Can a router firewall replace a software firewall?

Discussion in 'Computer Support' started by Sentinel, May 14, 2005.

  1. Sentinel

    Sentinel Guest

    I've ordered a netgear router modem which has a hardware firewall (to
    replace my annoying 'cross-over cable with ADSL modem attached to one PC'
    setup:

    http://www.netgear.co.uk/wired_broadband_router_dg834.php

    My question is:

    Is the hardware firewall on a router a good replacement for a software
    firewall (such as McAfee) and is it possible to 'open ports' on a hardware
    firewall (like you can in McAfee)?

    Are there any other points I should be considering in this setup? Thanks in
    advance.
     
    Sentinel, May 14, 2005
    #1
    1. Advertising

  2. Sentinel

    why? Guest

    On Sat, 14 May 2005 09:28:58 +0100, "Sentinel" wrote:

    >I've ordered a netgear router modem which has a hardware firewall (to
    >replace my annoying 'cross-over cable with ADSL modem attached to one PC'
    >setup:
    >
    >http://www.netgear.co.uk/wired_broadband_router_dg834.php
    >
    >My question is:
    >
    >Is the hardware firewall on a router a good replacement for a software


    Not as good as a dedicated hardware firewall.

    >firewall (such as McAfee) and is it possible to 'open ports' on a hardware


    Usually yes.

    You did read the manual?

    You did look at previous posts in 24hshd, meaning you found
    http://www.portforward.com/
    http://www.practicallynetworked.com/

    http://smallnetbuilder.com/
    http://www.windowsnetworking.com
    http://www.homenethelp.com/
    http://www.homepcnetwork.com/


    >firewall (like you can in McAfee)?
    >
    >Are there any other points I should be considering in this setup? Thanks in
    >advance.


    Posting for advice before ordering.

    Keeping a software firewall in place.

    The router / firewall is handy for external protection, the software on
    each PC for internal.

    Even better each PC has a different software fw.

    Me
     
    why?, May 14, 2005
    #2
    1. Advertising

  3. Sentinel

    Sentinel Guest

    Thanks. Ignore the port question, I missed it in the manual originally.

    Going by your advice, if I had a totally secure 'internal' network (i.e. me
    being the only person using the 2 pc's on network) I wouldn't really need a
    software firewall?

    Regards

    "why?" <fgrirp*sgc@VAINY!Qznq.fpvragvfg.pbz> wrote in message
    news:...
    >
    > On Sat, 14 May 2005 09:28:58 +0100, "Sentinel" wrote:
    >
    >>I've ordered a netgear router modem which has a hardware firewall (to
    >>replace my annoying 'cross-over cable with ADSL modem attached to one PC'
    >>setup:
    >>
    >>http://www.netgear.co.uk/wired_broadband_router_dg834.php
    >>
    >>My question is:
    >>
    >>Is the hardware firewall on a router a good replacement for a software

    >
    > Not as good as a dedicated hardware firewall.
    >
    >>firewall (such as McAfee) and is it possible to 'open ports' on a hardware

    >
    > Usually yes.
    >
    > You did read the manual?
    >
    > You did look at previous posts in 24hshd, meaning you found
    > http://www.portforward.com/
    > http://www.practicallynetworked.com/
    >
    > http://smallnetbuilder.com/
    > http://www.windowsnetworking.com
    > http://www.homenethelp.com/
    > http://www.homepcnetwork.com/
    >
    >
    >>firewall (like you can in McAfee)?
    >>
    >>Are there any other points I should be considering in this setup? Thanks
    >>in
    >>advance.

    >
    > Posting for advice before ordering.
    >
    > Keeping a software firewall in place.
    >
    > The router / firewall is handy for external protection, the software on
    > each PC for internal.
    >
    > Even better each PC has a different software fw.
    >
    > Me
     
    Sentinel, May 14, 2005
    #3
  4. Sentinel < wrote:
    > Thanks. Ignore the port question, I missed it in the manual originally.
    >
    > Going by your advice, if I had a totally secure 'internal' network (i.e. me
    > being the only person using the 2 pc's on network) I wouldn't really need a
    > software firewall?
    >
    > Regards


    No offence intended, but...
    How do you arrive at that conclusion???

    As I read it, why? gave 2 bits of advice...
    The hardware firewall in a router is not as good as a dedicated hardware
    firewall.
    It is usually possible to open ports on a hardware firewall.

    Also, how do you have a "totally secure 'internal' network" just because
    you are the only person using the 2 PC's?

    Did I miss some posts?

