How essential is a firewall?

[Muse]

Originally posted by: Nothinman
If you're not smart enough to avoid Klez and the like, you need one (well, you need more than a firewall and virus scanner but that's beside the point).

A properly setup firewall won't stop you from doing anything but it will stop others on the network and software on your box from doing things to you that you don't want them doing. It's usually a win-win situation.

It's kind of funny. My brother asked me to set up his computer the way he likes it and he mentioned a number of things. One was a shortcut to Gator in his taskbar. That's the one thing I didn't do! I'm aware that Gator is spyware. I had it installed for a short period a couple of years ago or so, and it would always pop up and ask me if I wanted it to keep my passwords for me. I didn't trust it and it never did anything for me and I removed it. Well, although I'd subsequently found out it was spyware I stopped short of trying to explain this to my brother. I figured that if he wants to use it (he obviously feels it's great), I won't try to dissuade him. The perpetrators, err, programmers, obviously feel that they are providing a service. Funny thing is, since returning from my brother's, I've started getting some strange messages when shutting down Windows 2000 on my own machine the last day or two implicating Gator! I looked in Add/Remove Programs and didn't find it. I ran AdAware and it sussed out all the Gator stuff (and there were over 50 files associated with Gator, I believe) and I removed it. I have NO idea whatsoever how Gator got into my system. Maybe on one of the DVD's I brought home the last week or two from the public library? Very sneaky application. In fact, it almost seems like a virus. :Q

 

[GonzoDaGr8]

I know that some of these routers incorporate a hardware firewall, but I don't know what that is.

They kind of do it naturaly by letting it be the only thing visible to the internet, Not your actuall machine.

What's the process of setting up something like that?

Actually very easy. Also helps to RTFM. Go to a site like D-link and peruse around a while. Good info on what they do and what you need.

 

[Muse]

Originally posted by: GonzoDaGr8

I know that some of these routers incorporate a hardware firewall, but I don't know what that is.

They kind of do it naturaly by letting it be the only thing visible to the internet, Not your actuall machine.

What's the process of setting up something like that?

Actually very easy. Also helps to RTFM. Go to a site like D-link and peruse around a while. Good info on what they do and what you need.

I almost bought the D-Link D-704, I think it was called. Had HW firewall, but I read some posts from folks who had some trouble with them so I deferred. Figure to maybe pick up a Linksys. Thanks for the link, though. Maybe D-Link has updated things. I think there were some firmware issues.

 

[GonzoDaGr8]

I almost bought the D-Link D-704, I think it was called. Had HW firewall, but I read some posts from folks who had some trouble with them so I deferred. Figure to maybe pick up a Linksys. Thanks for the link, though. Maybe D-Link has updated things. I think there were some firmware issues.

I use the DI-704 (That is why I gave you the d-link link, as I have not used any others) and have reffered them to others I work with. No problems so far

 

[Doh!]

Those under-$100 routers do not incorporate a real "hardware" firewall. They just have a software firewall running within the routing device. However, there was a hot deal posted regarding a cheap, real hardware firewall w/ routing capabilities a few weeks ago.

 

[Muse]

Originally posted by: Doh!
Those under-$100 routers do not incorporate a real "hardware" firewall. They just have a software firewall running within the routing device. However, there was a hot deal posted regarding a cheap, real hardware firewall w/ routing capabilities a few weeks ago.

Is it alive?

 

[Nothinman]

Those under-$100 routers do not incorporate a real "hardware" firewall. They just have a software firewall running within the routing device

Then explain to me the difference between a 'hardware' firewall and a 'software' firewall.

 

[GonzoDaGr8]

Originally posted by: Nothinman

Those under-$100 routers do not incorporate a real "hardware" firewall. They just have a software firewall running within the routing device

Then explain to me the difference between a 'hardware' firewall and a 'software' firewall.

Hmmm...Got me curious too. Please explain or link to where you found this info Doh!

