Are hardware firewalls enough?

[MangoTBG]

Especially when all of the tests @ SheildsUp! come back 100% safe?


What are your thoughts?

 

[Maggotry]

This comes up quite a bit. Do a search to find some more informative threads. Most folks recommend running a software firewall in addition to your hardware firewall.

 

[n0cmonkey]

Shields up is crap.

Hardware firewalls use firmware, which is damned close to software.

These home NAT boxes do no outbound filtering.

 

[Concillian]

YOur poll is somewhat ambiguous.

Title suggests yes = hardware firewall enough
Poll comment suggests yes = hardware firewall alone is not enough.

May confuse some people who do not read everything.

 

[drag]

One is enough, there are lots of things that make more sense to do to protect yourself then just that. Such as monitoring network connections and doing occasional network sniffing.

 

[Zugzwang152]

Originally posted by: n0cmonkey
Shields up is crap.

Hardware firewalls use firmware, which is damned close to software.

These home NAT boxes do no outbound filtering.

This man is correct. SOHO routers only filter incoming traffic. If you've downloaded a trojan or something, and it's sending out sh|t like crazy, your home router will bend over and open wide enough to accomodate all of it.

This said, I don't have a software firewall installed, and I have Win XP SP2's built-in disabled. I consider myself smart enough to know when my system is acting up, and then smart enough to fix it quickly. It also causes twice as much work when configuring a new service, such as opening filesharing/ game/ftp/http server ports, and twice as much work troubleshooting a problem.

You have to decide for youself if you're leet enough.

 

[dc5]

as long as you're careful on what you're downloading, hardware firewall should be enough.

 

[thorin]

I'm voting NO because

1) 90% of the people in these forums incorrectly refer to routers as firewalls.

Router (or NAT device) != Firewall

2) If someone is smart/resourceful enough to get past your router/nat device (or actual firewall) then a little POS software firewall isn't going to help, they deserve something for their time and effort, and you deserve to learn a lesson about configuring your hardware correctly.

Thorin

 

[Dravic]

Your always best served by having a permiter "security" network. Any buffer/layer you can give yourself from the attack the better.

An external firewall is always the best solution. If you downlaod a lot of apps then you might want to look into a software firewall to make sure no malicous software is "calling home".

I've never been a big fan of having a firewall on the target machine. There are alway new vulnerabilities, and the further away from the target you can stop the attempts the better.