Hi All, I'm running behind a hardware firewall (Router, with NAT, and Full SPI Packet Filter), and I've been looking at whether to run a software firewall like Outpost Pro , or whether a HIPS programs like ProSecurity would be more than enough? I run the occasional bit torrent downloads, but I'm careful what I download, scan with AV and anti-trojan etc. But I've always wondered whether I'm vunerable to some kinda of internet attack, or whether my hardware firewall will prevent that, while doing those kinda of downloads. Would a decent HIPS program be enough with that setup? or do I need outpost to provide a IPDS setup? Thanks in Advance
If you are always behind a NAT router, you wont have any issue with inbound attacks. With torrents, if you are not downloading hotsex.exe then you should be fine. I haven't heard of any vulnerabilities with torrent clients. What about browsing? What kind of websites do you look at? Do you goto risky websitesz?
Not really, and I use sandboxie for surfing anything that I might have a concern about. It's just looking like I can ditch the FW, and just use a HIPS.
You'll never get a definitive answer in these forums as to whether it's better to run a HIPS or software fw behind your router - or nothing at all - besides what you already have; there are far too many different opinions on the subject. Personally, I like an application software fw because it gives me the ability to control what connects to the internet and how it connects. You could try either one or both and see which one fits your needs, if there is one at all. There are firewalls such as Outpost Pro, Online Armor, PCTools and Jetico, to name but a few, that include HIPS-like features built-in to them that could provide the additional executable control that you require. It's a matter of finding the application or combination of applications that you are most satisfied with. Just search (use advanced search) the forums for keywords in thread titles. I would just recommend you don't go overboard, especially if you have never been a victim of malware. BTW, I'm only aware of routers that include DPI (Deep Packet Inspection) that could provide some protection against malware infested files while being downloaded to your pc. I'm not sure there are home routers other than something like Untangle (requires additional pc but is apparently a first-rate firewall solution) that include this feature. Maybe someone else knows.
Router with FULL SPI ? I've heard of that before, but I can't see how that could really work. The issue is, how can a router know if the incoming data is what you want to allow through the NAT firewall. (If anyone has an explanation, please go ahead !) A router would usually block completely unsolicited data. For P2P (bit torrents) you have to open one or more ports on your router. So whatever would come through those ports wouldn't be filtered by your router anyway. Same for the software firewall I think. (And if your router is anything like mine, you need to reset the router to close the ports again !) Isn't a HIPS a bit like a software firewall with extras ? P stand for Prevention, but I suppose you'd get an alert when something is already on your computer. I'd recommend real-time (and if you want to be careful, also on-demand) scanning by your antivirus program. In this case, a good antispyware program, offering real-time and on-demand protection , seems more important than a HIPS or a firewall with advanced outbound protection. A HIPS suggests PREVENTION, but I understand that a HIPS usually takes action once something is on your computer, in a way it's already too late. I've tried P2P, a long time ago, and those sites typically were swarming with spyware. If I'm wrong, feel free to enlighten me.
If ProSecurity can control network access, then the need for a software firewall is less. This is assuming you answer all the HIPS alerts correctly. If you want the finer control a software firewall can give you (ip address, port), you would need to find a HIPS that has that level of control, or use the software firewall.
