Hardware Firewall - Is this necessary for me?

Here is my PC security set up.

Kaspersky Personal Pro 6
ZA Pro 7
Prevx2

I'm using ADSL modem and thinking about change to ADSL Modem Router with hardware firewall integrated. Is it worth to add hardware firewall combined with software firewall? If it's ok then please suggest me good ADSL Modem Router with hardware firewall. Thanks for your help.

 

Re: Hardware Firewall - Is this neccessary for me?

My opinion is that a hardware is far more important that a software firewall.
I have limited experience, having only ever had one Hardware Firewall but it has now been running for 4 years and as far as I'm aware I have had no problems.
Netgear DG834 - must be more modern version by now. As I don't use any on line security ( ie no anti-virus, no anti-spyware, no hips, no software firewall)
I have to assume that no one wants to attach me or that the Netgear is helping in some way.

 

Re: Hardware Firewall - Is this neccessary for me?

I tried a router/hardware FW at one time but found it unnecessary for me as I'm on a standalone machine, not part of a network.

The main advantage of a hardware FW for a standalone set-up would be the fact you are protected the moment you plug it in; even if your software FW fails to load or gets killed off you will still have incoming protection. But as I say it's not strictly essential.

If you're part of a network you'll be using a router so it would be a good idea to combine with a FW.

 

Re: Hardware Firewall - Is this neccessary for me?

I personally prefer a router/hareware solution. It just seems to make life much easier in general, and as mentioned, you're always covered against inbound traffic at all times. Also takes any cpu and resource load off the PC. If you got a router or hardware solution, you could then dump ZA Pro and just stick with KAV and Prevx, that's all you'd need..

 

Re: Hardware Firewall - Is this neccessary for me?

I was on dial-up for nine years until switching to DSL 4 months ago.
With DSL came an SPI firewalled router/ modem from my ISP.

On dial-up, I was forever checking my FW logs, settings, & rules.
Now I just leave a light inbound packet filter or the XP SP2 FW
enabled as a "just-in-case" measure, and spend 5 seconds once a
month checking that it is still enabled.

As Kerodo said, life is so much easier now.

I have a Westell 6100 supplied by ISP, no experience with anything else.

 

Re: Hardware Firewall - Is this neccessary for me?

I'd never run myself, or support someone elses, computer that's not behind a NAT router.

 

Re: Hardware Firewall - Is this neccessary for me?

A Unix-based UTM router/gateway is the way to go, IMO. If you got some spare parts, it's free.

 

Re: Hardware Firewall - Is this neccessary for me?

99% agreement with the advice already offered. H\W firewalls are the way to go. I would still not dump your S\W based one though. Layer, layer, layer your defenses.

 

Re: Hardware Firewall - Is this neccessary for me?

If you feel the need for a hardware firewall then by all means invest in one. However you can get by just fine without one. I ran my system for many years with no hardware firewall. All i used was an internal adsl pci card combined with zonealarm. Later on i moved to xp and just used the xp firewall.

 

Re: Hardware Firewall - Is this neccessary for me?

Of course you can!

Once your ports are closed and stealthed you're safe; you're not going to be doubly safe by putting on a hardware FW as well!

This talk of layers is misconceived - a closed port cannot be made any more closed by adding another FW.

The only real upside would be if you had a software FW that crashed leaving you exposed - but even that is unlikely with ZAP because if you have the Windows FW switched on and allow ZAP to disable it at startup, the Windows FW will immediately start up again once Vsmon.exe stops running. So you're covered anyway.

The fact is software FWs are not going to leave you more prone to be hacked, indeed you could argue that you are safer just running a sofware FW than just running a hardware FW, and because it's advisable to run a software FW you can dispense with the hardware FW on a standalone unit.

 

Re: Hardware Firewall - Is this neccessary for me?

or you could just dispense with the software firewall and sit safely behind the hardware ? Certainly don't see the need for both.

 

Yep, there's really no need for both, at least on the inbound side.. I prefer just a router because it's so simple to set up, and then you're covered. Software firewalls usually take more effort to tweak and set up, and there is a tendency to be changing them and looking at logs and on and on. With the router it's pretty much set it up, and then forget it..

 

I Knew there was another benefit that I forgot to mention

 

Re: Hardware Firewall - Is this neccessary for me?

Interesting. Has this been confirmed or just an assumption?

 

Thanks for all your suggestion. I decided to put hardware firewall combined with software firewall. After saw many advices and I think it's not bad to add just one more firewall layer with hardware. Can anyone suggest me a good one?

cheers

 

Re: Hardware Firewall - Is this neccessary for me?

On my system it's observation rather than assumption, however I am assuming that it also applies to other peoples' setup which may not be the case. However it is very easy to demonstrate - just go to Firewall/Advanced in ZAP and ensure that the box is ticked for 'Disable Windows FW', then switch on the Windows FW in the Security Centre and reboot; when I shutdown ZAP after that the Windows FW immediately starts up 'cos ZAP is no longer suppressing it.

 

Re: Hardware Firewall - Is this neccessary for me?

This is pretty accurate. The main reason I use a hardware based solution is because it takes the resource strain off my computer. I have personally witnessed peoples software firewalls being disabled, so I know it's quite possible. Behind a hardware firewall no need to worry about such things.

Are they "neccessary"? Do you "need" one? Well... no. Technically, you don't even need a computer in the first place. Is it a good idea to have one?... I'd say absolutely. Much more important than deciding on what software to use IMO. In fact behind a good hardware based solution, whatever software you use (or don't use) is rendered a pretty moot point.

 

I use the D-Link router which can be integrated with ZA-Pro...

 

Re: Hardware Firewall - Is this neccessary for me?

Sounds like it should apply to all systems. It is indeed a nice little fall-back feature. But alas.....running XP64 has caused me to abandon ZA after many years. Outpost is now my SW FW solution, setting behind a NAT router as well. What can I say, still a believer in outbound control too.

 

As you can read above it really depends on where you want your CPU cycles to be running, doesn't it? Personally, I prefer a hardware based firewall even if it is a bit redundant. With that said, there is more reliability with a hardware based product than with a software only based solution.

Software being software there is still a greater chance of unforseen misconfigurations and conflicts with everything running on the same box. A hardware based firewall takes some of the burden off the single box and transfers that burden to another CPU.

- beads