September 20th, 2001, 04:09 AM
Batter up !!
If one has the firewall security provided by a configured router, is there any benefit to running additional software; filters, and the like ...?
September 20th, 2001, 04:16 AM
Somewhat. Some routers have bugs in them, like the Ascend router problems. It wouldn't be totally wasted protection, no. I wouldn't depend on a router too much.
Also, a router can't tell which program on your computer does what, so if you want to filter access based on the program, you need something independent. (Like ZoneAlarm or Tiny Personal Firewall.)
[HvC]Terr: L33T Technical Proficiency
September 20th, 2001, 04:18 AM
re: soft or hard ...
Thanx so much for the on the money reply there Terr - Too Good !!!
September 20th, 2001, 07:23 AM
I would be against router-only solutions because I don't believe they maintain state. I only say this since we use both inbound and outbound ACLs, which require me to write two rules.
For instance: (syntax could be slightly off)
permit tcp host a.b.c.d w.x.y.z eq 80 (inbound)
permit tcp host w.x.y.z eq 80 a.b.c.d established (outbound)
(inbound/outbound in relation to the routers perspective)
If it was maintaining state, I wouldn't imagine that I would need the established rule since a state touble would know that I had initially initiated a request to the w.x.y.z address.
Please don't hold me to that just yet, but I plan on trying to spoof a packet through one our routers next week to see if it show up in our firewall logs.
Some people say never, I just say no.
January 2nd, 2004, 05:11 PM
So do you sugest that we use a router and a firewall?
January 2nd, 2004, 05:15 PM
You really shouldnt bump up threads this old. I doubt B-Man has posted in the like years that have passed since he posted that. Try making a new thread with your query.
January 2nd, 2004, 06:23 PM
For MrFatal......Yes, router and firewall. Thats whats called layered security. Depends on what you're defending really. If its private data that is confidential (like banks, law firms, ect...) you will have that approach, where if its just a home computer, just a firewall or just a filtering router will do.
January 3rd, 2004, 02:04 AM
Thank you. I am sorry about posting in such an old topic. I see what you mean about it not being the best place to ask a question.
In the future i will just start up the question again.