Does a wireless computer need a HARDWARE firewall?

  • Thread starter Thread starter KingCreole
  • Start date Start date
K

KingCreole

I have been told by some that a hardware firewall is necessary to
fully protect one's wireless computer. Others say software will do.
Comments, please! Thanks so much.
 
The fact that your network is wireless is meaningless as far as having a
hardware firewall. It's the broadband connection access to your computer by
others that necessitates having a Hardware firewall (otherwise known as a
router.) Software firewalls protect different aspects of your system than a
Hardware firewall does. You ideally should have both.
 
In message <[email protected]> "DaveW"
The fact that your network is wireless is meaningless as far as having a
hardware firewall. It's the broadband connection access to your computer by
others that necessitates having a Hardware firewall (otherwise known as a
router.) Software firewalls protect different aspects of your system than a
Hardware firewall does. You ideally should have both.
Click to expand...

In fairness, it's not even broadband connection -- The fact that you
have a connection is all that matters. Speed, medium (wired, wireless,
dialup, DSL, cable, fiber, ethernet) isn't important.
 
I have been told by some that a hardware firewall is necessary to
fully protect one's wireless computer. Others say software will do.
Comments, please! Thanks so much.
Click to expand...

Your system is wireless, but you're not connecting
wirelessly to your ISP, right? It doesn't matter if your
system is wireless, you have to consider how it's hooked up
otherwise.

For example, if you have a wireless router hooked up to your
cable modem, or DSL, that router acts as a firewall, you
don't necessarily need another one.

If instead your system were connecting wirelessly to an
access point on the lan, going through a switch or hub but
not a router, to a cable modem or DSL, then you have no
firewall functionality yet and should consider a hardware
firewall or software. Personally, I'd go with the hardware
firewall (router) first, and if you feel there is an
atypically high security risk, THEN add a software firewall
too.

The one thing I would not do, is connect system straight to
a DSL or cable modem via the ethernet or USB, or wirelessly
connect to a different system one of those modems is
directly connected to (commonly ICS) and only have a
software firewall. Software, particularly running on
Windows, is inherantly less reliable... a good backup
measure rather than a primary one.
 
if you feel there is an
atypically high security risk, THEN add a software firewall
too.
Click to expand...

You need a Personal Firewall, which is typically implemented inside
your computer and therefore is a "software firewall". The main purpose
of a PF is to monitor outgoing network connections.

Trojans and other hack applications are not atypical. NAT will not
stop them from phoning home. A PF will, if set up properly.

Kerio Personal Firewall is one of the most popular.
 
If you are using XP sp1, then you already have a firewall running unless you
turned it off. If you are connecting wirelessly with a laptop, what you need
to make sure you are doing is to connect to a "secured" network rather than
an "unsecured" network. There is a learning curve here, but your wireless
network ought to be set up with WPA protection. I don't know what router you
are using, but more than likely it already has a firewall built in and it is
turned on by default.

You might want to start another post about how to secure your network
connection with WPA. I would also go to alt.internet.wireless and see if
they will help you. My experience there is that the NG is filled with a
bunch of buttheads, but you might have better luck.
 
As far as i know the firewall that comes with windows still does not monitor outgoing traffic. ZoneAlarm has always had this feature.
The firewall built into a typical router will block all incoming (from the internet) traffic by default. A software firewall such as ZoneAlarm on your PC can block all incoming traffic or be configured to allow access from selected PCs e.g. other PCs on your local network. If you are paranoid about security you will have both hardware and software firewalls.
 
You need a Personal Firewall, which is typically implemented inside
your computer and therefore is a "software firewall". The main purpose
of a PF is to monitor outgoing network connections.

Trojans and other hack applications are not atypical. NAT will not
stop them from phoning home. A PF will, if set up properly.

Kerio Personal Firewall is one of the most popular.
Click to expand...


True, it's possible they'd make outbound connections. One
alternative here is to block unused ports (or more
comprehensively allow only those expected to be used). It's
not foolproof though, things like browser hijackers can
still ride on IE's permissons through some Personal Firewall
software.