    >
    > "why?" <fgrirp*sgc@VAINY!Qznq.fpvragvfg.pbz> wrote in message
    > news:...
    >
    >>On Sat, 14 May 2005 09:28:58 +0100, "Sentinel" wrote:
    >>
    >>
    >>>I've ordered a netgear router modem which has a hardware firewall (to
    >>>replace my annoying 'cross-over cable with ADSL modem attached to one PC'
    >>>setup:
    >>>
    >>>http://www.netgear.co.uk/wired_broadband_router_dg834.php
    >>>
    >>>My question is:
    >>>
    >>>Is the hardware firewall on a router a good replacement for a software

    >>
    >>Not as good as a dedicated hardware firewall.
    >>
    >>
    >>>firewall (such as McAfee) and is it possible to 'open ports' on a hardware

    >>
    >>Usually yes.
    >>
    >>You did read the manual?
    >>
    >>You did look at previous posts in 24hshd, meaning you found
    >>http://www.portforward.com/
    >>http://www.practicallynetworked.com/
    >>
    >>http://smallnetbuilder.com/
    >>http://www.windowsnetworking.com
    >>http://www.homenethelp.com/
    >>http://www.homepcnetwork.com/
    >>
    >>
    >>
    >>>firewall (like you can in McAfee)?
    >>>
    >>>Are there any other points I should be considering in this setup? Thanks
    >>>in
    >>>advance.

    >>
    >>Posting for advice before ordering.
    >>
    >>Keeping a software firewall in place.
    >>
    >>The router / firewall is handy for external protection, the software on
    >>each PC for internal.
    >>
    >>Even better each PC has a different software fw.
    >>
    >>Me

    >
    >
    >
     
    The Muffin Man, May 14, 2005
    #4
  5. Sentinel

    why? Guest

    On Sat, 14 May 2005 10:06:42 +0100, "Sentinel" <<Remove to
    email>> wrote:

    >Thanks. Ignore the port question, I missed it in the manual originally.
    >
    >Going by your advice, if I had a totally secure 'internal' network (i.e. me
    >being the only person using the 2 pc's on network) I wouldn't really need a
    >software firewall?


    You figure that how?

    I have Outpost FW on several PCs (there is a router with basic port
    blocking) most everything in the Outpost Active Content (scripting /
    external content / flash / referrer) options disabled and the allowed
    website list is add to view, not view by default.

    Other PCs have more relaxed rules and I don't police the users on that,
    however 2 people use lots of games cheats sites and the logs are an eye
    opener.

    One never knows what is hidden on webpages / bad downloads there are
    until after something happens.

    A good example is at work, a few weeks ago. The setup is firewalls,
    proxy blocking , content and sites by URL , mail blocking (that's some
    major heavy duty kit many 1000's of users). Users (most) don't have
    local admin rights and yet I still spent almost 6 hours removing trojans
    for sex sites from a few machines.
    Another is the internal LAN/WAN is meant to be trusted , the Internet
    isn't however when something like sasser / blaster gets on 1 PC it's
    100's within minutes.
    One test was to do a clean build (CD only , no SP etc) and wait less
    than a minute for it to be infected.

    Only one of my home PCs is fairly wide open with respect to internet
    access and it's a non Windows box and I have been lucky so far nothing
    has happened.

    >Regards
    >
    >"why?" <fgrirp*sgc@VAINY!Qznq.fpvragvfg.pbz> wrote in message
    >news:...
    >>
    >> On Sat, 14 May 2005 09:28:58 +0100, "Sentinel" wrote:
    >>
    >>>I've ordered a netgear router modem which has a hardware firewall (to
    >>>replace my annoying 'cross-over cable with ADSL modem attached to one PC'
    >>>setup:
    >>>
    >>>http://www.netgear.co.uk/wired_broadband_router_dg834.php
    >>>
    >>>My question is:
    >>>
    >>>Is the hardware firewall on a router a good replacement for a software

    >>
    >> Not as good as a dedicated hardware firewall.
    >>
    >>>firewall (such as McAfee) and is it possible to 'open ports' on a hardware

    >>
    >> Usually yes.
    >>
    >> You did read the manual?


    <snip>

    Me
     
    why?, May 14, 2005
    #5
  6. "Sentinel >" <<Remove to email> wrote in message
    news:...
    > I've ordered a netgear router modem which has a hardware firewall (to
    > replace my annoying 'cross-over cable with ADSL modem attached to one PC'
    > setup:
    >
    > http://www.netgear.co.uk/wired_broadband_router_dg834.php
    >
    > My question is:
    >
    > Is the hardware firewall on a router a good replacement for a software
    > firewall (such as McAfee) and is it possible to 'open ports' on a hardware
    > firewall (like you can in McAfee)?


