Firewalls: Why we use them.

I have a question for those here. Why do we use firewalls? For most, I think it is to keep unwanted traffic out. For some other, it is to keep traffic from leaving in addition.

Can I solicit your opinions on what you use your firewall for? Are you also afraid of people on your home network attacking?

 

I use a firewall coz I want to control what software contacts the net. The inbound protecton is secondary. I have learnt that even if you´re not stealthed or even have ports open there is no worries unless the software that operates through that open port has some security holes.
Meaning that the bad guy can not do anything with simply a open port.

 

1)For outbound detection\prevention primarily.
2)I am on an 8 PC network between 2 homes. Different PCs are constantly introduced into it for various reasons. I trust the initial 8, it is the new ones I take precautions with.
3)Last but not least, a second layer of defense for inbound. Needed or not.

 

At home I have my NAT router and it's tweaked correctly and protected with a strong passphrase. One of the greatest weaknesses in many peoples PC security is in keeping the default passwords on their routers. I use a software firewall for outbound protection.

Using my laptop on the road, I am concerned about inbound and outbound protection. If the hotel room has wired Internet access, I have my NAT-enabled travel router (smaller than a paperback book) in my bag that gives me a comfort level I wouldn't otherwise have.

By the way, I disagree strongly with sukarof (post #2 above). Much damage can be done by being "wide open" on the web without inbound protection.

 

Maybe I should have added that of couse with a fully patched system. Future unknown threats I guess would be a motivation to have inbound protection. Since there is no harm in having inbound protection I´ll use it just for the sake of it.
I am no expert so I dont know what could happen with "wide open" ports, I just refer to people who are more knowledgeable than me. You are probably one of them. What damage can be done on a system with the latest patches where you have open ports and no security holes in the software that uses those open ports? What can a hacker do with lets say port 48006 that for some reason shows open when checking with grc.com?

when I turn off my inbound protection all of the ports that I check are closed and I guess that is the case for the most of us.

 

1. To prevent most intrusions or control incoming traffic (inbound)
2. To control applications that require internet usage (outbound)

 

This has been extremely elucidating. Thanks for the comments. I now have an idea that could be very good.

 

Hello,

I use the firewalls:
- To control and shape the traffic to my needs.
- To control outbound for some apps that I don't wish to be able to do so.
- To limit background noise inbound.

Mrk

 

My reasons pretty much mirror those of sukarof's and Mrk's, especially for outbound control, though I suspect I'm a little more paranoid than them

 

My reason:

- To control outbound for some apps that I don't wish to be able to do so.

I only use to control the xB Browser when it comes to Javascript and that sort of things that might send my true IP to the site connected. And to avoid unauthorized attempts from softwares that can do the same.

 

I only use inbound protection with a hardware firewall. Outbound protection is of no concern as I do not install promiscuously. If my trusted software needs access that is fine by me.

 

Same here.

 

Inbound only as well

 

If I could find a firewall that has outbound protection and
absolutely no other issues, of any kind, with overall system
configuration and security strategy, I'd probably use it. But I
never have. Given my setup and personal experiences in over
ten years on the Net, for me, at least, outbound protection by
a firewall, considering the other security I run, is trivial.
So no outbound firewalls here. Solid inbound firewalling is all
that concerns me.

 

How about 100% uninvited inbound blocked, and trivial TDI monitoring/blocking of outbound, with the installation being modular, portable, and with virtually no decrease?

 

I am neither a programmer, nor a Windows expert, so my understanding
of TDI is very limited. If you mean monitoring of TCP/UDP in some way
that detects an illicit outbound communication , not necessarily
application-specific, I'm all for it. The rest sounds good. My interest is in
firewalls being firewalls - light, fast, secure, rules-configurable, and nothing else.

 

Like going out into cold weather layers are essential--the same with a firewall-- it is an important layer along with AV and SBIE, which all together makes for good warm protection (metaphorically speaking).

Somehow I think the metaphorical part is understood but I wanted to see if I could spell it without using the spell checker!

 

Hope ya don't suffocate under these layering,at least your OS has some room to breathe (metaphorically speaking)

 

Why do we use software firewalls?

because it provides another layer in your security setup, if you ever get a trojan
on your pc your software firewall can prevent the trojan from accessing the internet causing further damage on your pc. this is what all the firewall leak tests are for.

 

If people can't adjust the configuration to allow some unsolicited inbound traffic then you have something that (i) makes P2P almost impossible and (ii) will interfere with some online games.

Also "trivial TDI" monitoring of outbound traffic won't cope well with even basic leaktests or malware using similar techniques.