Hardware firewalls & Software firewalls

[ManBearPig]

Would there be any conflicts? would they make me grant access to each thing twice? What is preferred? Thanks...thinking of getting a spare linksys my bro in law has.

 

[insename2]

i dont think there would be conflicts... hardware is preferred and u only need to allow exceptions for a few apps for hardware... certain apps are already in the firmwares


Dialpad 7175 51200-51201,51210
ICU II 2019 2000-2038,2050-2051,2069,2085,3010-3030
MSN Gaming Zone 47624 2300-2400,28800-29000
PC-to-Phone 12053 12120,12122,24150-24220
Quick Time 4 554 6970-6999

 

[mechBgon]

If there'll be more than one computer on the network, then a router (what you call a hardware firewall) at the perimeter, plus firewall software on each individual PC, would be my preference.

Reason: the router keeps the Internet at bay, and the software firewalls on each PC keeps your own computers from infecting eachother if one of them catches worms... assuming you haven't neutered your software firewalls' ability to protect the PCs from eachother.

If you do get a router, you might as well lock down all ranges of ports that you don't actually need open. Basic idea explained in the second half there.

 

[insename2]

Originally posted by: mechBgon
If there'll be more than one computer on the network, then a router (what you call a hardware firewall) at the perimeter, plus firewall software on each individual PC, would be my preference.

Reason: the router keeps the Internet at bay, and the software firewalls on each PC keeps your own computers from infecting eachother if one of them catches worms... assuming you haven't neutered your software firewalls' ability to protect the PCs from eachother.

If you do get a router, you might as well lock down all ranges of ports that you don't actually need open. Basic idea explained in the second half there.

heh, funny website... pizza

 

[mechBgon]

Originally posted by: insename2

Originally posted by: mechBgon
If there'll be more than one computer on the network, then a router (what you call a hardware firewall) at the perimeter, plus firewall software on each individual PC, would be my preference.

Reason: the router keeps the Internet at bay, and the software firewalls on each PC keeps your own computers from infecting eachother if one of them catches worms... assuming you haven't neutered your software firewalls' ability to protect the PCs from eachother.

If you do get a router, you might as well lock down all ranges of ports that you don't actually need open. Basic idea explained in the second half there.

heh, funny website... pizza

Aieee, stop that, now you're making me hungry! :Q


*turns oven on...

 

[ManBearPig]

Thanks mech. Helpful as usual. If i just am using this one computer, the software firewall isnt so necessary then?

 

[mechBgon]

Originally posted by: Heen05
Thanks mech. Helpful as usual. If i just am using this one computer, the software firewall isnt so necessary then?

Some people like having one, some think it's sort of feeble and pointless. It usually goes like this:

pro-software-firewall guy: I want a firewall that alerts me when stuff's trying to get out. It might tip me off that something's fishy.

anti-software-firewall guy: Bah. It's trivially easy for malware to fool a software firewall by hitching a ride out on Explorer.exe, or simply using Internet Explorer's pre-granted access, or stuff like that.

pro-software-firewall guy: Well, but it's at least something. It can't hurt, and it adds a type of alerting that I can't get from a hardware firewall since the hardware firewall can't tell what program is doing the requests.


So if you value being alerted that hey, program X is trying to do stuff, Yes/No? then you want a software firewall. If you want to rigidly enforce that dang it, TCP and UDP traffic on ports 444 through 65535 are NOT allowed, because I said so, end of discussion, then the router is the right tool for that job.

 

[ManBearPig]

Thanks...those alerts were getting annoying Sometimes they wouldnt save and id have to keep specifying.

 

[McPudd]

I have a hardware firewall in my router and also use a software firewall (ZoneAlarm free).

To oversimplify, the hardware firewall keeps track of what my system has made specific requests for
and compares that to traffic arriving at my ports. Previously requested items are allowed and the unsolicited
are not acted upon so my ports remain invisible to them.

If I invite something that the hardware firewall in turn allows in that contains malware which later wants to call out, the software firewall will inform
me that a new process is trying to do so, request permission to allow it and tips me off that I'm infected.

Thats why I use both.

 

[Nick5324]

Originally posted by: mechBgon
If there'll be more than one computer on the network, then a router (what you call a hardware firewall) at the perimeter, plus firewall software on each individual PC, would be my preference.

Reason: the router keeps the Internet at bay, and the software firewalls on each PC keeps your own computers from infecting eachother if one of them catches worms... assuming you haven't neutered your software firewalls' ability to protect the PCs from eachother.

If you do get a router, you might as well lock down all ranges of ports that you don't actually need open. Basic idea explained in the second half there.

Good post as always.

Why does this man not have a custom title?!?!