Firewall neccessary if you have NAT ?

Discussion in 'other firewalls' started by lifehacker, Feb 24, 2006.

Thread Status:
Not open for further replies.
  1. lifehacker

    lifehacker Registered Member

    Joined:
    Feb 23, 2006
    Posts:
    44
    How important is it to have a firewall if you already have NAT?
     
  2. Mem

    Mem Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    292
    Re: Firewall if you have NAT neccessary?

    It depends on two things: 1) your network setup and 2) the amount of control you want.

    If your network has laptops that travel to hotspots or are on other networks and reconnected to your LAN - they need a software firewall. If they are now somwhat untrusted because they could get a worm, you need a software firewall. The router will stop perimeter attacks but you need to decide how secure the LAN really is. An inbound only firewall will work in this case.

    If you have some programs you want to control outbound on, you need an inbound/outbound control software firewall.

    So what does your PC require?
     
  3. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,120
    Location:
    South Texas, USA
    Re: Firewall if you have NAT neccessary?

    Given by the nick you use... I suspect you can answer that question by yourself, but well anyways a software firewall will protect outbound\inbound traffic and the hardware firewall protects inbound only like Mem stated. I wouldn't dare of using a computer with just a hardware firewall when a software firewall will give you much more security and monitoring features. If you are asking because of price, then you can try a free software firewall like sygate, zonealarm, etc. , but if its because of resource usage, then as Mem said, you have to think about your setup and the way you intend to use your internet. You can see around here that most use a software firewall anyways even behind a hardware firewall. Around here, we can just say one thing, if you want to feel safer, use a software firewall as a second line of defense.

    dja2k
     
  4. lifehacker

    lifehacker Registered Member

    Joined:
    Feb 23, 2006
    Posts:
    44
    Re: Firewall if you have NAT neccessary?

    I use Outpost firewall but am just wondering what you people here think. I know that its much safer to have a firewall even if you do have NAT, but Im wondering about how important it is. My computer is old and memory usage is something I always have to consider therefore the question.
     
  5. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,639
    Re: Firewall if you have NAT neccessary?

    i wouldnt consider a software firewall crucial if ur already protected by a hardware firewall of sorts. I however like to control my apps internet access and my computer can handle a heavier firewall such as outpost tho i use looknstop.
     
  6. me4u2005

    me4u2005 Registered Member

    Joined:
    Feb 24, 2006
    Posts:
    1
    Re: Firewall if you have NAT neccessary?

    I think Software firewall is necessary to secure network.
    You can secure your network wih Routers too but theyr can not fulfill alltypes of requirement without software's.
    In market today their are so many Hardware Firewall which runs on such a IOS whch fulfill all types of current requiremnts.Examples:

    Stateful Packet Inspection
    AnitSpam
    Anitivirus modules
    Content Filetring
    Security Client
    Zone security
    Policy Based Access
    Policy Based NAT
    Site to Site VPN
    Client to Site VPN
    Intrusion Decettion System
    Intrusion Prevention System

    But all this are done with the help of softwares runnnig over them.

    SO to fulfill current requiremnt i think software firewall is necessaty for a secure network.


    CK-NET
    "B+"
     
  7. dja2k

    dja2k Registered Member

    Joined:
    Feb 15, 2005
    Posts:
    2,120
    Location:
    South Texas, USA
    Re: Firewall if you have NAT neccessary?

    I might be wrong, but a hardware firewall might not pass all leaktests am I right?

    dja2k
     
  8. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Re: Firewall if you have NAT neccessary?

    A hardware firewall or router, depending on how configurable it is, can provide good control over permitted network traffic, but not over applications running on systems behind them and the network connections they may try to establish. As leaktest are exploits/applications running on your system, the hardware firewall or router could not stop them from running or trying to connect. They would only be effective if the attempted connection was for something not permitted by ACL's/rules. Some hardware firewalls are capable of monitoring network traffic at the application layer for things like P2P application traffic (and others) that users may try to configure to use outbound services normally permitted such as HTTP.

    Regards,

    CrazyM
     
  9. NGRhodes

    NGRhodes Registered Member

    Joined:
    Jun 23, 2003
    Posts:
    2,381
    Location:
    West Yorkshire, UK
    Re: Firewall if you have NAT neccessary?

    Ive had 3 (2 linksys and a beklin) NATs and all have been faultless in their inbound protection for me.

    A sign of a good NAT is one that has an SPI (like) firewall (to offer protection against common attacks such as DDOS) as well NAT (and one that does'nt simple reboot itself when it gets too many connections from Emule ;))

    To add to CrazyM it depends on how much you trust your OS and software running as to having some kind of outbound protection, I choose not to.

    PS, I do fire up XP's firewall when I take my laptop out and about.
     
  10. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,662
    Location:
    Throughout the USA and Canada
    Re: Firewall if you have NAT neccessary?

    has there been a recent thread on what protection the resident experts use?
     
  11. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,294
    Location:
    USA
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.