Firewall suggestions...and Why do I need one,again?

OK,I finally accessed all the info about my wireless router...d-link,DI-524...I see how to activate filters for keyword URL blocking and domain blocking.More advanced settings called "Firewall Rules" are contained in the manual (wha?? I thought I was looking at the manual) and DMZ.

In addition to the Router,I have enabled my Windows firewall ( XP ),which was shut off (probably turned off by the previous McAfee program).

OK,so I have 2 firewalls now...sew...why do I need them,and what should I do with them,and what are they doing for me???
 
OK,so I have 2 firewalls now...sew...why do I need them,and what should I do with them,and what are they doing for me???

Firstly - let me try and clear a few things up.
Don't use two firewalls, that is a bad idea.
This is true when we're talking about two software firewalls on the same machine, they'll more than likely conflict with each other and the possible minute advantage that one program may catch what another lets through is so small it's not worth considering.
However, if we're talking about a hardware firewall, be it a dedicated unit or (more likely) one built into your router, and a software firewall (such as the default XP firewall) working together then there's no issues with this whatsoever, and it's a smart idea to enable both.

So what do they do?

The hardware firewall in your router will most likely just examine packets coming into your network. Some of the stand alone expensive ones will actually monitor and block traffic going through the network internally as well, but this tends to be overkill for the home user. Anyway, it'll look at the headers of these packets and determine based on their content whether to let them through or not by a number of pre-defined rules. If the packet is a reply to a HTTP request from google.com for example, it'll almost definitely be let through. If it's from an unknown IP and is a seemingly random request trying to reach all computers on the network on a port that's not being used, it'll almost definitely be blocked. Those are two rather loose examples but roughly speaking, they're what hardware firewalls do - it's in a way your first line of defence. Whilst software firewalls will often block similar requests to hardware ones anyway, a hardware one will:
a) stop malicious traffic ever getting into the network in the first place, which is always better practice than letting it get all the way to the PC
b) stop (or should help prevent) individual machines becoming overloaded and slowing down stupidly as a result of lots of malicious packets
c) not be at risk (or have a very low risk) of becoming infected in a way that stops the firewall working. With PCs, software firewalls and dodgy browsing this can often be the case...

Software firewalls have a number of differences, and can perform extra functions that hardware firewalls can't. Because they're on machines, they can be far more specific (i.e. go down as far as saying what applications are specifically allowed to receive and send data on what ports, how much data, sometimes even when they're allowed to send it etc.) than a hardware firewall. They can also monitor malicious traffic going out from the individual PC so that if one PC gets affected, it can at least help to make sure malware and backdoors on a single PC don't bring the whole network down.

So do you need them? A bit worryingly, the consencus above seems to be that "as long as you browse conservatively, you don't." This really isn't true... whilst it HELPS to browse with care and is true on the antivirus front, don't be fooled - anyone can mount an attack on you whether your careful with browsing or not, they could know your IP, stumble across it randomly or find it out somewhere. And if they do and you're completely unprotected... it doesn't help how "nicely" you browse! In fairness, specific targetted attacks are increasingly rare so the above isn't totally false. If you download a virus onto your PC through browsing sillily and don't have a software firewall then said virus can and probably will spread itself far and wide, and having one will at least partly help with this. Just don't go away thinking you're completely safe if you haven't got one - I'd personally recommend leaving the windows one enabled if nothing else!

And that brings me to another point, how is one firewall better than another? It used to be the case that free or built in software firewalls (such as XPs firewall years back) didn't monitor outgoing traffic, and as such people recommended installing a 3rd party firewall that did for better protection. These days though it's really not necessary for most users. The general thing you'll get by paying more, or at all these days, is far more customisation potential - and that's what means heightened security because you can really drill down and filter loads of that bad traffic out that might have escaped a general built in rule. With hardware firewalls you do get a lot more in terms of reliability and throughput as well, especially with regard to DDOS attacks. That's a whole different ball game though!

So yeah - you should have a firewall. But if you just enable your default hardware firewall and the default XP one these days, you should be fine :)
 
Firstly - let me try and clear a few things up.

This is true when we're talking about two software firewalls on the same machine, they'll more than likely conflict with each other and the possible minute advantage that one program may catch what another lets through is so small it's not worth considering.
However, if we're talking about a hardware firewall, be it a dedicated unit or (more likely) one built into your router, and a software firewall (such as the default XP firewall) working together then there's no issues with this whatsoever, and it's a smart idea to enable both.

So what do they do?

The hardware firewall in your router will most likely just examine packets coming into your network. Some of the stand alone expensive ones will actually monitor and block traffic going through the network internally as well, but this tends to be overkill for the home user. Anyway, it'll look at the headers of these packets and determine based on their content whether to let them through or not by a number of pre-defined rules. If the packet is a reply to a HTTP request from google.com for example, it'll almost definitely be let through. If it's from an unknown IP and is a seemingly random request trying to reach all computers on the network on a port that's not being used, it'll almost definitely be blocked. Those are two rather loose examples but roughly speaking, they're what hardware firewalls do - it's in a way your first line of defence. Whilst software firewalls will often block similar requests to hardware ones anyway, a hardware one will:
a) stop malicious traffic ever getting into the network in the first place, which is always better practice than letting it get all the way to the PC
b) stop (or should help prevent) individual machines becoming overloaded and slowing down stupidly as a result of lots of malicious packets
c) not be at risk (or have a very low risk) of becoming infected in a way that stops the firewall working. With PCs, software firewalls and dodgy browsing this can often be the case...

Software firewalls have a number of differences, and can perform extra functions that hardware firewalls can't. Because they're on machines, they can be far more specific (i.e. go down as far as saying what applications are specifically allowed to receive and send data on what ports, how much data, sometimes even when they're allowed to send it etc.) than a hardware firewall. They can also monitor malicious traffic going out from the individual PC so that if one PC gets affected, it can at least help to make sure malware and backdoors on a single PC don't bring the whole network down.

So do you need them? A bit worryingly, the consencus above seems to be that "as long as you browse conservatively, you don't." This really isn't true... whilst it HELPS to browse with care and is true on the antivirus front, don't be fooled - anyone can mount an attack on you whether your careful with browsing or not, they could know your IP, stumble across it randomly or find it out somewhere. And if they do and you're completely unprotected... it doesn't help how "nicely" you browse! In fairness, specific targetted attacks are increasingly rare so the above isn't totally false. If you download a virus onto your PC through browsing sillily and don't have a software firewall then said virus can and probably will spread itself far and wide, and having one will at least partly help with this. Just don't go away thinking you're completely safe if you haven't got one - I'd personally recommend leaving the windows one enabled if nothing else!

And that brings me to another point, how is one firewall better than another? It used to be the case that free or built in software firewalls (such as XPs firewall years back) didn't monitor outgoing traffic, and as such people recommended installing a 3rd party firewall that did for better protection. These days though it's really not necessary for most users. The general thing you'll get by paying more, or at all these days, is far more customisation potential - and that's what means heightened security because you can really drill down and filter loads of that bad traffic out that might have escaped a general built in rule. With hardware firewalls you do get a lot more in terms of reliability and throughput as well, especially with regard to DDOS attacks. That's a whole different ball game though!

So yeah - you should have a firewall. But if you just enable your default hardware firewall and the default XP one these days, you should be fine :)

What he siad.... :p
 
Firstly - let me try and clear a few things up.

This is true when we're talking about two software firewalls on the same machine, they'll more than likely conflict

So what do they do?

The hardware firewall in your router will

a) stop malicious traffic ever getting into the network in the first place, which is always better practice than letting it get all the way to the PC
b) stop (or should help prevent) individual machines becoming overloaded and slowing down stupidly as a result of lots of malicious packets
c) not be at risk (or have a very low risk) of becoming infected in a way that stops the firewall working. With PCs, software firewalls and dodgy browsing this can often be the case...

Software firewalls have a number of differences, and can perform extra functions that hardware firewalls can't. Because they're on machines, they can be far more specific (i.e. go down as far as saying what applications are specifically allowed to receive and send data on what ports, how much data, sometimes even when they're allowed to send it etc.) than a hardware firewall. They can also monitor malicious traffic going out from the individual PC so that if one PC gets affected, it can at least help to make sure malware and backdoors on a single PC don't bring the whole network down.

So do you need them?

So yeah - you should have a firewall. But if you just enable your default hardware firewall and the default XP one these days, you should be fine :)


Thanks Berry for the well detailed explanation.The way you suggest is the way I have it set now.
 
Back
Top Bottom