Router a Firewall?

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

If my internet connection goes to my Linknsys wireless router first, do I
need the windows firewall enabled or a seperate firewall program to be
running on either computer?
 
Checkmate502 said:
If my internet connection goes to my Linknsys wireless router first, do I
need the windows firewall enabled or a seperate firewall program to be
running on either computer?
Click to expand...

Strictly speaking, the answer is no, as you'll already be protected from
inbound connection attempts. If you want a greater degree of protection,
however, I would suggest installing a third-party firewall on your
computers - specifically, something that controls outbound access. These
firewalls (kerio, zonealarm, etc) will help to ensure that programs like
spyware cannot make outbound connections - Windows Firewall doesn't control
outbound connections.

Dan
 
You should turn on the Windows XP Internet Connection Firewall
for all computers in your home network. This helps prevent the spread of
viruses or worms across your network if a computer is infected. A computer
on the network could become infected through a separate Internet connection,
such as one on a laptop that is used on your home network and on public networks.
Or a virus could be introduced to a computer on your network by way of e-mail
or software installed from a CD or floppy disk.

Internet firewalls: Frequently asked questions
http://www.microsoft.com/athome/security/protect/firewall.mspx

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect Your PC!
http://www.microsoft.com/athome/security/protect/default.aspx

----------------------------------------------------------------------------

:

| If my internet connection goes to my Linknsys wireless router first, do I
| need the windows firewall enabled or a seperate firewall program to be
| running on either computer?
 
If my internet connection goes to my Linknsys wireless router first, do I
need the windows firewall enabled or a seperate firewall program to be
running on either computer?
Click to expand...

The router will block inbound connections that your computer(s) don't ask
for, but it does nothing to block outbound connections.

This means that as long as your computers are not compromised by something
you do (even if you don't know that you're doing it) that they won't be
compromised by an external connection that you didn't invite in.

Now, you've got to ask yourself other questions - like the following:

1) Do you have quality and updated antivirus software running on ALL
computers?

2) Do you regularly check for spyware using SpyBot Search and Destroy and
AdAwareSE?

3) Do you visit questionable sites?

4) Is your browser setup for HIGH-SECURITY MODE?

5) Are you using a safer/alternative browser than IE?

6) Are you using something other than Outlook Express for email?

7) If you are using OE for email, did you update all the Office products
on your computer - Windows Update does not update Office products.

8) Do you monitor the traffic logs provided in the Linksys router? A
simple product (free) called WallWatcher will let you see all traffic
going in/out of the router if you enable logging in it - this is a great
way to see what's happening on your network.

9) Do you run as a User level account? If you're running as an
Administrator level account you're asking for problems.

10) There's more, but these 9 should be the start.
 
SOHO Routers, through NAT, act as simplistic FireWalls.

To increase their effectiveness I highly suggest blocking both TCP and UDP ports 135 ~ 139
and 445 on *any* SOHO Router.

On many Linksys Routers this can be set at the following URL --
http://192.168.1.1/Filters.htm

--
Dave




| If my internet connection goes to my Linknsys wireless router first, do I
| need the windows firewall enabled or a seperate firewall program to be
| running on either computer?
 
So can you put that in words the OP can understand answering his/her
question? Does he/she need the windows or a seperate firewall program
(software) to be running on either computer? I don't think the question was
"How to configure and close ports through NAT routing?"

"Quote: If my internet connection goes to my Linknsys wireless router
first, do I need the windows firewall enabled or a seperate firewall program
to be running on either computer?"
 
It is generally recommended to protect individual hosts with a firewall (the
Windows firewall does just fine; if you never get infected in the first
place, outbound connections are irrelevant...) and place those protected
hosts behind a firewall or router with packet filtering.
 
It is generally recommended to protect individual hosts with a firewall (the
Windows firewall does just fine; if you never get infected in the first
place, outbound connections are irrelevant...) and place those protected
hosts behind a firewall or router with packet filtering.
Click to expand...

The only people suggesting that the SP2 firewall is adequate for
protection are the non-security professionals in the group.

As a network designer and having never had a compromised network, I would
never trust any firewall product from MS to protect my networks or my
computers.

I have yet to see a third party (credible) resource that states with
certainty that the Sp2 firewall is actually capable of defending clients
workstations.

With all the people that don't have a clue about what to allow, what not
to click on when on the web, all of the compromised systems, all of the
people with File/Printer sharing enabled on a single PC networks, can you
really expect that a personal firewall app that is controlled by the
ignorant is going to protect them? NO!

A router that provides NAT is NOT a firewall, it's a router that does NAT.
NAT is not a firewall method, but a routing function. Firewalls do not
have to use NAT to protect networks. At the same time, NAT does make a
very nice first layer of defense for many networks, but, again, it's not a
firewall.

All home users that get internet access via Cable or DSL should have NAT
enabled on their ISP's modem or purchase a third-party router like the
Linksys BEFSR41. The router with NAT will do a better job protecting the
computer than the SP2 firewall.
 
I don't know what you are trying to state but by specifically blocking those ports, traffic
from those ports won't pass the LAN/WAN interface and no Internet traffic using those ports
will pass the WAN/LAN interface. A very prudent action.

--
Dave




| They are simple packet filters, and that's about it.
 
Checkmate502 said:
If my internet connection goes to my Linknsys wireless router first, do I
need the windows firewall enabled or a seperate firewall program to be
running on either computer?
Click to expand...


If you use a router with NAT, it's still a very good idea to use a
3rd party software firewall. Like WinXP's built-in firewall,
NAT-capable routers do nothing to protect the user from him/herself (or
any "curious," over-confident teenagers in the home). Again -- and I
*cannot* emphasize this enough -- almost all spyware and many Trojans
and worms are downloaded and installed deliberately (albeit unknowingly)
by the user. So a software firewall, such as Sygate or ZoneAlarm, that
can detect and warn the user of unauthorized out-going traffic is an
important element of protecting one's privacy and security. (Remember:
Most antivirus applications do not even scan for or protect you from
adware/spyware, because, after all, you've installed them yourself, so
you must want them there, right?)

I use both a router with NAT and Sygate Personal Firewall, even
though I generally know better than to install scumware. When it comes
to computer security and protecting my privacy, I prefer the old "belt
and suspenders" approach. In the professional IT community, this is
also known as a "layered defense." Basically, it comes down to never,
ever "putting all of your eggs in one basket."


--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH
 
Back
Top