Can a router firewall replace a software firewall?

Discussion in 'Computer Support' started by Sentinel, May 14, 2005.

  1. Sentinel

    Sentinel Guest

    I've ordered a netgear router modem which has a hardware firewall (to
    replace my annoying 'cross-over cable with ADSL modem attached to one PC'
    setup:

    http://www.netgear.co.uk/wired_broadband_router_dg834.php

    My question is:

    Is the hardware firewall on a router a good replacement for a software
    firewall (such as McAfee) and is it possible to 'open ports' on a hardware
    firewall (like you can in McAfee)?

    Are there any other points I should be considering in this setup? Thanks in
    advance.
     
    Sentinel, May 14, 2005
    #1
    1. Advertisements

  2. Sentinel

    why? Guest

    Not as good as a dedicated hardware firewall.
    Usually yes.

    You did read the manual?

    You did look at previous posts in 24hshd, meaning you found
    http://www.portforward.com/
    http://www.practicallynetworked.com/

    http://smallnetbuilder.com/
    http://www.windowsnetworking.com
    http://www.homenethelp.com/
    http://www.homepcnetwork.com/

    Posting for advice before ordering.

    Keeping a software firewall in place.

    The router / firewall is handy for external protection, the software on
    each PC for internal.

    Even better each PC has a different software fw.

    Me
     
    why?, May 14, 2005
    #2
    1. Advertisements

  3. Sentinel

    Sentinel Guest

    Thanks. Ignore the port question, I missed it in the manual originally.

    Going by your advice, if I had a totally secure 'internal' network (i.e. me
    being the only person using the 2 pc's on network) I wouldn't really need a
    software firewall?

    Regards
     
    Sentinel, May 14, 2005
    #3
  4. No offence intended, but...
    How do you arrive at that conclusion???

    As I read it, why? gave 2 bits of advice...
    The hardware firewall in a router is not as good as a dedicated hardware
    firewall.
    It is usually possible to open ports on a hardware firewall.

    Also, how do you have a "totally secure 'internal' network" just because
    you are the only person using the 2 PC's?

    Did I miss some posts?
     
    The Muffin Man, May 14, 2005
    #4
  5. Sentinel

    why? Guest

    You figure that how?

    I have Outpost FW on several PCs (there is a router with basic port
    blocking) most everything in the Outpost Active Content (scripting /
    external content / flash / referrer) options disabled and the allowed
    website list is add to view, not view by default.

    Other PCs have more relaxed rules and I don't police the users on that,
    however 2 people use lots of games cheats sites and the logs are an eye
    opener.

    One never knows what is hidden on webpages / bad downloads there are
    until after something happens.

    A good example is at work, a few weeks ago. The setup is firewalls,
    proxy blocking , content and sites by URL , mail blocking (that's some
    major heavy duty kit many 1000's of users). Users (most) don't have
    local admin rights and yet I still spent almost 6 hours removing trojans
    for sex sites from a few machines.
    Another is the internal LAN/WAN is meant to be trusted , the Internet
    isn't however when something like sasser / blaster gets on 1 PC it's
    100's within minutes.
    One test was to do a clean build (CD only , no SP etc) and wait less
    than a minute for it to be infected.

    Only one of my home PCs is fairly wide open with respect to internet
    access and it's a non Windows box and I have been lucky so far nothing
    has happened.
    <snip>

    Me
     
    why?, May 14, 2005
    #5
  6. An appliance that meets the specs in the link for *What does a FW do* the
    ones that protect networks and have true FW software will out class a $50
    PFW solution or NAT (no FW router).

    http://www.vicomsoft.com/knowledge/reference/firewalls1.html

    The NAT router and the Netgear is a NAT router with FW like features such as
    SPI are good enough in the home protection by stopping unsolicited inbound
    traffic to the network by not forwarding unsolicited requests, and the user
    doesn't do high risks things like port forwarding.

    http://www.homenethelp.com/web/explain/about-NAT.asp
    Some people say that if you practice safe hex and not have the happy fingers
    the click on unknown things, *harden* the O/S to attack, if have a O/S that
    can be harden, watch the router's logs with a log viewer to watch inbound
    and outbound traffic, and run a good AV on the machines, then that's all you
    need.

    On the other hand, some say to use a personal firewall solution, which is
    not a FW since it doesn't separate two networks it only provides protection
    of the O/S, services and Internet programs at the machine level, then one
    uses a PFW solution that can stop outbound by port or IP to supplement the
    NAT router.

    You should learn more about FW(s). A NAT router with FW like features is not
    a FW appliance and personal firewall solution is not a FW in the true since.
    And the NAT router is not running true FW software either. And something
    for home usage with a modem router setup is not an appliance running a true
    FW. They do have low-end FW appliances that are affordable.

    http://www.more.net/technical/netserv/tcpip/firewalls/

    Duane :)
     
    Hate K-CSC -- Duane ;-\), May 14, 2005
    #6
  7. Sentinel

    127.0.0.1 Guest

    it's easy to have a completely secure internal network. just turn off your
    external internet connection.
    you can do this by unpluging your ethernet cable from the cablemodem and
    locking your doors to your home.

    -a|ex
     
    127.0.0.1, May 14, 2005
    #7
  8. Sentinel

    Evan Platt Guest

    On Sat, 14 May 2005 09:28:58 +0100, "Sentinel" <<Remove to email>
    I'd use both. I've recently started using a hardware firewall
    completely, and just added Sygate.

    I was amazed at how many programs were calling home. Not any more.
     
    Evan Platt, May 14, 2005
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.