Question regarding firewall

I got a linksys WRT54g router which has built in hardware firewall. If i on my router firewall, is it necessary to active windows firewall(sp2)?

 

I'd say no. It's not necessary.

 

Nah there is no need to activate the windows firewall when the router does the same and probably better job.
One thing you may want is some outbound protection to control what goes out. appdefend and dynamic security agent are a couple of apps that do this.

 

so i should install a software firewall?

 

As long as you go for a free one . Comodo, Jetico 1, Sygate (forgot the version), and few others. They allow you to configure what applications can connect, and quite possibly detect a rogue application that also tries to connect with the internet. I recommend Comodo, since it's very easy to use, and has great support.

If you don't value this, don't get one. But only use one.

 

Only if you require outbound control.

 

Most of these people are not responsible for large networks/numerous users, and fail to realize that if there is another computer behind the router with network aware malware it is possible that it could exploit a open service on your computer. Leaving the XP firewall should cause no problems at all, only a very rare prompt for programs which don't automatically set themselves up to be a server in the firewall.

Those with wireless routers are the ones who also have to worry about others getting on their access point, especially the ones who run wep/no encryption, however most people will not target WPA access points.

Enabling the XP firewall is easy, and in reality leaving it enabled doesn't cause any problems. If you ever have to connect to another network not behind your router you at least have the xp firewall already enabled.

 

So your conclusion is..either use router firewall with WPA enabled or just use xp firewall?

 

No, just because a computer is behind a router doesn't mean its protected from the other computers behind the router, and leaving the xp firewall enabled is something very simple you can do. WPA takes too long to crack for most wardrivers who just need a quick connection, but its quite possible.

Apparently you were not around when blaster made the rounds years ago, it only effected WinNT(NT, 2K, XP/etc) operating systems, and caused companies to loose tons of production, many users confused why their computer kept shutting down, all because they didn't have their internet/network properly protected. All it took was one infected computer to get behind the router, and the rest of the network fell!

 

i see, so what's your recommendation ?

 

-Enable the XP firewall if you don´t have another firewall running.
-Use WPA/WPA2 encryption if you have a wireless network.

 

so..

-Disable router firewall
-enable sp2 firewall
-enable WPA (does have wireless network)

 

NOO
Leave it enable. What BlitzenZeus is trying to say is that your router(NAT+SPI) only protects you from the Internet noise/incoming traffic -port scans, worms looking for unpatched machines, unsolicited connections, etc-
A router ALWAYS trusts ALL traffic generated by the PCs it protects (home network).
If each host on your home network lacks a software firewall (XP inbuilt or another one) and ONLY one PC is infected for any reason, all your machines become vulnerable.

So:
-Router firewall: protects you from the Internet noise.
-WPA encryption with good password: protects you from unauthorized access to your network.
-Software/PC/End-point firewall protects you from trusted PCs that could be infected.

 

ah thanks,if i have a software firewall, which blocks outbound and inbound traffic, then i do not need the router firewall anymore right?(Am i right here?)

Does enabling to WPA suffer download speed?

 

You are welcome

No

Let me explain. A software firewall will protect you from suspicious inbound traffic wherever it comes from: LAN (home network) or WAN (Internet). But the router inbuilt firewall is stronger and more immune to attacks. Also, your software firewall could be disable for any reason(corruption of driver, user fault, etc). For example it is always recommended to put a router in front of a PC with newly installed OS before going to Windows Update and download the patches/hotfixes.

 

The router will protect you inbound but not outbound. I believe you need a firewall. Maybe a free one like kerio or ZoneAlarm. The router is probably better at protecting you from internet attacks. It can't be shut off or compromised

 

Use both a software firewall and a router

 

so i enabled software firewall Or sp2 and disable router firewall? The time to use router firewall is when i'm disabling my software firewall? (eg, windows update)

 

Leave your Router Firewall On.. and Leave the Windows Firewall On... Only turn off the Windows Firewall if you are going to use a Third Party Firewall such as Zonealarm, Comodo, Etc.. for outbound protection... The Router's Firewall will only protect you from un-wanted incoming requests or attacks from the WAN or Internet... The windows firewall will give you the added protection of un-wanted incoming requests or attacks from another computer on your own internal network... Such as a 2nd or 3rd computer in your house that may some how get infected with a virus or spyware/adware or trojans... The router's firewall can not protect you from from another computer on your own local home network... because all the computers on your network are on the same side of the router... But by turning on the Windows firewall or using a 3rd party firewall you will have that added protection from other computers on your own network... plus the protection of the router from attacks from the Internet or WAN... If you also want Outbound protection then you will need to use a third party firewall like Zonealarm or Comodo or any other that you choose on each computer on your local network... But do not turn off the Routers firewall just because you are using either a third party firewall or the windows firewall... and don't turn off the windows firewall if you don't plan on using a third party firewall for outbound protection...

 

Are we speaking another language here? Leave both enabled.

 

Hi, BryanC1968

Welcome to Wilders Forums

I though that they where the same.

Take Care,
TheQuest

 

Sorry about that, i didn't realize that a router is there probably to connect more than one pc , i should have said something about that. I assumed he is at home and has trustworthy lan. Still, a software firewall is always good.

 

Typically, that is correct. As the default firewall policy is to allow outgoing and block incoming (unless its a responding in a stateful packet scenario).

However, the person in question is using a Linksys WRT54G router. Now depending on what version they have, they may be using one that is running on Linux. (Version 5.0 or later, the router no longer runs in Linux, but some other OS).

I'm raising this point of a Linux based router, because you can change the policy and rules to the way you want it. Linux uses iptables for firewalling....If you have the patience to learn iptables, you'll can configure things to suit your needs in a more precise manner. (If not, you can use fwbuilder, but you still need to know about networking!)

So you can change the WRT54G's policies such that it blocks all outgoing accept that you define.

However, bare in mind that the WRT54G is a stateful packet filter and NAT. It is NOT an application firewall. It does NOT know if an application is acting like a malware infected monster, bombing the hell out of your router. (causes lockups). So if you open port 80...Which is web traffic (HTTP), then it won't know if hostile traffic is going through that.

It is useful if you don't want a specific system or port accessing the web. For example, I do NOT want my print server to access the web. (as it has no purposed doing so)

I agree with BryanC1968 in regards to having a local firewall for each box, such that they're application firewalls and process monitors that stop crap from "dialing home" and such. Or at least firewalls that have profiles for each application that wants to connect to the web.

Your router or DIY firewall PC acts as perimeter defence. The firewall solution on your local PC is your 2nd line of defense. If the router fails in any way, because of poorly coded firmware, or bug, etc, you will at least have some defence.

Personally, I replace the default WinXP firewall with something more robust and better featured.

 

thanks for all the reply, i know it took long to explain to a noob like me

Last question, i am very concern about the ram usage that a software firewall used, i heard window firewall had very little ram usage. 2ndly, will router firewall use ram usage of my pc? and will my download, surfing speed be affected?

 

-Yes, XP firewall is very light on RAM demands.
-No, your router has its own hardware resources.
-No, unless you put a high demand on your router (excessive BT connections, etc). Software firewalls tend to affect the connection speed specially if they are application-based firewalls with anti-leak measures.