Router and software firewall

Discussion in 'other firewalls' started by ellison64, Dec 25, 2005.

Thread Status:
Not open for further replies.
  1. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,499
    Im wondering what sort of extra security is gained from a software firewall when used behind a router on a one home computer?.I know theres the outbound application factor ,.which i personally think is important as i like to see whats connecting out.However out of habit (before i had the router) i always like to for example set my newsreader just for port 119 and used software firewalls that could do this like kerio or outpost.Bur is there really any benefit in setting it to one port rather than just allowing evrything as in the case of ZA free?.Also is there any point in setting your isp dns in the software firewall when its set in the router?.As i say ,out of habit i always try to set the software firewall up as if i have no router , and i suspect lots of people do..but apart from ther application filtering ,is there any real need for port filtering etc in a software firewall,if one has a router?
    ellison
     
  2. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,783
    I suspect it just depends on how paranoid you are. If you feel the need, sure, you can set specific ports on outbound apps. Many do. Just a matter I guess of how "tight" you want things to be. I suppose the reasoning is that a rogue app may try to connect out on non-standard ports somehow. There is also the added advantage of being able to block access to certain ports, for example, you might want to allow your email client to access 25/110 for mail, but at the same time block port 80 access. Just depends on what you want.. If you don't care about all that, then the simple on/off switch approach of ZA is fine..
     
  3. controler

    controler Guest

    Hardware firewall does indeed block outgoing. I can prove it. Depends on your router-gateway
     
  4. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,499
    I can see the logic in this , but is it still a case of feeling safer rather than actually being safer?For example rogue apps , is something that i would expect the application control/monitoring to alert me too ,regardless of what port it was trying to use.Also arnt most email progs usually, by default set to 25/110 remote port anyway?.I guess the router (if configured properly) will take care of all the incoming traffic ,and presumably application filtering will allow you to make an informed desicion in what to allow for outgoing so is the configuring of port filtering any further benefit over ZAs (and others) on/off approach?.Im personally in two minds about it, and havent really seen any conclusive evidence to back up one preference over the other.
    ellison
     
  5. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,499
    I guess some do.Mines very basic seems to stealth everything but does reply to ping , which i cant do anthing about,but then again does it really matter?Its been like that for 2 years without any problems anyway.What would be a good choice of hardware firewall in your opinion?.I have thought of getting another one with more bells and whistles ,but then the tight side of me always asks why? and would the benefit outweigh the cost?.
    ellison
     
Loading...
Thread Status:
Not open for further replies.