Should I run a personal firewall

Hello everyone,

Quick question - should I run a personal firewall?

The reason I ask is I was testing out Comodo on my Laptop last week. I installed and configured it - and then ran the Shields Up test. My laptop passed all tests.

Since I'm an inquizative kinad guy (that can't spell!) I wondered what would happen if I turned Comodo off and re ran the Shields Up test. When I ran the test again - I still passed all tests! I guessed this was because I was behind a Stateful Firewall on my wireless router. So - being inquizative again (and still not being able to spell!) I turned the firewall off on my router and ran Shields Up again. And what a surprise - I still passed all tests. So I assumed that was a firewall at the ISP

So basically - what is the point of me having a personal firewall?

Am I missing something? Am I running the tests wrong?

 

Simple answer in regards to software firewalls is you then have outbound protection, as in; you can see everything on your system that wants internet access.

Hope this helps...

Cheers

 

thenoble06,

What you were seeing were the security implications of running a simple NAT router. It provides an extremely high level of protection against unsolicited inbound communication.

With respect to tests for stealth, or the advantages of running stealth, there are none. A closed port is a closed port and no amount of cajoling from the outside will open it. Closed is closed.

The value of a software firewall is that it allows some level of active control of outbound communications. While your router does filter all inbound traffic, there is basically no filtering of the outbound traffic (right now I'm ignoring some constraints you can build in, such as allowed times for LAN users and some content filtering, and so on - some routers also allow a fair amount more than this, but they can be a tad pricy).

Typical software firewalls will generally allow you to specific whether communications can occur on a per application basis (application filtering). You can also specify allowed communications by ports/protocols/address/etc. In other words, the router blocks all unsolicited inbound communications, basically allows all outbound communications by default, does not know which application is involved in an outbound communication and therefore can't filter by application. With a software firewall you can provide a high level of filtering of what is allowed on the outbound side.

Blue

 

Brilliant answers - thanks guys.

I take your points on board - and am installing Comodo as we speak.

Thanks a lot

Arran

 

Unless you decided to install a router with outbound capabilities, then forget the software type.

Examples: Netopia R-Series, Fortinet Fortigate 60, Zyxel Zywall 70, SonicWall TZ 170, etc.

But they aren't cheap, i.e. Fortigate 60 is priced at $995 and Zywall 70 falls beyond the $1000 tag

 

Are you saying that software firewalls can be dispensed with by using a high-priced router firewall? If so, then this is a mistake since no router can provide the application-level control that even basic software firewalls offer - meaning that malware can easily bypass their outbound filtering just by making its communications appear like common traffic (e.g. webpage requests).

 

Gsec;

Ouch! For that type of money I could buy a really stripped down Cisco PIX 501 (Not sure about the exact model that recently came out) with enough routing ability to do anything I'd need rather than a full ISR type router and have deep packet inspection to boot. We're talking about $400-500.00, here. And yes, it will filter/block in both directions.

There are routers out there that do some decent to good firewalling but without the deep inspection. Depends on what you need it to do.

As for running a software (personal firewall). Yeah, I think its safer and easier to change a small software firewall than working on a hardware based firewall. That is to say its a bit more 'nimble' to say the least.

Just picking on Cisco because thats what I am most familiar with. There are many, many more but if my toes may be held to the coals - I'd rather have on good, thick boots.

 

I think it pays to have some sort of outbound protection on your computer. If not a firewall then you could try something like appdefend or similar.

 

Duh! To my knowledge routers offer better inbound capabilities that software firewalls. This is new to me.

Anyway I gave ill advice. Actually I use both NAT router and software firewall and that's what it should be as relying in one product alone is not enough. Always the onion approach to virtual security. The more layers the better.

Cheers.

 

It is not that inbound coverage from a router is better per se. Rather, a router offloads that portion of CPU activity from your PC, is not prone to user misconfiguration, and won't be compromised on a compromised system. That's better for most average users. For the advanced user, all aspects of control are more granular with a software firewall.

More is not always better. Even when more layers are purposefully chosen, those layers may not necessarily be better. IMHO, it all comes down to basic functionality, avoidance of pure duplication, interoperability, and compatibility of the layers implimented. Even here, there are a lot of situational issues that should be assessed prior to moving on a specific path.

Blue