|
| | | Senior Member
 
Group: Forum Members
Last Login: 8/9/2008 9:06 AM
Posts: 1,178, Visits: 2,534 |
| I used to hear people say that a hardware firewall, presumably in a router, is the best, and software firewalls are a good second choice. Lately I have read here that a router firewall is not enough, you need a software firewall in addition for more protection. I also read that a NAT firewall, typically what you find in a router, is not quite a real firewall.
What is the story here? And are some router firewalls better than others?
Thanks |
| |
| | | 
Senior Forum Advisor
Group: Senior Advisor
Last Login: 12/23/2006 5:15 PM
Posts: 2,647, Visits: 645 |
| The main reason people will use both hardware and software firewalls is that with an NAT device (hardware firewall), you don't get outgoing connection monitoring. Most people, including myself, like to have something that will tell you when a program on your machine is trying to "call out", especially in todays world of spyware. But overall, the NAT is seen as a first line of defense when it comes to protecting home networks. But it's nice to add a resource friendly software firewall (like Sygate  ) as well, if only for a little "peace-of-mind".
I'm sure others here can give a much more detailed explanation than I could about the technical aspects of NAT devices.
********************************************************************************
|
| |
| | | Forum Moderator
Group: Moderators
Last Login: 8/13/2007 11:17 AM
Posts: 3,966, Visits: 1,057 |
| A firewall is any device either hardware or software that has the capability of blocking ports inbound, outbound or both.
Most small office/home office routers are NAT devices. These will block incoming ports but as Vector states, they will not detect outbound packets. Whether it is enough or not depends on your security concerns and personal preferences. I only run a hardware firewall on my home LAN. From the router logs, the outbound traffic is not a concern to me. You can safely run a software firewall with the hardware router.
__________________________________________________ 
|
| |
| | | Forum Member
Group: Forum Members
Last Login: 8/24/2006 7:13 PM
Posts: 759, Visits: 4 |
| I agree with Relder statement that "You can safely run a software firewall with the hardware firewall." Be aware that XP comes with its own firewall. If you use McAfee, Norton, or Sygate, be sure to shut off XP.
Forever addicted to Computers :-) |
| |
| | | Senior Member
Group: Forum Members
Last Login: 8/9/2008 9:06 AM
Posts: 1,178, Visits: 2,534 |
| I found some info on router firewalls in an online PCmag article from Feb '02. It said:
In this story, we evaluate 24 home or small-office routers, putting a premium on security (especially on those intended for offices). Only two products, both from Netgear, offer a firewall that examines all data by using stateful packet inspection (SPI). The other products rely on network address translation (NAT), which helps cloak PCs from the outside world; we consider this valuable but insufficient when used alone........
Our Editors' Choice for the wired small office is the Netgear FR318 ($350 street). Security is a key issue when evaluating a router for the office environment, and the FR318 is one of only two products in our roundup that offers a firewall with SPI. All the other products rely on network address translation (NAT) for firewall security, which is good for hiding PCs from hackers, but NAT is vulnerable to port-directed and outbound attacks.......
Not one of the wireless routers we reviewed has an SPI firewall, however. We strongly recommend that business and home users add hardware or software firewalls to their wireless routers.
As I said, this is an old article. I could not yet find any more up-to-date info on this issue.
|
| |
|
|
