Windows XP firewall behind DSL-Router firewall ?

Does this make sense or do they interfere somehow? Thx for any comments.


Reply to
Michael G. Weis
Loading thread data ...

You should be fine using both. If you're trying to access your Windows XP computer from outside your network you may have trouble (though its still possible to set it up to do it). I run both a router firewall and ZoneAlarm Pro without problems. Often times you'll find the setup you have on a large network where you can't trust everyone behind your firewall router.

Even if you have one other computer on the network and its used by a family member its still not a bad idea to run the XP firewall. Here's why. Lets say your family member isn't as careful about where they surf and what they download as you are. They manage to pickup a backdoor Trojan that gets exploited. Someone else now "owns" that computer and can do what ever they want to with it. Including using it to hack your computer from behind your router's firewall! This is happening a lot on corporate networks. If you have the XP firewall turned on you'll have much more protection than if you didn't.

John H. - CISSP

formatting link
Security News

Reply to

But if the machines are sharing resources with each other and the PFW has rules to open the Windows networking ports, the machine is toast. The only possibility that could stop it is if the PFW solution was using an IDS in the solution and was able to detect the malware in the traffic and close/block port for the traffic.

Duane :)

Reply to
Duane Arnold

"Duane Arnold" wrote in news:Lq6qf.4491$

All true, but generally running a software firewall in addition to a hardware firewall isn't a bad idea. However, don't run two software firewalls together on the same machine.

Reply to

Some PFW solutions when running together will complement each other like PFW that has the IDS and PFW that doesn't have the IDS. Or one could run a PFW and a packet filter like IPsec that's on the Win 2K and up O/S(s).

If someone what's to run a PFW or a packet filter behind a NAT router that cannot stop outbound, it's not a problem. However, if on has a packet filtering FW router than can stop inbound or outbound or a FW appliance, rules can be set for a LAN IP to stop traffic either and one doesn't a PFW or packet filter on the machine.

Duane :)

Reply to
Duane Arnold Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.