Is Software Firewall Necessary with a H/W already running?

It's still a good idea. In particular, most software firewalls also monitor outgoing data on a PER PROGRAM basis. You can control excactly which programs have access and prevent anything being sent, even if it's a common port like 80.

Basically, unless you have a VERY fast connection, and a VERY slow computer, the speed loss shouldn't be a big deal, if it's even detectable. You could always help things a bit by setting the software firewall to allow all incoming, if you believe the hardware firewall will fully protect you.

Just remember that just blocking data ports alone doesn't cut it these days. With spyware, adware, trojans, etc.. you need help on actual program control.

Reply to
Andrew Rossmann
Loading thread data ...

I finally purchased a hardware firewall (Netgear FVS318). Alot of helpful people in the group suggested I go hardware to free some resources and cycles. However, I have seen some people that use BOTH H/W and S/W firewall. I scanned my system with ShieldsUp! and found everything is stealth. My question is:

Do I still need a software firewall with this hardware one installed?

Thanks in advance!!!

- Robert Smith

Reply to
Robert Smith
7/30/2004 5:24:33 PM

excactly

detectable.

replying!

Good advice Andrew! Thanks!!

Reply to
Robert Smith

Ask yourself the following questions:

  1. Are you the exclusive user of your computing system(s)?
  2. Do you apply and enforce safe computing practices on your equipment?
  3. Do you engage in p2p file sharing across the Internet?
  4. Do you rigorously patch new found Windows exploits (I know-that's a full-time job)?
  5. Do you use IE and Outlook/OE mail clients as your primary browser and e-mail client?

I wouldn't bother adding a client PFW, unless you can't control your computing environment or your behavior.

Reply to
optikl

You're correct, assuming he can't control himself or his computing environment. Let's hope that's not the case.

Reply to
optikl
7/30/2004 5:44:08 PM

installed?

firewall to

actual program

I can control, but my wife also uses the system...

Reply to
Robert Smith

No... :(

equipment?

Yes!

No.

that's a

Yes.

browser and

Yes. (Wife uses OE and I use Outlook 2k3)

I am extremely careful, but can't always vouch for my wife - if she has a friend send her something, she might click before she looks... :(

Reply to
Robert Smith

In general I would say that you don't need the PC based personal firewall application, but since most users are unable to manage their machines you may want to keep using it.

If your router, and that's what it is, not a real firewall, has logging ability, and you can run a real-time capture program that will let you watch the in/out bound traffic by IP/Port, and if you check it frequently, then you really don't need to bother with the local copy on your PC.

In the early days, when I was using a NAT device, I never had any problems, but I used WallWatcher as a means to monitor what was entering and leaving my network, it was an invaluable tool in the overall scheme of network protection.

Reply to
Leythos

The problem is, with virus's now being backdoors in disguise, and holes in Windows and IE being found every day, you need all the help you can get. Even if you practice safe computing, you never know if even a valid web site hasn't been hacked and tries to download something.

Reply to
Andrew Rossmann

Yes, web-sites can contain malicious content. But, safe computing is a regimen. It's not a state one attains by loading up on AV, AT and ASW utilities and PFW/IDS programs. It's about making good decisions, which means relying on grey matter rather than code.

Reply to
optikl

There are quite a number of real firewalls that inspect the contents, remove attachments by type, remove scripting, remove cookies, create alias names, etc....

Reply to
Leythos

A HW firewall will generally not look at the data content of packets. Only at port numbers, protocol types, packet states, interfaces, MAC addresses, traffic direction and such low-level things.

It can't, because by design, they have to be OS independent. (at OSI-Transport or Network layer ?) Behind the HW firewall there can be linux systems, or IBM AS400 computers, for which an PC backdoor program with extension can be totally harmless. What is harmful on one OS, is harmless on another.

Only an OS aware FW **PROGRAM** can then determin the danger, ON the machine with **THAT** OS.

Maybe there are HW Windows FW's but I dunno... You'd have to buy a new FW when upgrading Windows... yuk !! So behind the HW FW, you need a SW FW, a virusscanner, and spyware removal. All uo to date.

frgr Erik

Reply to
Erik

But can you fully trust even a big-name site? How can you guarantee they are being smart and have their security up-to-date?

Reply to
Andrew Rossmann

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.