 

[n0cmonkey]

Originally posted by: GonzoDaGr8

Originally posted by: Nothinman

Those under-$100 routers do not incorporate a real "hardware" firewall. They just have a software firewall running within the routing device

Then explain to me the difference between a 'hardware' firewall and a 'software' firewall.

Hmmm...Got me curious too. Please explain or link to where you found this info Doh!

A hardware firewall is a firewall that does not require software but requires firmware instead. Or that is what I am told. Just dont look up the definition of firmware, you might think it is software.

 

[Doh!]

Hmm... after reading my own post, I started to wonder the same. Well, here's what I wanted to say originally.

El cheapo routers w/ firewall functions: Very limited firewall capabilities using NAT by hiding your network from the internet behind it (more recent one have limited filtering and inspection features). Pretty effective for blocking inbound connections but malicious outbound traffic (i.e., spyware) should be monitored/controlled using a software firewall such as ZA, Tiny, Kerio, Sygate, etc.

Hardware firewall: Although a hardware firewall used to be a dedicated device having the firewall functions running on custom designed ASICs, many of recent "hardware" firewall are a low-power consumption PC appliance (using AMD/Intel & flash RAM) with firewall software. However, the firewall software in these devices are much more feature-rich & very tweakable (at minimum, it will have the ability to inspect all packets that pass through the firewall and will either permit or deny them according to the configuration. It will also keep a log of every packet that passes through the firewall).

 

[n0cmonkey]

Originally posted by: Doh!
Hmm... after reading my own post, I started to wonder the same. Well, here's what I wanted to say originally.

El cheapo routers w/ firewall functions: Very limited firewall capabilities using NAT by hiding your network from the internet behind it (more recent one have limited filtering and inspection features). Pretty effective for blocking inbound connections but malicious outbound traffic (i.e., spyware) should be monitored/controlled using a software firewall such as ZA, Tiny, Kerio, Sygate, etc.

Hardware firewall: Although a hardware firewall used to be a dedicated device having the firewall functions running on custom designed ASICs, many of recent "hardware" firewall are a low-power consumption PC appliance (using AMD/Intel & flash RAM) with firewall software. However, the firewall software in these devices are much more feature-rich & very tweakable (at minimum, it will have the ability to inspect all packets that pass through the firewall and will either permit or deny them according to the configuration. It will also keep a log of every packet that passes through the firewall).

So my pentium 133mhz machine with a hard drive running OpenBSD with PF for firewalling and NAT is what? Software? It has software on it. Hardware? Its running on hardware... Im confused now.

 

[Nothinman]

Well, here's what I wanted to say originally.

You basically described the difference between consumer routers and coporate routers. Which while they're valid points, they're far from being hardware vs software differences. Like you said, most highpowered corporate routers are now just x86 boxes with a custom OS and packet filtering software, just like installing Linux or OpenBSD on a spare machine you have laying around, sure the case isn't as cool but the effect is the same =)

It could be mentioned that software like ZA, Tiny, etc add an extra layer by allowing outbound filtering by application which can be usefull if you use a lot of untrustworthy software.

 

[n0cmonkey]

Originally posted by: Nothinman

Well, here's what I wanted to say originally.

You basically described the difference between consumer routers and coporate routers. Which while they're valid points, they're far from being hardware vs software differences. Like you said, most highpowered corporate routers are now just x86 boxes with a custom OS and packet filtering software, just like installing Linux or OpenBSD on a spare machine you have laying around, sure the case isn't as cool but the effect is the same =)

It could be mentioned that software like ZA, Tiny, etc add an extra layer by allowing outbound filtering by application which can be usefull if you use a lot of untrustworthy software.

awww you admit OpenBSD exists!

 

[Nothinman]

awww you admit OpenBSD exists!

I admit it exists, just like I admit Windows exists. I just usually prefer Linux =)

I'm even contemplating using OpenBSD when I move my Ultra1 to being my firewall.

