Firewall Required? But my Wifi is Configured

Hi All,

Well this is a question thread and not an informative one.. Lets make this informative by having a some discussion on the same and similar if possible.

What made me ask this question?
Just purchased a TP-Link TL-WR740N router which has a SPI Firewall and a few security settings like TCP-SYN Flood, UDP Flood and ICMP-Flood, VPN passthrough, Application Layer Gateway, "Ignore Ping Packet From WAN Port" and "Forbid Ping Packet From LAN Port" which can be enabled or disabled.
I have enabled most of these settings and checked at GRC for a few tests and also UPnP test at Rapid7.

Well the results were good, nothing exposed yet only that ICMP pings were found as "Ignore Ping Packet From WAN Port" isn't enabled... I am planning to enable the same.

So now since my wifi router is a bit more hardened, do my LAN pc need a additional firewall? Will it make sense? Or will it be just a resource hog doing nothing as already everything is done?

Concern is mostly incoming as 99% of the time my pc is clean with no threats lurking in so outgoing may not be an issue.

Opinions are welcomed as it will surely do some good for me and others..
Thx in Advance...

 

This has been discussed many times before in here. How do you know that all what you have in your PC, at all times, is 99% clean? You can't unless you have a layer of security that monitors the packets moving from your PC to the Internet (as the packets sent from the Internet to the PC are already covered by your hardware firewall). It may be not necessarily a firewall but an application control tool that also have the ability to monitor data trasmission.

 

Well I used CIS and hence had a control on outgoing connections via apps and anything unknown never gets passed it unless explicitly mentioned coz I am not on default rule set of CIS... And Apps running for an instance can't gets past its HIPS and more importantly over everything else I don't surf recklessly following every other link that comes my way... Also my pc is not a junkyard to install anything and everything I see, only what is necessary...

 

A router blocks inbound requests, so you do not need to worry about open or listening ports and well that is it.
A firewall should prevent malware from calling out, so if you protect your PC from being infected, you do not need it.

 

Ok Thx.. That was what I wanted to know whether that much of router protection is enough from inbound requests...
My surfing habits are quite safe so been long that I have been infected...

 

Nowadays around 85% of the infections are linked to perfectly legitimate and widely used websites been compromised. So, carefully surfing is not necessarily sufficient not to get infected.

 

Well I take that point to be right..

 

I've Enabled all settings and checked at GRC n Rapid7.. Crash Test, UPnp, All Service Port Tests and True Shealth all are passed.. Seems I can be assured that nothing naive can enter my network, unless really skilled..

As far as outbound traffic is concerned will search for some lite alternative.. If any plz suggest...