????
Is it effective alone, or should it be supplemented with a firewall program also?
Is a router an effective firewall?
-
JoeAgain------
- New Member
- Posts: 12
- Joined: Tue Oct 15, 2002 8:07 am
NAT routers are effective. Whether they are enough depends on your usage and tolerance.
I used to use a NAT router and daily updates to AV. I don't download strange software so that was enough for me. Linky/netgear class routers generally only filter inbound traffic and allow all outbound.
nothing is bullet-proof.
Skye
I used to use a NAT router and daily updates to AV. I don't download strange software so that was enough for me. Linky/netgear class routers generally only filter inbound traffic and allow all outbound.
nothing is bullet-proof.
Skye
anything is possible - nothing is free
Blisster wrote:It *would* be brokeback bay if I in fact went and hung out with Skye and co (did I mention he is teh hotness?)
-
JoeAgain------
- New Member
- Posts: 12
- Joined: Tue Oct 15, 2002 8:07 am
thanks, Cyberskye
what is a NAT router?
(I do check for AV upgrades daily)
forgive me, please......but what do you mean by usage and tolerance? (I use my computer lots on the internet for personal enjoyment....(10hrs a day maybe), and don't want to tolerate Any hacking into my system)
please explain
what is a NAT router?
(I do check for AV upgrades daily)
forgive me, please......but what do you mean by usage and tolerance? (I use my computer lots on the internet for personal enjoyment....(10hrs a day maybe), and don't want to tolerate Any hacking into my system)
please explain
-
JoeAgain------
- New Member
- Posts: 12
- Joined: Tue Oct 15, 2002 8:07 am
OK,
I've used some in the past.
I used to have BlackIce but removed it after they added the "dial-out" prevention feature because the "descriptions" of the programs trying to access the internet were so cryptic that I had NO idea what they were associated with(harmful or not, and it didn't give any explanation)
I tried the free version of ZoneAlarm, but had a nightmare of a time disabling or removing it(finally having to delete my entire hard drive and rebuild my O/S)...so I'm not inclined to want either of those.
But is there a good one you'd recommend?
I've used some in the past.
I used to have BlackIce but removed it after they added the "dial-out" prevention feature because the "descriptions" of the programs trying to access the internet were so cryptic that I had NO idea what they were associated with(harmful or not, and it didn't give any explanation)
I tried the free version of ZoneAlarm, but had a nightmare of a time disabling or removing it(finally having to delete my entire hard drive and rebuild my O/S)...so I'm not inclined to want either of those.
But is there a good one you'd recommend?
Hi joeagain
NAT = Network Address Translation
Let me go on from that point. I may repeat some previous suggestions (don't get upset rmrucker or cyberskye)
A hardware firewall is usually a router which protects from 'inbound" malicious packets, but NOT 'outbound".These routers usually have a non-routable address and they use DHCP to give different TCP/IP non routable addresses to all the workstations attached to them.
So it gives you the ability to 'share' a public address from your ISP.
Now the software firewall will serve to prevent 'outgoing' malicious code from leaving your PC....it SHOULD not show any 'incoming' as the router is stopping that action.
The downside to software firewalls is the amount of resources it uses as opposed to the protection you get...that is a personal choice.
Some software firewalls of note are as follows:
OUTPOST from http://www.agnitum.com
Sygate from http://www.sygate.com
Kerio/Tiny (but you MUST know how to setup rulesets for this one)
or
Mcafee V7 Viruscan which includes a firewall
or
Norton Internet Security 2003
(The first three are free)
Other members may have used others and thay can give their own opinion.
In closing, let me say this...you MUST have an updated AV which also checks outgoing and incoming emails.
Good Luck
Also I would strongly suggest that you read the sticky notes at the top of this forum. THey have been penned by Ken, one of the mods.
If you are not sure, go here
NAT = Network Address Translation
Let me go on from that point. I may repeat some previous suggestions (don't get upset rmrucker or cyberskye)
A hardware firewall is usually a router which protects from 'inbound" malicious packets, but NOT 'outbound".These routers usually have a non-routable address and they use DHCP to give different TCP/IP non routable addresses to all the workstations attached to them.
So it gives you the ability to 'share' a public address from your ISP.
Now the software firewall will serve to prevent 'outgoing' malicious code from leaving your PC....it SHOULD not show any 'incoming' as the router is stopping that action.
