What is the best firewall software to use without a router

The NAT router that cost as much as that personal FW solution you're trying to buy. You can get a good one cheap.

Duane :)

It can't be done - you have to allow websites, email, and other services the ability to "Communicate" with your computer, it's just how life works.

If you want to prevent unsolicited remote access to your computer, then you need a barrier device, a personal firewall won't block unsolicited users from reaching your PC (as they have to reach it in order for the PFW to work). A NAT appliance with SPI is a very good option for blocking INBOUND UNSOLICITED CONNECTIONS.

If you have Win XP, the built in firewall will do it. For other OSes, I like BlackIce with the Application Control Feature turned off.

Wrong, the XP firewall has so many holes and exposures that it could be best described as swiss cheese.

Examples?

Just look for all the applications that can AUTOMATICALLY ADD exceptions, some without even prompting the user.

What to see something funny, install AOL and see how many holes if opens.

Ok. I know that. Those exceptions are easy to remove. In fact, one can set the XP firewall to not allow exceptions period. So, assuming that one has to configure any PFW to optimize security (not suggesting a PFW is preferable to an appliance, but the OP did inquire about a *software firewall* to prevent access of his computer from intruders), what's so bad about having to configure the XP firewall?

Yes, but the problem is that none of the residential users I've run into know anything about Exceptions, don't have a clue about DEP, don't have any idea that File/Printer sharing is enabled by default, don't have any idea what exceptions are in place, and answer YES to anything they are prompted for.

The appliance, by default, is setup to protect users from INBOUND UNSOLICITED traffic, BY DEFAULT. It can't be modified (if password is changed on the appliance) by rogue software on the users PC, can't be misconfigured (as long as they don't get the wireless one) by an ignorant user, etc...

I've only seen a couple people using a PFW that actually had it properly configured after more than a month.

On Sat, 31 Dec 2005 02:29:24 GMT, Leythos wrote: I have a wireless B broadband router, is it the same thing or can it be used for this ?

Your Usenet client is broken, when you posted you quoted part of it and had my name in the wrong location.

So, without knowing what model/vendor product it is, I can't say.

Some ISP's are installing Wireless routers that map everything through to a single IP, others are enabling NAT, others do wireless with a public IP on the inside...

In general, if you have a 192.168.x.y address, and you have more than one computer available to the network - meaning your ISP said you can have 10 computers (some number) on the router, then you should have NAT.

What you need to do is find a scan site (like grc.com) and have it scan your address to see if you have any exposed ports - this will tell you if you are blocking unsolicited inbound or not.

What operating system? What type of computer?

If you want to get help, maybe it would be a good idea to provide more information.

Yours, VB.

You will get nothing as an answer, as usual. This is just trolling.

Yours, VB.

\\If you had not KF me you would have seen the valid answers VB. You are the only person stating that WF is a quality product when all the people with real security jobs, paid to maintain large networks, are telling you that it's just a toy, and a toy that doesn't help after the first couple uses of the computer.

The router should offer protection from the Internet. Is the wireless secured? If not, that is perfectly acceptable. There is nothing wrong with sharing your Internet connection with your neighbors, but your own computers, wired and wireless alike, must be secured to mitigate threats on the LAN. The XP firewall is acceptable. It's already there and takes a matter of seconds to enable and it is way better than nothing. As others have pointed out, do not allow exceptions. If you require exceptions, then you must secure the wireless network.

If you take the security of your computer seriously, and you have a few hundred bucks to spend, the simplest thing to do would be to purchase an appliance-based home- or small-office firewall. Many of the manufacturers that support massive networks have SMB product lines. Check out a few of these: Check Point Sofaware (sofaware.com), Juniper Networks 5GT & HSC series, Cisco PIX, and Fortinet FortiGate. The Check Point device is the easiest of them to configure for the novice...a couple of minutes at most. PIX is probably the hardest, and the Juniper and Fortinet fall in between...but add more features (anti-virus, web filtering, etc). If you have an extra machine and some extra time, you could also build a nice Linux-based system (IPTables, SmoothWall, etc) for the cost of your time.