Should I run a personal firewall

Discussion in 'other firewalls' started by thenoble06, Sep 20, 2006.

Thread Status:
Not open for further replies.
  1. thenoble06

    thenoble06 Registered Member

    Joined:
    Aug 15, 2006
    Posts:
    25
    Hello everyone,

    Quick question - should I run a personal firewall? o_O

    The reason I ask is I was testing out Comodo on my Laptop last week. I installed and configured it - and then ran the Shields Up test. My laptop passed all tests.

    Since I'm an inquizative kinad guy (that can't spell!) I wondered what would happen if I turned Comodo off and re ran the Shields Up test. When I ran the test again - I still passed all tests! I guessed this was because I was behind a Stateful Firewall on my wireless router. So - being inquizative again (and still not being able to spell!) I turned the firewall off on my router and ran Shields Up again. And what a surprise - I still passed all tests. So I assumed that was a firewall at the ISPo_O

    So basically - what is the point of me having a personal firewall?

    Am I missing something? Am I running the tests wrong?
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Simple answer in regards to software firewalls is you then have outbound protection, as in; you can see everything on your system that wants internet access.

    Hope this helps...

    Cheers :D
     
  3. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    thenoble06,

    What you were seeing were the security implications of running a simple NAT router. It provides an extremely high level of protection against unsolicited inbound communication.

    With respect to tests for stealth, or the advantages of running stealth, there are none. A closed port is a closed port and no amount of cajoling from the outside will open it. Closed is closed.

    The value of a software firewall is that it allows some level of active control of outbound communications. While your router does filter all inbound traffic, there is basically no filtering of the outbound traffic (right now I'm ignoring some constraints you can build in, such as allowed times for LAN users and some content filtering, and so on - some routers also allow a fair amount more than this, but they can be a tad pricy).

    Typical software firewalls will generally allow you to specific whether communications can occur on a per application basis (application filtering). You can also specify allowed communications by ports/protocols/address/etc. In other words, the router blocks all unsolicited inbound communications, basically allows all outbound communications by default, does not know which application is involved in an outbound communication and therefore can't filter by application. With a software firewall you can provide a high level of filtering of what is allowed on the outbound side.

    Blue
     
  4. thenoble06

    thenoble06 Registered Member

    Joined:
    Aug 15, 2006
    Posts:
    25
    Brilliant answers - thanks guys.

    I take your points on board - and am installing Comodo as we speak.

    Thanks a lot :)

    Arran
     
  5. Seishin

    Seishin Registered Member

    Joined:
    Aug 2, 2006
    Posts:
    204
    Unless you decided to install a router with outbound capabilities, then forget the software type.

    Examples: Netopia R-Series, Fortinet Fortigate 60, Zyxel Zywall 70, SonicWall TZ 170, etc.

    But they aren't cheap, i.e. Fortigate 60 is priced at $995 and Zywall 70 falls beyond the $1000 tag o_O
     
  6. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Are you saying that software firewalls can be dispensed with by using a high-priced router firewall? If so, then this is a mistake since no router can provide the application-level control that even basic software firewalls offer - meaning that malware can easily bypass their outbound filtering just by making its communications appear like common traffic (e.g. webpage requests).
     
  7. beads

    beads Registered Member

    Joined:
    Jun 1, 2005
    Posts:
    49
    Gsec;

    Ouch! For that type of money I could buy a really stripped down Cisco PIX 501 (Not sure about the exact model that recently came out) with enough routing ability to do anything I'd need rather than a full ISR type router and have deep packet inspection to boot. We're talking about $400-500.00, here. And yes, it will filter/block in both directions.

    There are routers out there that do some decent to good firewalling but without the deep inspection. Depends on what you need it to do.

    As for running a software (personal firewall). Yeah, I think its safer and easier to change a small software firewall than working on a hardware based firewall. That is to say its a bit more 'nimble' to say the least.

    Just picking on Cisco because thats what I am most familiar with. There are many, many more but if my toes may be held to the coals - I'd rather have on good, thick boots.
     
  8. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    I think it pays to have some sort of outbound protection on your computer. If not a firewall then you could try something like appdefend or similar.
     
  9. Seishin

    Seishin Registered Member

    Joined:
    Aug 2, 2006
    Posts:
    204
    Duh! To my knowledge routers offer better inbound capabilities that software firewalls. This is new to me.

    Anyway I gave ill advice. Actually I use both NAT router and software firewall and that's what it should be as relying in one product alone is not enough. Always the onion approach to virtual security. The more layers the better.

    Cheers.
     
  10. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    It is not that inbound coverage from a router is better per se. Rather, a router offloads that portion of CPU activity from your PC, is not prone to user misconfiguration, and won't be compromised on a compromised system. That's better for most average users. For the advanced user, all aspects of control are more granular with a software firewall.
    More is not always better. Even when more layers are purposefully chosen, those layers may not necessarily be better. IMHO, it all comes down to basic functionality, avoidance of pure duplication, interoperability, and compatibility of the layers implimented. Even here, there are a lot of situational issues that should be assessed prior to moving on a specific path.

    Blue
     
Loading...
Thread Status:
Not open for further replies.