More troubling is that things were already installed to have
need to block the outgoing connections... not that it's bad
to block them but I'd take a closer look at how they managed
to be installed.
 
More troubling is that things were already installed to have
need to block the outgoing connections... not that it's bad
to block them but I'd take a closer look at how they managed
to be installed.
Click to expand...

KPF will catch each new instance and ask you if you want to allow the
outgoing connection. You can allow it for the time being and then put
a Deny on it or a popup notification. Streaming binaries are one
instance like with Real Player. Open the hole for the stream only.
 
KPF will catch each new instance and ask you if you want to allow the
outgoing connection. You can allow it for the time being and then put
a Deny on it or a popup notification. Streaming binaries are one
instance like with Real Player. Open the hole for the stream only.
Click to expand...


But, AFAIK it will not block IE, right? I mean, unless you
"allow" IE every time you use your brower, you'd have
already set it to allow IE, and when a browser extension is
used, it's "IE" the firewall sees as connecting outbound.

For any kind of security strategy, you can be sure there are
people trying to work around it. Best bet- offline backups.
 
kony said:
But, AFAIK it will not block IE, right? I mean, unless you
"allow" IE every time you use your brower, you'd have already
set it to allow IE, and when a browser extension is used, it's
"IE" the firewall sees as connecting outbound.

For any kind of security strategy, you can be sure there are
people trying to work around it. Best bet- offline backups.
Click to expand...

Around here IE still exists, but purely to allow reading some help
files. Zonealarm has been told to NEVER allow it Internet access.
Firefox and Thunderbird do most of the Internet access, aided by
the command line ftp client that comes with windows (and which was
taken from UCSD by Microsoft without even acknowledgement),
FileZilla, CURL, WGET and some other open source packages known to
not be trojans.
 
But, AFAIK it will not block IE, right?
Click to expand...

What do you mean "block IE"?
I mean, unless you
"allow" IE every time you use your brower, you'd have
already set it to allow IE, and when a browser extension is
used, it's "IE" the firewall sees as connecting outbound.
Click to expand...

KPF calculates the MD5 hash and compares it, so only the app you allow
can connect.
For any kind of security strategy, you can be sure there are
people trying to work around it. Best bet- offline backups.
Click to expand...

That's why I use removable HDs for cloning backups.
 
What do you mean "block IE"?
Click to expand...

Internet Explorer.
If you have a blanket "allow" for IE, OR if when it asks
about allowing Internet Explorer to connect, then it is
giving any browser add-ons, extensions, permission to use
Internet Explorer to connect.


KPF calculates the MD5 hash and compares it, so only the app you allow
can connect.
Click to expand...

Yes, Internet Explorer still has the same MD5, there will
not be any way it would detect this because the browser
add-on is just that, it "uses" the browser to do it's work,
just as you can click on a link in IE and have it download
and install something, a browser add-on can too, including
exploitation of any existing IE security holes.

Of course, the goal would be to have a tight reign on what
browser objects, plugins, etc are there, or completely
avoiding IE altogether and denying it access.

That's why I use removable HDs for cloning backups.
Click to expand...

Yes it is far safer to be able to restore to a point before
any infection... even with antivirus and such finding
malware or viri, it's quite common for some to download
more, newest code so the initial infection might be
eradicated but the new one persists until a backup is
restored.
 
Internet Explorer.
If you have a blanket "allow" for IE, OR if when it asks
about allowing Internet Explorer to connect, then it is
giving any browser add-ons, extensions, permission to use
Internet Explorer to connect.
Click to expand...

There is only one way to avoid problems with IE - don't use it.
 
Indeed the only way to avoid computer problems is not to use them.
Click to expand...

Not sure you understand the difference?
IE was designed to have gaping security holes. A computer
before MS software is installed is as secure as your
toaster, and should not have vulnerabilities added unless
owner expressly wants those holes open, because THEY own the
system.
 
Back
Top