The downside to software firewalls is the amount of resources it uses as opposed to the protection you get...that is a personal choice.
Some software firewalls of note are as follows:
OUTPOST from http://www.agnitum.com
Sygate from http://www.sygate.com
Kerio/Tiny (but you MUST know how to setup rulesets for this one)
or
Mcafee V7 Viruscan which includes a firewall
or
Norton Internet Security 2003
(The first three are free)
Other members may have used others and thay can give their own opinion.
In closing, let me say this...you MUST have an updated AV which also checks outgoing and incoming emails.
Good Luck
Also I would strongly suggest that you read the sticky notes at the top of this forum. THey have been penned by Ken, one of the mods.
If you are not sure, go here
A man with a watch knows what time it is. A man with two watches is never sure.
-
JoeAgain------
- New Member
- Posts: 12
- Joined: Tue Oct 15, 2002 8:07 am
thank you for that,
Thanks Everyone!
Which of those firewalls have to most understandable explanation of the "parent" program that is trying to dial-out from a user's computer?
(that was my problem with BlackIce. I'd get serious sounding pop up warnings that "zserdef.exe"(made up name for this example) is trying to access the internet. Who the heck could tell from that what it was or wasn't associated with?)
Thanks Everyone!
Which of those firewalls have to most understandable explanation of the "parent" program that is trying to dial-out from a user's computer?
(that was my problem with BlackIce. I'd get serious sounding pop up warnings that "zserdef.exe"(made up name for this example) is trying to access the internet. Who the heck could tell from that what it was or wasn't associated with?)
I mentioned NAT because not all routers use NAT. A 'pure' router offers no protection, it just forwards packets from one network to another.
I have a HW firewall that inspects inbound and outbound traffic. - cost abut $400 bucks tho. I don;t run a sw firewall at all anymore.
If you download a lot of software or executible files, you want an outbound firewall. If you don't know what a particular image name is (such as the now infamous zserdef.exe
you should deny it. If that breks something useful that you are confident is safe, then go back and allow it. best case is you would be forced to learn what all those prcesses are and then be able to answer each query with confidence.
Have fu ,
Skye
EDIT: I had fu once, it was awful -
Have FUN,
Skye
I have a HW firewall that inspects inbound and outbound traffic. - cost abut $400 bucks tho. I don;t run a sw firewall at all anymore.
If you download a lot of software or executible files, you want an outbound firewall. If you don't know what a particular image name is (such as the now infamous zserdef.exe
you should deny it. If that breks something useful that you are confident is safe, then go back and allow it. best case is you would be forced to learn what all those prcesses are and then be able to answer each query with confidence.Have fu ,
Skye
EDIT: I had fu once, it was awful -
Have FUN,
Skye
anything is possible - nothing is free
Blisster wrote:It *would* be brokeback bay if I in fact went and hung out with Skye and co (did I mention he is teh hotness?)
Originally posted by cyberskye
I have a HW firewall that inspects inbound and outbound traffic. -
Hey cyberskye
Which one is that?
Does it provide a logging feature?
Does it use SPI?
I am in the market to replace my SMC, so I am looking at what is available.
Thanks
A man with a watch knows what time it is. A man with two watches is never sure.
[SALESPITCH]Sonicwall soho3 http://www.sonicwall.com picked it up for a steal at http://www.pagecomputers.com (currently $393US) 75M bi-direction isca cert...supports syslog, decent logging and can send email alerts to your pager when an attack is detected.[/SALESPITCH]
Skye
Edit - fredra - saw this in a post by YOSC
Skye
Edit - fredra - saw this in a post by YOSC
Adding to what the above mentioned (I've worked on a Sonicwall SOHO3, they're nice...very potent).....if you're on a budget, Linksys (yes, Linksys...don't laugh)...recently came out with a more robust router with a full featured firewall...their BEFSX41 model (note the "X"). It's firewall is full featured, SPI and all. And it did very well in PCWorlds tests last month of SOHO class firewall routers....beating Netgear and Nexland. BTW...Sonicwall's SOHO3 won that roundup.
http://www.linksys.com/products/pro...rid=23&prid=433
I'm putting 2x of those new routers in next week for new client setups.
anything is possible - nothing is free
Blisster wrote:It *would* be brokeback bay if I in fact went and hung out with Skye and co (did I mention he is teh hotness?)