Is a Third Party Firewall needed with a Wireless Router Firewall?

Discussion in 'other firewalls' started by duke1959, Dec 21, 2006.

Thread Status:
Not open for further replies.
  1. duke1959

    duke1959 Very Frequent Poster

    Joined:
    Jul 21, 2006
    Posts:
    1,238
    I know there are older threads in here somewhere about this, but is the Windows XP Firewall or a Third Party Firewall really needed with a Wireless Router Firewall running? I currently use a Linksys WRT54G Wireless Router with Firewall enabled, and also have the AVG Firewall in AVG ISS on. I'm just not sure if this is a bit of over kill though. Maybe something like Comodo Firewall would be a good choice because of it passing all the leak tests, but I have heard many people who don't even enable the Windows XP Firewall when using a Router Firewall.
     
  2. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    a router firewall amd windows xp firewall do much the same thing: protect against inbound attacks.

    if u have a router firewall, what u need is outbound security (by using a firewall like comodo or just an HIPS).
     
  3. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    Like WSFuser said, the router will only protect your incoming connections, so is advisable to use a software firewall to have double protection on incoming connections and also protect your system on outgoing connections...

    If you just want one protection for incoming, just disable the packet filter of the software firewall, or the router firewall if it is more slower than the software firewall packet filter...
     
  4. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    The router does not protect you from other computers on the lan, so a software firewall is still suggested, even the very simple xp firewall works for this.
     
  5. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    You are completly right...

    But if is a home LAN and the users trust on each other...
     
  6. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    Many wireless access points are not secured, many poorly secured as the users don't at least try to use the highest encryption possible, sometimes their devices can't handle WPA so they use WEP which is easily cracked. In my neighborhood alone I can take my pda, and pickup on a handful of open access points broadcasting their ssid.
     
  7. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    :)

    I was refering to optimal settings for security, but like you said, normally none user know that or how to do that...
     
  8. duke1959

    duke1959 Very Frequent Poster

    Joined:
    Jul 21, 2006
    Posts:
    1,238
    Ok thanks everyone, here are some more questions though. I'm on the wireless end of the Router, and my wife's PC is hard wired into it. If she were to download something bad, am I understanding it could also affect my PC? If so, then would the Comodo Firewall, or even my AVG Firewall, alert me to something of this nature where as Windows XP wouldn't? Along that lines though, what type of things attempt to "get in" if some one is using Firefox and No Script?
     
  9. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    If you get some network aware malware it could try to connect to other computers services to attempt to exploit their open services, and copy itself onto them, however these kind of programs might also be trojans, which might give the person controlling the software access to your network, including your internet connection.

    Companies that have not done basic network security besides a router have found that when an infected computer gets behind the router it can gain access to other computers on the network, and reveal sensitive information, including personal/financial information about customers. Simple worms in the past have caused companies to loose days of work just because they assumed they were safe, anyone remember blaster? :)
     
  10. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    Are you referring to the flaw in XP that was reported back in 2003? I was offline for most of the year, so it passed me by. :D

    http://www.pcworld.com/article/id,111973-page,1/article.html
     
  11. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    Yes I'm one of those foolish people. I use a HIPS program ProSecurity in preference to a software Firewall.
     
  12. duke1959

    duke1959 Very Frequent Poster

    Joined:
    Jul 21, 2006
    Posts:
    1,238
    I personally am beginning to understand that maybe there should be some concern even when using a Router Firewall, that something can still get in. I use both Opera and Firefox as browsers so I guess although an Antispyware Program may not be needed when using them, a Third Party Firewall for added protection against more serious things like Trojans still may not be a bad idea. I'm told the Windows Firewall while adequate can still be bypassed, and of course doesn't show what's on the inside of your PC. This is the part I like about having a Third party Firewall. I'm just still not sure what can get in with a Realtime AV, Router Firewall, and Windows XP firewall enabled? And I'm still not sure if I'm understanding that by being on wireless PC, that the main PC which is hard wired with the same protection, can still send something bad that was downloaded by that user to my PC? Hoping someone can clear this up, and thanks in advance.
     
  13. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    I have little if any understanding of these things but when I run the usual Stealth tests I am told that everything is stealthed - can not be seen from outside.
    If this is correct then does this mean that the most likely way that something can get in is via e-mail and when surfing on "dangerous sites". My e-mail if scanned for nasties by my mail provider and I just delete anything that I don't recognise. Anyway I'm not sure what an additional software firewall can provide in the way of protection against "incoming" problems.
     
  14. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    Same here, i'm running prosecurity instead of a firewall behind a firewalled router.
     
Loading...
Thread Status:
Not open for further replies.