What are the benefits of a software firewall if you already have a hardware firewall?

[Noriaki]

What are the benefits of a software firewall if you already have a hardware firewall?

So at home I'm running a Linksys BEFSR41 which has a hardware firewall built into it.

My Windows machine sitting behind that firewall could also run a software firewall, the question, what does that gain me?

A software firewall on your machine will give you the options to block outgoing internet traffic on an application by applicationi basis rather than using port by port filters on the hardware.

So I can more easily block out going traffic.

Are there any other major benefits to running a software firewall if you are already behind a hardware firewall?

 

[oog]

If you have multiple computers behind that hardware firewall, then you have to decide if it is possible for one of those machines to spread problems. For instance, if you plug in a laptop into your home network, and the laptop was infected while it was outside, then the hardware firewall won't protect your other machines at home.

 

[ethebubbeth]

Also, if you're paranoid you can use the software firewall to monitor what is making requests out to the internet from your box. Otherwise, i wouldn't bother with a software firewall (i have a BEFSR41 too).

 

[notoriousformula]

I have a Linksys BEFSR41 too, but i still use Sygate Pro V5, nice interface, tells me whats going in and out, applications running etc.

 

[Noriaki]

Right now I just have 1 machine, my Windows box. (It's WinXP at the moment, but it will probably be Win2000 again in the not to distant future).

I'm also planning to add a Linux box to my network as well.

Probably just have the 1 Windows box for a good long while.

 

[Mday]

NAT is not a firewall.

a good firewall program comes with a logger. it will log anything that you will allow. network utilization being the key here. broadband routers dont tend to have a program level security, just port\domain\mac addy, etc. something like norton internet security, based on atguard, will log anything and everything that uses any network bandwidth. it also has ad blocking capabilities and a more advanced cookie management capabilities than IE6. if you enable the firewall of NIS, you will know when any program is trying to access the internet, or dial home (worms).

 

[Noriaki]

NAT is not a firewall...I know this...

Isn't the Linksys BEFSR41 both a NAT router and a firewall rolled into one package?

it says that in the manuals, and it certainly seems to do both in my usage...

And it can log incoming and outgoing (by node, not application) traffic if you tell it to.

It blocks off ports, so that only ports you set up to forward to a machine on the LAN can be acccessed, all other ports are refused connection...isn't that the basic premise behind a hardware firewall?

I'm not that good on networking stuff...so maybe I'm mistaking what a firewall is...

 

[wetcat007]

Originally posted by: Mday
NAT is not a firewall.

a good firewall program comes with a logger. it will log anything that you will allow. network utilization being the key here. broadband routers dont tend to have a program level security, just port\domain\mac addy, etc. something like norton internet security, based on atguard, will log anything and everything that uses any network bandwidth. it also has ad blocking capabilities and a more advanced cookie management capabilities than IE6. if you enable the firewall of NIS, you will know when any program is trying to access the internet, or dial home (worms).

Well, for the most part, what a firewall is needed for NAT will cover it, although it don't log anything, I've never been able to get a trojan to work through it, unless u forward ports on the router, and that's one of the biggest problems for people often times. Things like the recent Blaster worm, wont infect computers inside the network, because it need certain ports to be open, and the router does not use windows, so it just gets router ports, which are uninfected, and never see's the other computers.

While software firewalls have their uses, NAT is more than enuff as long as u have urself a virus scanner, and knowledge of viruses, and how they are generally put together and how they work see astalavista for any info u need on that stuff.

Software firewalls can actually often times be weaker to trojans than a NAT, because many trojans like Net-Devil 1.5 or Pest4, sucessfully shutdown major name software firewalls, I don't know if the makers fixed that yet or not though, people then could easily remotly access the computer.

Companies make hardware firewalls that are far beyond NAT, but they cost a lot, and can sometimes slow down ur net surfing, although it'd only do that if if u had a higher speed connection than it could handle.

Anyways i gotta end this post.

 

[Arcanedeath]

I'd still suggest running a software firewall behind a linksys router, I have one and still use zone alarm pro behind the router on all the PC's on my network, NAT is NOT a firewall, it will stop some virii because it closes off certian ports, but won't stop anything from getting in on your open ports, also in general it will still reply that the port is closed as opposed to stealth'd (eg not there at all) like a good software firewall would thus letting hackers know your PC is actualy there, Also NAT doesn't really block anything going out or anything thats already behind it on your LAN, so in closing if you care about security at all, either get a good True hardware firewall or a solid software one. Just my 2 cents.... and hope this helps....

 

[wetcat007]

Originally posted by: Arcanedeath
I'd still suggest running a software firewall behind a linksys router, I have one and still use zone alarm pro behind the router on all the PC's on my network, NAT is NOT a firewall, it will stop some virii because it closes off certian ports, but won't stop anything from getting in on your open ports, also in general it will still reply that the port is closed as opposed to stealth'd (eg not there at all) like a good software firewall would thus letting hackers know your PC is actualy there, Also NAT doesn't really block anything going out or anything thats already behind it on your LAN, so in closing if you care about security at all, either get a good True hardware firewall or a solid software one. Just my 2 cents.... and hope this helps....

Um well i hope u can trust ur other computers on ur home network...