 

[n0cmonkey]

Originally posted by: Nothinman

awww you admit OpenBSD exists!

I admit it exists, just like I admit Windows exists. I just usually prefer Linux =)

I'm even contemplating using OpenBSD when I move my Ultra1 to being my firewall.

:Q

 

[smp]

Originally posted by: n0cmonkey

Originally posted by: Doh! Hmm... after reading my own post, I started to wonder the same. Well, here's what I wanted to say originally. El cheapo routers w/ firewall functions: Very limited firewall capabilities using NAT by hiding your network from the internet behind it (more recent one have limited filtering and inspection features). Pretty effective for blocking inbound connections but malicious outbound traffic (i.e., spyware) should be monitored/controlled using a software firewall such as ZA, Tiny, Kerio, Sygate, etc. Hardware firewall: Although a hardware firewall used to be a dedicated device having the firewall functions running on custom designed ASICs, many of recent "hardware" firewall are a low-power consumption PC appliance (using AMD/Intel & flash RAM) with firewall software. However, the firewall software in these devices are much more feature-rich & very tweakable (at minimum, it will have the ability to inspect all packets that pass through the firewall and will either permit or deny them according to the configuration. It will also keep a log of every packet that passes through the firewall).

So my pentium 133mhz machine with a hard drive running OpenBSD with PF for firewalling and NAT is what? Software? It has software on it. Hardware? Its running on hardware... Im confused now.

I would say that it's a low-power consumption PC (using intel and some ram) with firewall software (PF). However, the firewall software (PF) that you're using in this device is very feature-rich & very tweakable (at minimun, it will have the ability to inspect all packets that traverse the firewall and will either forward, deny, drop or accept according to the predefined rules. It will also keep a log of all activity going across it. (not that I know sh!t about PF)

 

[skyking]

Air roboform will replace all the functions of Gator for your brother, without any of the spyware content. You can install Zonealarm, and get it completely trained for your brother's typical use in about an hour of dedicated surfing and app/ messenger running. It really does not take very long to set up, and in the process he would understand a little bit about it and what it would need from him in the future ( when you are not there to show him )
I would not have a computer exposed to the internet without some form of firewall running, and nothinman's point about outbound filtering is a good one. I had not considered it since running my freebsd firewall, but losing the outbound alerts and filtering was a step in the wrong direction, IMO.

 

[Nothinman]

I had not considered it since running my freebsd firewall, but losing the outbound alerts and filtering was a step in the wrong direction, IMO.

Depends on your habits. I don't run questionable software so outbound filtering means little to me. And for a user like his brother who thinks Gator is a good thing, a firewall won't help him because he'll just tell it to let everything out whenever it asks.

 

[skyking]

And for a user like his brother who thinks Gator is a good thing, a firewall won't help him because he'll just tell it to let everything out whenever it asks.

I was going to say much the same thing if I had heard mention of filesharing programs, such as Kazaa.
I am not overly concerned about losing the outbound filtering, but it is a way to catch some trojans.

 

[Muse]

Originally posted by: Nothinman

I had not considered it since running my freebsd firewall, but losing the outbound alerts and filtering was a step in the wrong direction, IMO.

Depends on your habits. I don't run questionable software so outbound filtering means little to me. And for a user like his brother who thinks Gator is a good thing, a firewall won't help him because he'll just tell it to let everything out whenever it asks.

It's true, my brother would just let every program do what it wants. He wouldn't want to deal with the complexities of deciding whether or not to let a program access the Internet. In fact to me this seems truer than you think. I'm thinking that if his virus definitions were up to date he probably wouldn't have suffered the meltdown from those worms. I'm hoping that NAV and Liveupdate will protect him. It worked for me for a real long time. I'm 500 miles away from him now and to set up Zonealarm I'd have to do it remotely with him on the phone and/or using Timbuktu so I can see his display and control his computer.