Chet said:
I just got my first laptop and router. I am on the internet at home via
the router which is connected to my cable modem. When taking my laptop
elsewhere, I have a Verizon network card.
I've heard, for years, that if you have a router, you don't need a
firewall.
A host based software solution like ZA is not a FW. A FW separates two
networks and sits at the junction point between the two networks, which are
usually the WAN (Wide Area Network)/Internet it's protecting from and the
network it's protecting the LAN (Local Area Network). A FW must have two
interfaces. One or more interfaces that face the WAN and one or more
interfaces that face the LAN.
In the case of a network FW that is a software solution running on a gateway
computer. the gateway computer will have one or more Network Interface Cards
(NIC;s) that face the WAN and one or more NIC's that face the LAN.
A solution like ZA and others that fall into that category are machine level
packet filters that protect at the machine level. They do not separate two
networks.
A FW device using FW software in the solution will fall into the defintion
of (What does a FW do?) that is being explained in the link below. Yes, a
FW router, a FW appliance and FW that is a host based software solution
running on a gateway computer will fall into that definition.
http://www.vicomsoft.com/knowledge/reference/firewalls1.html
A FW of the type above will be able to stop inbound and outbound traffic
with the WAN, but it can also stop inbound and outbound traffic on the LAN
between machines.
I never understood why. I suspected that the hardware of a router must be
such that people couldn't access my machine through it. Now you folks
mention a firewall (software, I guess) in the router. How do I know if I
have one in mine? It is a Buffalo Air Station Wireless G High Power
model WHR-HP-054 I don't remember turning it on or setting it up when I
installed the thing. Does my router have a firewall? Right now the
laptop has Norton Internet Security using that firewall (not the MS one)
and that antivirus. I'm planning on installing Zone Alarm free version
and a free anti-virus onto the laptop in a week or two when the Norton
subscription runs out. Does that sound reasonable? I run Vista Home
Premium.
Your router comes closer to the definition of being a FW, because of the two
interfaces it has of WAN and LAN ports. It may even be running SPI. But is
it running FW software, which you'll have to make that determination?
Here is another link that may help you in the determination.
http://www.more.net/technical/netserv/tcpip/firewalls/
For a router that cannot stop outbound traffic, some use something like ZA
or even Vista's FW/packet filter to stop outbound traffic, and I am not
talking about Application Control in some of these solutions. I am talking
about setting a FW rule to stop outbound traffic from leaving the computer
to a LAN or WAN IP.
If I have a computer such as a laptop that's connected to a foreign LAN like
a wireless cafe or the computer has a direct connection to a modem, like a
dial-up, BB or DSL modem, which is a direct connection to the Internet - no
router or other such device between the computer and the modem, then the
laptop is running Vista's FW/packet filter or some 3rd party packet filter
like ZA to protect the machine.
When the laptop is on my LAN protected by a FW appliance, its packet
filter/FW is disabled, along with the rest of the machines having their
packet filter/FW(s) disabled both MS and Linux machines. They are not needed
in my case in this situation.
You'll have to make the determination of not running the packet filters on
machines behind your router.
