten it:
    There's no mention in what I wrote of any anti-virus tool being replaced
    or that a firewall replaces it, merely that in my view, and one which is
    not universally felt essential, a firewall could be useful and can alert
    one to there being potentially unwanted traffic. As one example, making
    sure that Real Player on my PC does not forever 'alert me' to updates or
    new products/offers/rubbish which RealNetworks would otherwise want to
    'tell me'. Not to do with a virus, is it, but still traffic I block!
     
    Peter M, Apr 19, 2005
    #10
  11. steve.anon

    johnydeath Guest

    Your view is part correct.

    A firewall can be placed anywhere - its value is dependant on where you
    put it, with it corresponding to what it is supposed to filter to/from.

    A personal firewall is effective at the application level ie it prevents
    your programs accessing the internet or local network without your
    express permission, whereas a hardware firewall is effective at the
    network level, normally setting rules for ports, protocols and packet
    content.

    A firewall is not required for functionality, however it is extremely
    useful to maintain fuctionality of your network in light of
    viruses/malware/denial of service.
     
    johnydeath, Apr 19, 2005
    #11
  12. I find that ZAPro never does that except when I want it to.

    About the only time it chats to me is when I get email with activeX or
    html and I generally tell it to block that anyway.
     
    Mark McIntyre, Apr 19, 2005
    #12
  13. steve.anon

    Ivor Jones Guest

    At least with it asking you if you want to permit something you know that
    it's monitoring things. I'd rather a dozen popup boxes asking me if I want
    to permit something than a nasty getting in without my knowing it.

    Belt & braces never hurt anybody. If your machine is so slow it can't cope
    with the overhead of a software firewall then maybe it's time for an
    upgrade..?

    Ivor
     
    Ivor Jones, Apr 19, 2005
    #13
  14. steve.anon

    Killa Guest

    But what's the point of belt & braces if you don't have your trousers
    on?

    I think it may be time to dig out the PoC I wrote a few years back
    which allowed a Windows PC running one of these personal 'firewalls'
    to also run an FTP server which was invisible to the 'firewall' [1].
    I never put the PoC in the public domain back then, but I did exchange
    some e-mails with various suppliers - not that I was impressed by the
    responses. Perhaps now's the time to put some of the hype about these
    products into an early grave [2].

    [1] Not by disabling the f/w in any sense, but by using the fact
    that you can't simply 'bolt on' an application to an inherently
    insecure computer in order to secure network communications -
    and I just happened to use an FTP server because I had some code
    to hand, it could have been anything.

    [2] The hackers seem to be getting quicker these days at converting a
    PoCs into a 'deliverable' - and it wouldn't be easy for ZA et al
    to do anything about it.
    True. Linux and BSD run perfectly well on machines that can't run
    current versions of Windows - and both of them have packet filtering
    capabilities which are far harder to compromise than a personal f/w
    on Windows. So just keep the hardware and upgrade the software.
     
    Killa, Apr 19, 2005
    #14
  15. your choice. Mine is different.

    Phil
    Tiscali - dialup speeds at Broadband prices :)

    --
     
    Phil Thompson, Apr 20, 2005
    #15
  16. steve.anon

    Ivor Jones Guest

    Fair enough, but don't come along complaining when your system gets
    infected ;-)

    Ivor
     
    Ivor Jones, Apr 20, 2005
    #16
  17. *shrug*. This is the age of the computer, two years is an eternity.
    well, in fact you can provided the app is properly designed and
    written, but I don't expect to persuade you otherwise. :-(
     
    Mark McIntyre, Apr 21, 2005
    #17
  18. steve.anon

    Killa Guest

    But clearly not long enough for MS to fixed at least one rather
    significant architectural flaw in Windows which can be exploited
    to compromise its security.
    Care to explain how - and then I'll tell you why you are wrong.
     
    Killa, Apr 22, 2005
    #18
  19. No, not really. By the tone of some of your other comments I'd hazard
    a guess you're a linux fan, and I dislike getting into OS zealotry
    wars.
     
    Mark McIntyre, Apr 22, 2005
    #19
  20. steve.anon

    Bob Eager Guest

    You don't seem to grasp that (for example) because Windows *may* be bad
    (and I am certainly no fan), that automatically makes everyting else
    good.

    Linux is a clone wannabe UNIX system, which wasn't even stable for a
    number of years. That's just one example.
     
    Bob Eager, Apr 22, 2005
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.