Firewall Required? But my Wifi is Configured

Discussion in 'other firewalls' started by ginzon, Jun 18, 2014.

Thread Status:
Not open for further replies.
  1. ginzon

    ginzon Registered Member

    Joined:
    Sep 6, 2009
    Posts:
    80
    Hi All,

    Well this is a question thread and not an informative one.. Lets make this informative by having a some discussion on the same and similar if possible.

    What made me ask this question?
    Just purchased a TP-Link TL-WR740N router which has a SPI Firewall and a few security settings like TCP-SYN Flood, UDP Flood and ICMP-Flood, VPN passthrough, Application Layer Gateway, "Ignore Ping Packet From WAN Port" and "Forbid Ping Packet From LAN Port" which can be enabled or disabled.
    I have enabled most of these settings and checked at GRC for a few tests and also UPnP test at Rapid7.

    Well the results were good, nothing exposed yet only that ICMP pings were found as "Ignore Ping Packet From WAN Port" isn't enabled... I am planning to enable the same.

    So now since my wifi router is a bit more hardened, do my LAN pc need a additional firewall? Will it make sense? Or will it be just a resource hog doing nothing as already everything is done?

    Concern is mostly incoming as 99% of the time my pc is clean with no threats lurking in so outgoing may not be an issue.

    Opinions are welcomed as it will surely do some good for me and others..
    Thx in Advance...
     
  2. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,731
    Location:
    localhost
    This has been discussed many times before in here. How do you know that all what you have in your PC, at all times, is 99% clean? You can't unless you have a layer of security that monitors the packets moving from your PC to the Internet (as the packets sent from the Internet to the PC are already covered by your hardware firewall). It may be not necessarily a firewall but an application control tool that also have the ability to monitor data trasmission.
     
  3. ginzon

    ginzon Registered Member

    Joined:
    Sep 6, 2009
    Posts:
    80
    Well I used CIS and hence had a control on outgoing connections via apps and anything unknown never gets passed it unless explicitly mentioned coz I am not on default rule set of CIS... And Apps running for an instance can't gets past its HIPS and more importantly over everything else I don't surf recklessly following every other link that comes my way... Also my pc is not a junkyard to install anything and everything I see, only what is necessary...
     
  4. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    A router blocks inbound requests, so you do not need to worry about open or listening ports and well that is it. :ninja:
    A firewall should prevent malware from calling out, so if you protect your PC from being infected, you do not need it.
     
    Last edited: Jun 18, 2014
  5. ginzon

    ginzon Registered Member

    Joined:
    Sep 6, 2009
    Posts:
    80
    Ok Thx.. That was what I wanted to know whether that much of router protection is enough from inbound requests...
    My surfing habits are quite safe so been long that I have been infected...
     
  6. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,731
    Location:
    localhost
    Nowadays around 85% of the infections are linked to perfectly legitimate and widely used websites been compromised. So, carefully surfing is not necessarily sufficient not to get infected. ;)
     
  7. ginzon

    ginzon Registered Member

    Joined:
    Sep 6, 2009
    Posts:
    80
    Well I take that point to be right.. :D
     
  8. ginzon

    ginzon Registered Member

    Joined:
    Sep 6, 2009
    Posts:
    80
    I've Enabled all settings and checked at GRC n Rapid7.. Crash Test, UPnp, All Service Port Tests and True Shealth all are passed.. Seems I can be assured that nothing naive can enter my network, unless really skilled..

    As far as outbound traffic is concerned will search for some lite alternative.. If any plz suggest...
     
Loading...
Thread Status:
Not open for further replies.