Hardware Firewall - Is this necessary for me?

Discussion in 'other firewalls' started by Sxperm, Jul 28, 2007.

Thread Status:
Not open for further replies.
  1. Sxperm

    Sxperm Registered Member

    Joined:
    Sep 14, 2005
    Posts:
    42
    Here is my PC security set up.

    Kaspersky Personal Pro 6
    ZA Pro 7
    Prevx2

    I'm using ADSL modem and thinking about change to ADSL Modem Router with hardware firewall integrated. Is it worth to add hardware firewall combined with software firewall? If it's ok then please suggest me good ADSL Modem Router with hardware firewall. Thanks for your help. :D
     
  2. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    Re: Hardware Firewall - Is this neccessary for me?

    My opinion is that a hardware is far more important that a software firewall.
    I have limited experience, having only ever had one Hardware Firewall but it has now been running for 4 years and as far as I'm aware I have had no problems.
    Netgear DG834 - must be more modern version by now. As I don't use any on line security ( ie no anti-virus, no anti-spyware, no hips, no software firewall)
    I have to assume that no one wants to attach me or that the Netgear is helping in some way.
     
  3. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    Re: Hardware Firewall - Is this neccessary for me?

    I tried a router/hardware FW at one time but found it unnecessary for me as I'm on a standalone machine, not part of a network.

    The main advantage of a hardware FW for a standalone set-up would be the fact you are protected the moment you plug it in; even if your software FW fails to load or gets killed off you will still have incoming protection. But as I say it's not strictly essential.

    If you're part of a network you'll be using a router so it would be a good idea to combine with a FW.
     
  4. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,787
    Re: Hardware Firewall - Is this neccessary for me?

    I personally prefer a router/hareware solution. It just seems to make life much easier in general, and as mentioned, you're always covered against inbound traffic at all times. Also takes any cpu and resource load off the PC. If you got a router or hardware solution, you could then dump ZA Pro and just stick with KAV and Prevx, that's all you'd need..
     
  5. FadeAway

    FadeAway Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    270
    Location:
    USA
    Re: Hardware Firewall - Is this neccessary for me?

    I was on dial-up for nine years until switching to DSL 4 months ago.
    With DSL came an SPI firewalled router/ modem from my ISP.

    On dial-up, I was forever checking my FW logs, settings, & rules.
    Now I just leave a light inbound packet filter or the XP SP2 FW
    enabled as a "just-in-case" measure, and spend 5 seconds once a
    month checking that it is still enabled.

    As Kerodo said, life is so much easier now.

    I have a Westell 6100 supplied by ISP, no experience with anything else.
     
  6. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    Re: Hardware Firewall - Is this neccessary for me?

    I'd never run myself, or support someone elses, computer that's not behind a NAT router.
     
  7. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Re: Hardware Firewall - Is this neccessary for me?

    A Unix-based UTM router/gateway is the way to go, IMO. If you got some spare parts, it's free.
     
  8. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.
    Re: Hardware Firewall - Is this neccessary for me?

    99% agreement with the advice already offered. H\W firewalls are the way to go. I would still not dump your S\W based one though. Layer, layer, layer your defenses.
     
  9. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    Re: Hardware Firewall - Is this neccessary for me?

    If you feel the need for a hardware firewall then by all means invest in one. However you can get by just fine without one. I ran my system for many years with no hardware firewall. All i used was an internal adsl pci card combined with zonealarm. Later on i moved to xp and just used the xp firewall.
     
  10. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    Re: Hardware Firewall - Is this neccessary for me?

    Of course you can!

    Once your ports are closed and stealthed you're safe; you're not going to be doubly safe by putting on a hardware FW as well!

    This talk of layers is misconceived - a closed port cannot be made any more closed by adding another FW.

    The only real upside would be if you had a software FW that crashed leaving you exposed - but even that is unlikely with ZAP because if you have the Windows FW switched on and allow ZAP to disable it at startup, the Windows FW will immediately start up again once Vsmon.exe stops running. So you're covered anyway.

    The fact is software FWs are not going to leave you more prone to be hacked, indeed you could argue that you are safer just running a sofware FW than just running a hardware FW, and because it's advisable to run a software FW you can dispense with the hardware FW on a standalone unit.
     
  11. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    Re: Hardware Firewall - Is this neccessary for me?

    or you could just dispense with the software firewall and sit safely behind the hardware ? Certainly don't see the need for both.
     
  12. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,787
    Yep, there's really no need for both, at least on the inbound side.. I prefer just a router because it's so simple to set up, and then you're covered. Software firewalls usually take more effort to tweak and set up, and there is a tendency to be changing them and looking at logs and on and on. With the router it's pretty much set it up, and then forget it.. ;)
     
  13. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    I Knew there was another benefit that I forgot to mention
    ;)
     
  14. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.
    Re: Hardware Firewall - Is this neccessary for me?


    Interesting. Has this been confirmed or just an assumption?
     
  15. Sxperm

    Sxperm Registered Member

    Joined:
    Sep 14, 2005
    Posts:
    42
    Thanks for all your suggestion. I decided to put hardware firewall combined with software firewall. :D After saw many advices and I think it's not bad to add just one more firewall layer with hardware. Can anyone suggest me a good one? :D

    cheers
     
  16. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    Re: Hardware Firewall - Is this neccessary for me?

    On my system it's observation rather than assumption, however I am assuming that it also applies to other peoples' setup which may not be the case. However it is very easy to demonstrate - just go to Firewall/Advanced in ZAP and ensure that the box is ticked for 'Disable Windows FW', then switch on the Windows FW in the Security Centre and reboot; when I shutdown ZAP after that the Windows FW immediately starts up 'cos ZAP is no longer suppressing it.
     
  17. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    Re: Hardware Firewall - Is this neccessary for me?

    This is pretty accurate. The main reason I use a hardware based solution is because it takes the resource strain off my computer. I have personally witnessed peoples software firewalls being disabled, so I know it's quite possible. Behind a hardware firewall no need to worry about such things.

    Are they "neccessary"? Do you "need" one? Well... no. Technically, you don't even need a computer in the first place. Is it a good idea to have one?... I'd say absolutely. Much more important than deciding on what software to use IMO. In fact behind a good hardware based solution, whatever software you use (or don't use) is rendered a pretty moot point.
     
  18. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    I use the D-Link router which can be integrated with ZA-Pro...
     
  19. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.
    Re: Hardware Firewall - Is this neccessary for me?


    Sounds like it should apply to all systems. It is indeed a nice little fall-back feature. But alas.....running XP64 has caused me to abandon ZA after many years. Outpost is now my SW FW solution, setting behind a NAT router as well. What can I say, still a believer in outbound control too.
     
  20. beads

    beads Registered Member

    Joined:
    Jun 1, 2005
    Posts:
    49
    As you can read above it really depends on where you want your CPU cycles to be running, doesn't it? Personally, I prefer a hardware based firewall even if it is a bit redundant. With that said, there is more reliability with a hardware based product than with a software only based solution.

    Software being software there is still a greater chance of unforseen misconfigurations and conflicts with everything running on the same box. A hardware based firewall takes some of the burden off the single box and transfers that burden to another CPU.

    - beads
     
Loading...
Thread Status:
Not open for further replies.