Hardware and Software firewall on same PC

D

dave holbon

OSNN Veteran Addict
Joined
26 May 2002
Messages
1,014
I have a Netgear DG834 ADSL modem router and a software firewall installed on all the machines on the network. I notice that on the Netgear site that they do not recommend this. The software firewall is Kaspersky and appeared to work o.k. but I have just un-installed it, appears not have made any difference.

Anyone got any views on this?

:)
 
you do not need a software firewall if you connect through a nat router. at all. ever.
 
LordOfLA said:
you do not need a software firewall if you connect through a nat router. at all. ever.
Click to expand...
Unless he's on a Windows box and wants to keep programs from "phoning home" or trojans or what have you. I don't think I would run a Windows box without something doing some sort of packet inspection.
 
There are earlier posts here about the same subject.

Hardware (NAT) firewalls only protect against inbound traffic from the internet.

Software firewalls protect against outbound traffic (worms. spyware, keystroke loggers, etc.) as well as inbound traffic looking for vulnerabilities. They also protect you from cross infection of computers on your own lan. Software firewalls are also updated as soon as new vulnerability types are identified.

So if you're feeling lucky and are absolutely positive nothing will ever get onto a machine on your LAN, or if you don't care about a worm with a keystroke logger capturing your credit card numbers, social security number etc and broadcasting out to the web, or if you cut all the floppy, cd, usb hardware and the email accounts off your LAN PC's then sure, go ahead and depend on just the Router's NAT firewall.

PS I do that on one machine on my LAN but the rest use soft and hard firewalls.
 
Also, you need a firewall if you want to protect against other PC's inside the LAN. If a PC is infected with some trojan, it could possibly infect all of your non-protected PC's in the network the same as a non-firewalled PC gets infected via the WWW.
 
Yes that’s what I thought, NAT’s do not check (by default) outgoing packets except to edit the header to amend the IP address. If this is true then setting then up correctly would take about a hundred years for each thousand PC’s on the internal network where a key logger already is installed.

Something’s adrift here surely?

:eek:
 
LordOfLA said:
you do not need a software firewall if you connect through a nat router. at all. ever.
Click to expand...
I would never have a box running without outbound monitoring and protection
 
Just re-installed kaspersky software firewall and it shut down my internet connection immediately. I have disabled it pending a look through the logs and so I can post this.

:eek: :eek: :eek:
 
okay so you load a software firewall, you get a virus that your AV software missed becuase it hasnt fetched the latest patterns yet, it kills your firewall (there are a few Win32API calls that will terminate an app and it doesn't get to argue about it) and happily sends it stuff about..

That protected you from outbound traffic how exactly?
 
The non infected PC's are now protected. ;)

I like to not have WMP call home every time it runs, I can block its traffic, also, alot of spyware/viruses do not disable firewalls and you can pick up on them rather easily when some odd new EXE is trying to reach the WWW.
 
LordOfLA said:
okay so you load a software firewall, you get a virus that your AV software missed becuase it hasnt fetched the latest patterns yet, it kills your firewall (there are a few Win32API calls that will terminate an app and it doesn't get to argue about it) and happily sends it stuff about..

That protected you from outbound traffic how exactly?
Click to expand...
a person with a hardware firewall isn't protected agains viruses by virtue of his firewall

if a person has a hardware firewall that doesn't guard against outgoing traffic it's also neccessary to have a software firewall running with it...always

plus, modern sofrware firewalls have sandboxes that refuse to allow exe's to run without permission, so a software firewall can prevent a virus while a hardware firewall won't
 
perris said:
plus, modern sofrware firewalls have sandboxes that refuse to allow exe's to run without permission, so a software firewall can prevent a virus while a hardware firewall won't
Click to expand...

agree...
 
You must log in or register to reply here.

Members online

No members online now.
Total: 523 (members: 0, guests: 523)

Affiliates

lunarsoft.net techzonez.com

- Contact us to trade links -

OSNN OSNN NTFS XP-erience

Latest profile posts

Steevo
Steevo
Also Hi EP and people. I found this place again while looking through a oooollllllldddd backup. I have filled over 10TB and was looking at my collection of antiques. Any bids on the 500Mhz Win 95 fix?
•••
Steevo
Steevo
Any of the SP crew still out there?
•••
Xie
Xie wrote on Electronic Punk's profile.
Impressed you have kept this alive this long EP! So many sites have come and gone. :(

Just did some crude math and I apparently joined almost 18yrs ago, how is that possible???
•••
N
Nismo83
hello peeps... is been some time since i last came here.
•••
Electronic Punk
Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.
•••

Forum statistics

Threads
62,015
Messages
673,494
Members
5,623
Latest member
AndersonLo
Back