Firewall myths  | | | 
December 31st, 2004, 03:42 PM
|
#1 (permalink)
| | Ultimate Member
Join Date: Mar 2003
Posts: 1,259
|
I expect this post will generate a lot of controversy but I would like to get to the bottom of the the arguments about the value of software firewalls vs. hardware based firewalls.
I have been told by several very knowledgeable persons that running a software based firewall such as those from Zonealarm, Norton, Mcafee etc. are really unnecessary and quite useless. They advocate that the hardware firewalls in most routers are much better. Better yet, or best, is to build an old machine and use it as a dedicated firewall.
Personally, I have been using Zonealarm pro and 'thought' it was working and protecting me. I now wonder if I am just gullible and it is not doing what I believed it to be doing.
I welcome all views and information.
Thanks
__________________
If you can't say something nice... SAY IT REALLY LOUD!!
| 
|  | |
December 31st, 2004, 03:47 PM
|
#2 (permalink)
| | Did you try Google yet?
Join Date: Feb 2003 Location: Buckhannon, WV
Posts: 3,468
|
I don't think it is about hardware vs. software. It is about network vs application.
What I mean is that a hardware firewall (in general) only knows about addresses and ports. It has no idea WHAT is doing the talking. So, you can either allow/deny a particular type of traffic, not an application.
Firewalls like ZoneAlarm can go by application, so you can let your browser go out port 80, but that pesky spyware may get stopped. This comes at the cost of having to yes/no everything that uses the network.
They both have their own value. Personally, I don't run a software firewall. I prefer a router. But, for the more paranoid among us, ones like ZoneAlarm may appeal to them.
__________________
My computer is bigger than yours!
| |
| | |
December 31st, 2004, 03:49 PM
|
#3 (permalink)
| | Retired mostly.
Join Date: Oct 2001 Location: Finland
Posts: 5,144
|
My view is that normal user can have a happy and full life with a software firewall.
Now I'm pretty certain that an external hardware firewall does excellent on incoming threat blocking. In a protected network, where there are no internal threats, it must be great.
Such network are rare imho.
A software firewall does what it's supposed to do, block illegal traffic. If it doesn't, it sure has fooled me. | |
| | |
December 31st, 2004, 05:25 PM
|
#4 (permalink)
| | Ultimate Member
Join Date: Oct 2001 Location: Holmen, Wisconsin US
Posts: 2,855
|
Or, you could be like me and run a hardware firewall (Microsoft MN-700) and ZoneAlarm. The hardware firewall stops the incoming badguys, and ZoneAlarm stops any outgoing badguys (can you say RealPlayer  ).
__________________
What did a tornado sound like before freight trains were invented?
| |
| | |
December 31st, 2004, 05:41 PM
|
#5 (permalink)
| | Ultimate Member
Join Date: Oct 2001 Location: Illinois
Posts: 2,977
|
here is my view: THe NAT firewall protects me perfectly from attacks on the outside. But Zone Alarm protects me from programs that are already on my computer (maybe a trojan, etc) that want to communicate with the outside network. | |
| | |
December 31st, 2004, 05:50 PM
|
#6 (permalink)
| | Senior Member
Join Date: Jul 2004 Location: New Zealand
Posts: 582
| Quote: |
Originally Posted by lost-and-found here is my view: THe NAT firewall protects me perfectly from attacks on the outside. But Zone Alarm protects me from programs that are already on my computer (maybe a trojan, etc) that want to communicate with the outside network. | Agreed | |
| | |
December 31st, 2004, 06:02 PM
|
#7 (permalink)
| | still smoke free
Join Date: Jun 2002 Location: MinneSOta
Posts: 5,239
|
Yup, a good firewall solution is more like plastic than gortex. You poke the holes through the plastic that you want to use, and that's it.
Gortex lets nothing in, but everthing out.
Sometimes plastics is better 
now back to your regularily scheduled bad analogies. | |
| | |
December 31st, 2004, 06:12 PM
|
#8 (permalink)
| | Did you try Google yet?
Join Date: Feb 2003 Location: Buckhannon, WV
Posts: 3,468
|
The big problem with things like ZA is that because it runs on the PC, it can be compromised via spy/malware.
I am sure they thought of this, but something to keep in mind.
What I would like to see is a consumer hardware firewall with the ability to write point to point rules. Where you can specify src and dst IP and such. Along with some basic traffic accounting. All the software products I have seen for Linksys are pretty much crap. | |
| | |
December 31st, 2004, 06:55 PM
|
#9 (permalink)
| | Ultimate Member
Join Date: Jun 2002 Location: Vancouver, WA, USA
Posts: 2,696
|
I have an extremely security paranoid client that insists on running everything available. He has a router, ZA, and has enabled the XP SP2 firewall. I tried to tell him AVG, XP SP2 firewall, and AdAware Personal were enough to stop stuff, but he insisted on running ZA.
Well he since had to rebuild his computer because he got a TON of spyware. I prefer a hardware router/firewall solution as well. Enabling the XP SP2 firewall has proven useful as well. Generally stops network borne viruses from spreading from machine to machine on an internal network.
-Chris
__________________
http://www.implexant.com
| |
| | |
December 31st, 2004, 08:09 PM
|
#10 (permalink)
| | Ultimate Member
Join Date: Mar 2003
Posts: 1,259
|
I have a couple of old machines setting around. If I wanted to build one as a dedicated firewall how would I go about doing that? | |
| | | Thread Tools | Search this Thread | | | | |
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | | | | Most Active Discussions  | | | | |   Recent Discussions  | | | | |
 |
hardware
prices 
