Is a software firewall still needed if you have a hardware firewall?

Is a software firewall still needed if you have a hardware firewall?

I use a Linksys NAT Router with a SPI Firewall along with ZoneAlarm Pro. But I noticed that since I got the router, I noticed that the counter of "Inbound Protection/Intrusions" of ZoneAlarm Pro does NOT block anything anymore. I turned ZoneAlarm Pro off and went to the Shields UP! website and guess what - I still was "TruStealth".

 

You may find answer here:

https://www.wilderssecurity.com/showthread.php?t=81150&highlight=software+firewall

Do a search on previous posts, you can find quite some discussion on it.

 

Simple answer, if you wish to have control of outbound communications, yes; if not, no. Is it needed? Your call.

ZAP doesn't block anything since the router will handle unsolicited inbound communications. As for stealth, it's really irrelevant for a home user although a cottage industry has seemingly been built around it.

The reason to use or not use a software firewall is to have fine control of the details and/or applications allowed to communicate directly to the outside. My personal need ranking is router first then a software firewall if desired. I do use a software firewall, but only as an application-based allowed/blocked filter.

Blue

 

Same here. Kerio 2.1.5 is excellent in this role.

 

A software firewall is only necessary if you want outbound control. Even then you don't have to use a firewall, something like app defend would work well.

 

I agree with what others have posted thus far, but I'd like to add that it's not a bad idea to add a software firewall as standard practice on laptops.

Many people have purchased laptops for home use because of the size, portability etc. When used at home behind a hardware firewall all is well.

But what if you decide to go away for the weekend, or take the laptop down to your local coffee shop or friends house. Now you can't be certain what else is lurking on the network your connecting to - so having a software firewall comes in handy.

 

I'd always use a software firewall no matter what.

I can't breathe without controlling the outbound access of my applications.

 

Of course for the most protected access, a combinations of both kinds of firewalls, hardware and software, provide the utmost security. Software is more of a variety control, all apps and access by the program, while a hardware firewall, I think, controls what comes back in. So if a program is malicious, then the hardware firewall (if detected) would block it out before the malicious stuff touches your main systems.

I use both types of firewalls, and the hardware firewall works well (but causes some lagging). Problem is that I think its harder to update than software. So combination works best, and software firewalls are needed for application controls.

 

I go back and forth using a software firewall due to the fact that I already run a Fortigate60 hardware firewal/AV/IPS. I personally believe that outbound protection is not needed and that NAT routing is much more important.

I know that most here think that outbound protection is more important then keeping a clean system, and by clean I mean a system that hasnt had its kernal hooked by the firewall...typically causing OS problems down the road.. so tell me a story you outbounders.

I want an instance in which you had your firewalls outbound protection protect you. Dont tell me a story about some "freeware" in which the firewall protected you cause we all know that there is nothing free in this world, and that freeware is either after an email address to add to their list to sell out to spammers or for some sort of trojan install to add you to their bot farm.

Given that the all your software was paid for, what snuck into your system via some valid program in a zero day type situation (bufferoverflow, ect)
in which your outbound protection caught the issue.

Thanks.

 

After getting the router and a switch, I don't use any firewalls, just Avast AV and depend on its network scanner to keep me out of nasties, I do check my router logs daily, also I have TCPView running in background and check on it from time to time. When I was not on router, I was on CHX which too is strictly inbound. Point is if you are a heavy gamer or P2P person, leaving it to the router is a better way than putting heavy load software firewalls which sometimes might even cause you connection slow downs.

 

I am guessing by the lack of any reply that all outbound protection does is give piece of mind. I dont think that piece of mind is worth hooking the OS kernel.

 

For many of us, if you are focussing solely on protection, you're barking up the wrong tree. It is about control. Control of what can speak to the outside and how that communication proceeds. There are plenty of perfectly valid programs that I block because I wish to control when/how/if they communicate with the outside.

In some respects, if you rely on a firewall for protection it is either your sole security application (and this can work absolutely fine for advanced users) or it is a backup strategy since, if the communications are already going out you've already been compromised and your primary approach clearly has some gaps which need to be addressed.

Blue

 

Yes it does give peace of mind in the fact that i can control and monitor whats coming in and going out.

 

That piece of mind will cost you in the long run. OS kernels are not designed to be hooked. I am guessing there will be a collective mental breakdown when Vista rolls out. At this point hooking will not be allowed, and thus, no third party firewalls will work.

 

Well i guess i won't be using vista then...

 

Hey,

lol, not completely true..

Lol, Vista does have it's very own firewall for inbound and outbound control..

best regards,

iNsuRRecTiON

 

Yeah but if they gonna force me to have use certain software then i ain't gonna be using it.

 

i have also noticed that recently i havent got any activiity since i have got my nat router to odvisally my router is working.

 

Can you tell me some other software similar to appdefend?
I'm wondering the same as the OP. I have a router with SPI firewall, AOL AVS (our kaspersky friend), Windows Defender, XP SP2 firewall and WinPatrol Plus (it isn't a "real" HIPS isn't it?). Should I use more?

 

For HIPS that include network access
SSM (beta)
Prosecurity

 

You won't be the only one.
Why would I trust a firewall from M$?

 

Leaving aside the knee jerk reaction against all thing M$, it strikes me as a circular argument.

No machine (router) or software is EVER foolproof ever since the Titantic proved the folly of technical arrogance. Ask NASA about foolproof software they found was flawed.

This being the case, the amount of security you need is perhaps quite different from what you WANT. Most do not know enough about all the programs on our PC's or the sites we visit to assess the risks. What we need depends on our online activities. If you use you PC to buy products and do online banking that is one level of need. If all you do is surf in your area of interest and send email then that clearly is another.

Like most debates amongst techies it is NOT A or B it is both.

Error on the side of safety, use both the router and the software firewall the S/W acts as a backup in case a parasite slips past. Now you guys can climb all over me a say how no parasite could ever slip past your secuity set up.

On outbound would you not want some control of what data is leaving your computer? Oh ya I forgot your ship cannot sink......

 

Only the paid version right?
Thanks.

 

Yes, currently only the paid version of SSM will include network access control.

 

I agree that a software firewall is necessary.
But maybe the biggest factor is with a laptop, as has been said, when you are away from home. If no software firewall then that much less protection.

I would not be without a software firewall, and I am behind a NAT.

I won't need a new computer for several years, unless mine breaks. When I do I am sure I will get Vista installed, just like most of you who say, "I AIN"T..."

When it gets down to it, MS is so large and Windows the predominate OS that it is like cutting off your nose to spite your face to refuse it.

If Vista has its own in/out firewall I think that is a plus. Of course each "Pays his money and takes his choice."

Jerry