07-08-2003, 11:01 PM | #1 (permalink) |
Conspiracy Realist
Location: The Event Horizon
|
Router vs software firewall
SO many areas of computers: programming, hardware, multimedia (and allthe catagories of that), networking, on and on.
My main weakness is networking and security. Its not that I dont want to learn its a timing issue. Im having a hell of a time with firewalls. Ive been trying demos out to see which is the most user friendly. The problem I keep having is the configuration continually interferes with software thats loaded on my system ( I know thats a configuration issue, but in some cases it doesnt seem to be as easy as just finding the software and giving it clearences. Anyway I have a SMC barracade that Im using to run my cable service to multiple PCs. I understand it has a firewall in it? Is it automatically on? Is it something that has to be turned on and adjusted with software? Is it indeed better than any software firewall?
__________________
To confine our attention to terrestrial matters would be to limit the human spirit.- Stephen Hawking Last edited by Sun Tzu; 07-09-2003 at 09:27 PM.. |
07-09-2003, 12:16 AM | #2 (permalink) |
Junkie
Location: Right here
|
Your router "firewalls" the LAN side (your computers) by masking them from WAN (outside computers) identification. I'm pretty sure your router does this by dropping unauthorized pings and giving each of your computer an IP address only it knows. This should be on by default but you may have to turn in on.
A router doesn't substitute for a full firewall, however, whether it is software of hardware. A real firewall also monitors outbound trafic so trojans and other programs can't contact the WAN side (or even other stations on the LAN side for that matter) without explicit permission. The router is a good first defense but doesn't replace a software firewall--one should really use both. A hardware firewall--where a physical box seperates your computer from the scary outside world--is the optimum defence. Anyway, I think I got this mostly right. Hopefully a network guru will fix my mistakes and set you straight but this will get you rolling.
__________________
"The theory of a free press is that truth will emerge from free discussion, not that it will be presented perfectly and instantly in any one account." -- Walter Lippmann "You measure democracy by the freedom it gives its dissidents, not the freedom it gives its assimilated conformists." -- Abbie Hoffman |
07-09-2003, 03:38 AM | #3 (permalink) |
Women want me. Men fear me.
Location: Maryland,USA
|
You may want to go to one of the many sites that will probe your computer to see if you are vulnerable. Your current setup may be adequate, depending on how concerned you are with security.
Link
__________________
We all have wings, some of us just don't know why. |
07-09-2003, 05:35 AM | #4 (permalink) |
"Officer, I was in fear for my life"
Location: Oklahoma City
|
A router will block any inboud traffic where the request did not come from the lan side of the router. The exception to this is if you open any ports and allow them through. For general home use, you won't open any ports at all. For a business use, you might open the SMTP port for incoming mail if you are running a mail server, or you might open the HTTP port if you are running a web server.
As smooth said, a firewall will inspect both inbound and outbound packets to make sure nothing is connecting where it shouldn't be. For example where I work, I have an open port in the router to allow mail into my network. I can have a software firewall running on my machine to block anything coming in on that port for my machine since the mail server is not on my workstation. If you are sure you really need a firewall instead of just your router, a dedicated piece of hardware is the best way to go. |
07-09-2003, 08:20 AM | #5 (permalink) |
Fucking Hostile
Location: Springford, ON, Canada
|
Many newer personal routers are also coming with more true firewalling abilities. Netgear makes a nice one with statefull packet inspection for under US$200 that will mail logs to the user if he/she wants. It also has basic content control, if you so desire.
__________________
Get off your fuckin cross. We need the fuckin space to nail the next fool martyr. |
07-09-2003, 09:34 PM | #6 (permalink) |
Conspiracy Realist
Location: The Event Horizon
|
Thanks for the help. I went to the site that crewsor provided and it says my PC is secured well. Most of my ports are showing to be in stealth mode as well. I have allot to learn. Hardware just reminded me how much I dont know about configuring.
THanks for the info.
__________________
To confine our attention to terrestrial matters would be to limit the human spirit.- Stephen Hawking |
07-22-2003, 05:56 PM | #8 (permalink) |
I am Winter Born
Location: Alexandria, VA
|
I honestly wouldn't recommend GRC as a place to "scan your ports" as I've had it show up a lot of faulty information.
kod raises a good point about OpenBSD. I recommend hitting up your local bookstore and finding a good book on securing your network.
__________________
Eat antimatter, Posleen-boy! |
07-22-2003, 08:44 PM | #10 (permalink) |
Crazy
|
If you use a dedicated firewall box, there are some Linux distributions that are prepackaged. Also, remember that firewall boxes don't need to be the latest and the greatest. For awhile last year, I was using an old p133 running openbsd as a firewall box, it worked fine.
|
07-23-2003, 12:48 PM | #11 (permalink) |
I am Winter Born
Location: Alexandria, VA
|
From what I've heard, OpenWall is a good Linux distro to use for firewalls, as is Gentoo. OpenBSD seems to be the one that sets the bar, though, in terms of security and firewalling. It's what I use, and I highly recommend it.
__________________
Eat antimatter, Posleen-boy! |
07-27-2003, 10:16 PM | #12 (permalink) |
Upright
Location: the wireless
|
the low down
Routers use NAT. This only slows down outside requests it will not block or stop them. There are sevral programs that will help you get through NAT. You can run a firewall on your computer but if you run windows it isn't the best idea. Run a real firewall between your modem and computer. Sonicwall and Watchgaurd are leaders in this. Check them out.
__________________
wireless revolution - THE TIME IS NOW! |
07-28-2003, 07:53 AM | #13 (permalink) |
Guest
|
Sultanx is right, to a point. Most of the low end consumer equipment simply uses NAT to somewhat block outside requests. The last linksys router I had did port forwarding as well. I've got aquaintainces who admin some PiX boxes that would cringe though.
For the average user, a consumer router *and* a software firewall should provide enough protection. Hell, Windows XP's firewall might even suffice. |
Tags |
firewall, router, software |
|
|