Router and IDS in a software firewall

Discussion in 'other firewalls' started by mvdu, Aug 15, 2008.

Thread Status:
Not open for further replies.
  1. mvdu

    mvdu Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    1,151
    Location:
    PA
    Is some kind of IDS in your software firewall useful even if you have a router? There are quite a few software firewalls with a kind of IDS or attack detection or SPI (Norton, Outpost, KIS, Kerio 4, and limited ones in PcTools and Comodo.) I'm currently trialing Outpost firewall. But would Norton's firewall be most useful to me since it detects web based attacks?
     
  2. vijayind

    vijayind Registered Member

    Joined:
    Aug 9, 2008
    Posts:
    1,413
    If you have a router you're probably protected to a large degree from network attacks.
    What might need is any personal firewall which can provide basic network protection, 2-way access control and probably some HIPS.

    Outpost,KIS,NIS,OnlineArmor all have all of the same inbuilt.

    The other approach could be to have a Basic Firewall + HIPS software. For example: Windows Vista Firewall + Defensewall
     
  3. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Absolutely, a router is nowadays more a danger then a help (since dnschanger, this thing will evolve be sure) because if your router is owned your chances to notice that are highly decreased. Some high security setups place first specific hardware firewalls.
     
    Last edited: Aug 15, 2008
  4. mvdu

    mvdu Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    1,151
    Location:
    PA
    Hi SystemJunkie,

    My LAN has users that I trust, but since you think an IDS is useful, which software firewall would you recommend? Is Outpost ok?
     
  5. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    Just my 2 cents... I think with a router, any further inbound protection is pretty much unnecessary.... Nothing is going to get past the router. In 3 years of router use, I've never had an issue here.

    Even without a router, I think an IDS is a little on the overkill/anal side for a home user anyhow. A basic firewall or packet filter will keep you safe enough. That combined with your AV or even HIPS is plenty. A web scanner in the AV might be helpful also.

    Nobody is looking to exploit or attack a home user at that level. And if anything does get onto your PC via any other avenue, your other software will catch it, but that pretty much depends on how you use the machine.

    I'm sure some will disagree, but as I said, my 2 cents, for what it's worth... ;)
     
  6. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Outpost is very good but afaik not 64 bit ready but if you use 32 bit go on.

    Oldschool Black Ice was also very interesting, not as firewall but as IDS.
    My favorite IDS was Tiny but this company is out of business since 2005.
     
  7. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    What is this dnschanger pls?.
    Hmmm.... I always thought a router and a hardware FW to be the same!!! o_O
     
  8. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Sometimes but specific highend hardware firewall should have a much stronger multilayered approach (ALF, SPI, Content Filter, Packet Filter, whitelists) in contradiction to usual routers.

    A new breed of malware that scans for specific routers and try to own them so that your router becomes remotely controlled.
     
    Last edited: Aug 15, 2008
  9. mvdu

    mvdu Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    1,151
    Location:
    PA
    Would you recommend Outpost over NIS for my needs?
     
  10. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    In that case addition of a router should be of no additional benefit, why u suggested to use both together?
    Even if u have non-default passwords?

    Any links for this?

    Thanks
     
  11. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Hello,

    You do not need any IDS with or without the router, completely unnecessary in home environment.

    And your router will do its job, let it be.

    Mrk
     
  12. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Non-Default pass is a must otherwise router gets owned in seconds if you surf the wrong webside.

    Absolutely. If you use NIS you must set it up the right way (check all protection extras) otherwise it leaks massively.
     
  13. mvdu

    mvdu Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    1,151
    Location:
    PA
    Hi again - by leaks to you mean in terms of leaks from leak tests, or in another way?
     
  14. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    Both but also related to leaktests, norton can make up five or more ranks upwards when all protection extras are enabled the same is valid for pctools firewall.
     
Loading...
Thread Status:
Not open for further replies.