    An appliance that meets the specs in the link for *What does a FW do* the
    ones that protect networks and have true FW software will out class a $50
    PFW solution or NAT (no FW router).

    http://www.vicomsoft.com/knowledge/reference/firewalls1.html

    The NAT router and the Netgear is a NAT router with FW like features such as
    SPI are good enough in the home protection by stopping unsolicited inbound
    traffic to the network by not forwarding unsolicited requests, and the user
    doesn't do high risks things like port forwarding.

    http://www.homenethelp.com/web/explain/about-NAT.asp

    >
    > Are there any other points I should be considering in this setup? Thanks
    > in advance.


    Some people say that if you practice safe hex and not have the happy fingers
    the click on unknown things, *harden* the O/S to attack, if have a O/S that
    can be harden, watch the router's logs with a log viewer to watch inbound
    and outbound traffic, and run a good AV on the machines, then that's all you
    need.

    On the other hand, some say to use a personal firewall solution, which is
    not a FW since it doesn't separate two networks it only provides protection
    of the O/S, services and Internet programs at the machine level, then one
    uses a PFW solution that can stop outbound by port or IP to supplement the
    NAT router.

    You should learn more about FW(s). A NAT router with FW like features is not
    a FW appliance and personal firewall solution is not a FW in the true since.
    And the NAT router is not running true FW software either. And something
    for home usage with a modem router setup is not an appliance running a true
    FW. They do have low-end FW appliances that are affordable.

    http://www.more.net/technical/netserv/tcpip/firewalls/

    Duane :)
     
    Hate K-CSC -- Duane ;-\), May 14, 2005
    #6
  7. Sentinel

    127.0.0.1 Guest

    "The Muffin Man" <the.muffin.man@dotcomdotaudotcom> wrote in message
    news:4285c6ee$0$29256$...
    > Sentinel < wrote:
    >> Thanks. Ignore the port question, I missed it in the manual originally.
    >>
    >> Going by your advice, if I had a totally secure 'internal' network (i.e.
    >> me being the only person using the 2 pc's on network) I wouldn't really
    >> need a software firewall?
    >>
    >> Regards

    >
    > No offence intended, but...
    > How do you arrive at that conclusion???
    >
    > As I read it, why? gave 2 bits of advice...
    > The hardware firewall in a router is not as good as a dedicated hardware
    > firewall.
    > It is usually possible to open ports on a hardware firewall.
    >
    > Also, how do you have a "totally secure 'internal' network" just because
    > you are the only person using the 2 PC's?
    >
    > Did I miss some posts?


    it's easy to have a completely secure internal network. just turn off your
    external internet connection.
    you can do this by unpluging your ethernet cable from the cablemodem and
    locking your doors to your home.

    -a|ex
     
    127.0.0.1, May 14, 2005
    #7
  8. Sentinel

    Evan Platt Guest

    On Sat, 14 May 2005 09:28:58 +0100, "Sentinel" <<Remove to email>
    > wrote:

    >I've ordered a netgear router modem which has a hardware firewall (to
    >replace my annoying 'cross-over cable with ADSL modem attached to one PC'
    >setup:
    >
    >http://www.netgear.co.uk/wired_broadband_router_dg834.php
    >
    >My question is:
    >
    >Is the hardware firewall on a router a good replacement for a software
    >firewall (such as McAfee) and is it possible to 'open ports' on a hardware
    >firewall (like you can in McAfee)?
    >
    >Are there any other points I should be considering in this setup? Thanks in
    >advance.


    I'd use both. I've recently started using a hardware firewall
    completely, and just added Sygate.

    I was amazed at how many programs were calling home. Not any more.
    --
    To reply, remove TheObvious from my e-mail address.
     
    Evan Platt, May 14, 2005
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. J1C

    PIX to replace router

    J1C, Oct 21, 2005, in forum: Cisco
    Replies:
    5
    Views:
    514
    Walter Roberson
    Oct 24, 2005
  2. Sandi
    Replies:
    33
    Views:
    1,485
    Sheila aka Pippie
    Apr 4, 2005
  3. Replies:
    2
    Views:
    915
  4. Thomas75
    Replies:
    1
    Views:
    583
    Doug McIntyre
    Mar 17, 2008
  5. Internet Highway Traveler
    Replies:
    5
    Views:
    1,977
    Internet Highway Traveler
    Nov 14, 2009
Loading...

Share This Page