Physical firewall???
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Physical firewall???

  1. #1
    Junior Member
    Join Date
    May 2003
    Posts
    26

    Physical firewall???

    I know that this has probably been asked many times before, but i'm still going to ask it again...
    My friend heard somethign about, the only way to "really" protect your computer is to have physical firewall. now i know they exsist, but what i dont know is if they really do cost 4 grand and if they really are the only "real" way to protect your computer. so, is it better to have a software firewall or a physical firewall? i guess that is the real question. I guess there is still a lil doubt in me that there really are physical firewalls, so if you could confirm that too, that would be great!

    thanks for your help all!
    Once to every man and nation, Comes the moment to decide, In the strife of Truth with Falsehood, For the good or evil side. Then it is the brave man chooses
    While the coward stands aside. James Russell Lowell


  2. #2
    Banned
    Join Date
    May 2003
    Posts
    1,004
    "Physical Firewall" like "Hardware Firewall" are incorrect terminology, the proper term is "Dedicated Firewall" that is a system that does nothing but act as a firewall. Frequently these run on minimalistic systems with operating systems not seen beyond this niche if not specifically created for it.

    Basically all firewalls are software. (with the possible exception of some very targeted/research projects)

    A firewall is not the only "real" way to protect a system, in fact a good number of high security systems run no firewall at all. Heck all my systems run without firewalls.

    catch

  3. #3
    Junior Member
    Join Date
    May 2003
    Posts
    26
    So what do you suggest is the best way or protecting your system if your not going to use a firewall? thx for your hel
    Once to every man and nation, Comes the moment to decide, In the strife of Truth with Falsehood, For the good or evil side. Then it is the brave man chooses
    While the coward stands aside. James Russell Lowell


  4. #4
    Member
    Join Date
    Jun 2003
    Posts
    57
    Ways to protect your box vary with OS.

    Assuming that you have Win XP, there are a number of services that you an disable, such as printer and file sharing, that can increase your level of security. A thorough list of these services, and different guidelines for those that you can safely disable can be found on BlackViper's services page.

    In my case, when I'm running XP, I have minimal servics running, with NetBIOS, UPNP, file/print sharing all disabled. I have a dedicated hardware firewall with my router, and am running ZoneAlarm Pro as a software firewall, which helps protect others from junk that might come out of my PC if its infected by a trojan or the like.

    Additional security measures include creating strong passwords (a combination of letters, numbers, and unique symbols), Anti-Virus software, and running programs like AdAware, or Spybot S&D to remove ad and spyware.

    If I come across any other resources for locking down an XP box, I'll post them here. I know that I have .docs on my box that address the issue, but I have to find them.

    Corn

  5. #5
    Senior Member
    Join Date
    Mar 2002
    Posts
    442
    physical firewall = master lock pad lock on server room door

  6. #6
    Junior Member
    Join Date
    May 2003
    Posts
    26
    posted Today 05:17 PM
    (post #5)

    physical firewall = master lock pad lock on server room door

    -what does that mean? i'm new at all this, that is why i'm trying to learn as much as i can...i really appreciate all your help!
    Once to every man and nation, Comes the moment to decide, In the strife of Truth with Falsehood, For the good or evil side. Then it is the brave man chooses
    While the coward stands aside. James Russell Lowell


  7. #7
    Member
    Join Date
    Jun 2003
    Posts
    57
    physical firewall = master lock pad lock on server room door

    -what does that mean? i'm new at all this, that is why i'm trying to learn as much as i can...i really appreciate all your help!
    What he means is that a "physical firewall" would be simply placing a large lock on the door where your server is hosted, keeping people from walking into the room.

  8. #8
    Junior Member
    Join Date
    Mar 2003
    Posts
    6
    I'm going to go a bit out on a limb and say that what your friend was talking about is what is being sold as a hardware firewall, of a sort that is built into many routers. Netgear and Syslink are 2 that I know of offhand and they are configurable to some extent to help block garbage from your computer. There is some added security advantage to using one in that a router will "buffer" your computer by chaining 2 IP addresses (1 for the comp and 1 for the router). I realize that I'm putting this a bit simplistically but this is the way I understand it. Needless to say, you should take anything you're told and double check it by doing a bit of research. That's why I've given you the 2 manufacturers names above. ABSOLUTELY, DON'T RELY TOTALLY ON WHAT SOMEONE TELLS YOU! Check things out for yourself. Good luck.
    L

  9. #9
    Junior Member
    Join Date
    May 2003
    Posts
    26
    thanks for your help all! you have done a great job, and i knew you would. that is why i came to yall!

    thx again!
    Once to every man and nation, Comes the moment to decide, In the strife of Truth with Falsehood, For the good or evil side. Then it is the brave man chooses
    While the coward stands aside. James Russell Lowell


  10. #10
    Senior Member
    Join Date
    Jul 2003
    Posts
    114
    A dedicated firewall is neither necessary to achieve good security, nor is its mere presence sufficient to achieve good security. However, having a dedicated firewall can help you improve the security of a network.

    A dedicated firewall gives you an opportunity to improve your security in several ways:

    Central audit/control point
    This is the most popular reason that people use dedicated firewalls. It's much easier to keep all your security and access controls in one place. If you have a large network, it's inevitable that someone is going to have a highly unsecured machine. Having a dedicated firewall between that machine and the "bad guys" means that machine might not be immediately compromised. Unfortunately, this kind of thinking gets people in trouble. First of all, you probably want to let some traffic in. Having a super-cool firewall means little if your web server allows perfectly innocuous-looking requests to take control of the machine. Secondly, people tend to assume that the bad guys are all on the outside of the firewall. This ignores trojans, disgruntled employees, modems inside the firewall, virus infected floppy disks, etc. Lastly, this approach has limited applicability if your firewall is not secure. In response to IT manager's over-reliance on firewalls, many security experts tend to downplay their utility. This is just as foolish as treating them as magic bullets, for the reasons below.

    Defense in depth
    If you're running a network of Linux and Windows machines, for example, you can increase you security by putting them behind an OpenBSD - based firewall. This can mean that, in some cases, an attacker will have to break into 2 systems in order to compromise a system that you are trying to protect. Let's say that your Linux boxes have a built-in firewall, and you're using it. Now say that there's a vulnerability in that firewall that allows an attacker to bypass it. If that vulnerability does not exist in the dedicated firewall, then the attacker cannot exploit the Linux vulnerability.

    Dedicated firewall can be more secure than other machines
    One advantage of having a dedicated firewall is just that: it is a dedicated firewall. It doesn't need to have a web server, or allow ssh, or anything of the sort. It can just sit there in a locked room with a keyboard and monitor. Some firewalls don't even need an IP address. This makes them much more resistant to attack than other servers, which have this pesky habit of interacting with remote users. Many firewalls allow remote administration. This makes them more convenient, but less secure.

    So, if all the machines on your network are perfectly secure, there's no reason to have a firewall. Alternately, if your firewall is perfectly secure, and your machines are perfectly protected against back channels and subversive users, there's no reason to have them be secure. However, out here in the non-theoretical world, you really should have both.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •