:cool: If one has the firewall security provided by a configured router, is there any benefit to running additional software; filters, and the like ...?
Printable View
:cool: If one has the firewall security provided by a configured router, is there any benefit to running additional software; filters, and the like ...?
Somewhat. Some routers have bugs in them, like the Ascend router problems. It wouldn't be totally wasted protection, no. I wouldn't depend on a router too much.
Also, a router can't tell which program on your computer does what, so if you want to filter access based on the program, you need something independent. (Like ZoneAlarm or Tiny Personal Firewall.)
Thanx so much for the on the money reply there Terr - Too Good !!!:D
I would be against router-only solutions because I don't believe they maintain state. I only say this since we use both inbound and outbound ACLs, which require me to write two rules.
For instance: (syntax could be slightly off)
permit tcp host a.b.c.d w.x.y.z eq 80 (inbound)
permit tcp host w.x.y.z eq 80 a.b.c.d established (outbound)
(inbound/outbound in relation to the routers perspective)
If it was maintaining state, I wouldn't imagine that I would need the established rule since a state touble would know that I had initially initiated a request to the w.x.y.z address.
Please don't hold me to that just yet, but I plan on trying to spoof a packet through one our routers next week to see if it show up in our firewall logs.
B-Man
So do you sugest that we use a router and a firewall?
You really shouldnt bump up threads this old. I doubt B-Man has posted in the like years that have passed since he posted that. Try making a new thread with your query.
For MrFatal......Yes, router and firewall. Thats whats called layered security. Depends on what you're defending really. If its private data that is confidential (like banks, law firms, ect...) you will have that approach, where if its just a home computer, just a firewall or just a filtering router will do.
Thank you. I am sorry about posting in such an old topic. I see what you mean about it not being the best place to ask a question.
In the future i will just start up the question again.