Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
Windows firewall should be disabled and you should install a router between your PC and the internet, that will be the best firewall.
Really bad advice. That leaves your PC open to attack from other computers on your home network, or if your PC is a laptop, open to attack from other computers at work, or on the wireless network at Starbucks or the airport, etc. Also, a software firewall can alert you to unauthorized outgoing traffic, which can occur when your PC is infected by virus, and alert you if any of your other PCs are infected, by making you aware of unauthorized incoming traffic.
Really bad advice. That leaves your PC open to attack from other computers on your home network, or if your PC is a laptop, open to attack from other computers at work, or on the wireless network at Starbucks or the airport, etc. Also, a software firewall can alert you to unauthorized outgoing traffic, which can occur when your PC is infected by virus, and alert you if any of your other PCs are infected, by making you aware of unauthorized incoming traffic.
Really now? Please describe these "attacks" that would originate from the LAN, and how they would compromise a PC, since they must know the administrator password of the PC.
Programs are easily able to add themselves as exceptions in windows firewall, rendering it useless to protect against viruses. A hardware firewall (AKA router) is the only sure way to know what traffic is permitted.
Be sure to turn off UPNP on the router, and you're set.
Really now? Please describe these "attacks" that would originate from the LAN, and how they would compromise a PC, since they must know the administrator password of the PC.
Hardly. Seriously, are you really that uninformed? Ever heard of the Windows DCOM RPC vulnerability, and all the viruses that exploited it (all the variants of Blaster)? All it took was one carefully crafted packet sent to port 135, on an unpatched system, and poof, your system was compromised.
Quote:
Programs are easily able to add themselves as exceptions in windows firewall, rendering it useless to protect against viruses.
True, but most security suites include a replacement for the Windows firewall, meaning a program would have to know how to add an exception or disable many different software firewalls. Your post claims no additional protection is needed once you're hiding behind a router, which is bad advice.
Quote:
A hardware firewall (AKA router) is the only sure way to know what traffic is permitted.
A router is hardly the same thing as a firewall, although firewalling is a function that a router can provide, especially the routers for home networking that support NAT (I've never seen one that didn't). The NAT function itself is what provides most or all of the firewall function, though some of the premium home routers have SPI (stateful packet inspection) as well.
A router for home use with NAT, plus a software firewall on each of your PCs is a belt and suspender approach to security. If one fails the other is still working for you.
Have to agree with dougstech, hardware firewall is the best bet.
Ahhh the keywords "unpatched system" If the home user is running an unpatched system what makes you think their software firewall/AV/whatever software is up-to-date and capable of stopping one of the current threats?
As far as the laptop at work, most corporations don't allow personal systems on the corporate lan/wan for obvious reasons.... and personally I don't allow people I don't know access on my lan.
"and alert you if any of your other PCs are infected, by making you aware of unauthorized incoming traffic."
Oh really???? again, please describe the attacks on the local lan..... You saying hacked into the local lan? Hmmmmm using WEP instead of WPA/WPA2??? Using a crackable admin password on the router? using a router with no manageable functions?
I'd love to see the average home user set up NAT tables......
Hardware firewall is a must. But it is also in your best interest to use a software firewall. You can use Windows Firewall or another such as Norton or whatever your prefer. A software firewall comes into play when your computer has been compromised by other means. This could be anything from a malicious user to a USB thumb drive. Accidents do happen and this is just extra protection.
Also, it's just a matter of time before WPA2 is practically able to be cracked. It has already been cracked, but it's just not practical yet.
Oh really???? again, please describe the attacks on the local lan..... You saying hacked into the local lan? Hmmmmm using WEP instead of WPA/WPA2??? Using a crackable admin password on the router? using a router with no manageable functions?
Let me give you an obvious example, since your small mind seems incapable of thinking of one.
User takes their laptop to Starbucks and connects to the wireless. Now any other user connected to the same access point can port scan their system, and without a software firewall, any vulnerabilities in their system are exposed.
Those of you who think a hardware firewall alone is sufficient must only own a single computer, and never leave home. We don't all live in trailer parks.
Let me give you an obvious example, since your small mind seems incapable of thinking of one.
User takes their laptop to Starbucks and connects to the wireless. Now any other user connected to the same access point can port scan their system, and without a software firewall, any vulnerabilities in their system are exposed.
Those of you who think a hardware firewall alone is sufficient must only own a single computer, and never leave home. We don't all live in trailer parks.
If his windows is patched and up to date, he is fine. When he goes to the wireless hotspot and connects, a box will popup. Choose "public", and all methods of remotely accessing the system are disabled for that connection.
If his windows is patched and up to date, he is fine. When he goes to the wireless hotspot and connects, a box will popup. Choose "public", and all methods of remotely accessing the system are disabled for that connection.
And you are assuming the average user knows and understands this. Bad assumption.
Windows patched and up to date? I shudder to think how many laptops and PCs are out there that fall short of this dream.
Telling users that come here for sound advice to shut off their MS firewall and rely solely on their router, with no other software running, is negligent.
My advice to anyone reading this forum is ignore what this person is telling you.
Please register to post and access all features of our very popular forum. It is free and quick. Over $68,000 in prizes has already been given out to active posters on our forum. Additional giveaways are planned.
Detailed information about all U.S. cities, counties, and zip codes on our site: City-data.com.
Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
