A Broadband and ADSL forum. BroadbanterBanter

Welcome to BroadbanterBanter.

You are currently viewing as a guest which gives you limited access to view most discussions and other FREE features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today.

Go Back   Home » BroadbanterBanter forum » Newsgroup Discussions » uk.telecom.broadband (UK broadband)
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

uk.telecom.broadband (UK broadband) (uk.telecom.broadband) Discussion of broadband services, technology and equipment as provided in the UK. Discussions of specific services based on ADSL, cable modems or other broadband technology are also on-topic. Advertising is not allowed.

Completely replace software firewall with hardware firewall?



 
 
Thread Tools Display Modes
  #1  
Old March 21st 05, 09:56 PM posted to ntl.discussion.broadband.cm,uk.telecom.broadband,alt.computer.security,comp.security.firewalls
Chet
external usenet poster
 
Posts: 3
Default Completely replace software firewall with hardware firewall?


"Sandi" wrote in message
...
Here in the UK, I am on NTL cable and have just one PC attached.


QUESTION ONE: If I buy a hardware firewall then will it completely
replace the need for me to have a software firewall? That would save
me some headaches!


If you have an hardware firewall then there is no need for a second software
firewall, this only causes issues with some routing packets


QUESTION TWO: I might get a second PC and want to attach both PCs to
the cable network at the same time. I have heard I can do it with a
box which includes a hardware firewall as well as some other
functions. But exactly what sort of box is it that I would need?
Any suggestions about recommended hardware devices would be welcome.



Personally I would recommend one of the Edimax Routers, but I'm sure others
will also point out the Linksys and Netgear broadband ranges too


  #2  
Old March 21st 05, 10:05 PM posted to ntl.discussion.broadband.cm,uk.telecom.broadband,alt.computer.security,comp.security.firewalls
Nat Stott
external usenet poster
 
Posts: 18
Default Completely replace software firewall with hardware firewall?

QUESTION ONE: If I buy a hardware firewall then will it completely
replace the need for me to have a software firewall? That would save
me some headaches!


If you have an hardware firewall then there is no need for a second

software
firewall, this only causes issues with some routing packets


But a hardware firewall can't distinguish between packets you've requested,
and packets a virus has requested.




  #3  
Old March 21st 05, 10:15 PM posted to ntl.discussion.broadband.cm,uk.telecom.broadband,alt.computer.security,comp.security.firewalls
Chet
external usenet poster
 
Posts: 3
Default Completely replace software firewall with hardware firewall?


"Nat Stott" wrote in message
...
QUESTION ONE: If I buy a hardware firewall then will it completely
replace the need for me to have a software firewall? That would save
me some headaches!


If you have an hardware firewall then there is no need for a second

software
firewall, this only causes issues with some routing packets


But a hardware firewall can't distinguish between packets you've

requested,
and packets a virus has requested.

Agreed, but all virus are caught by you AV software I would have thought
thus not sending out any packets, there is no use sticking a firewall in
front of you network if you do not have any AV software running locally


  #4  
Old March 21st 05, 10:32 PM posted to ntl.discussion.broadband.cm,uk.telecom.broadband,alt.computer.security,comp.security.firewalls
Andrew Norman
external usenet poster
 
Posts: 96
Default Completely replace software firewall with hardware firewall?

On Mon, 21 Mar 2005 22:15:12 GMT, "Chet" wrote:

"Nat Stott" wrote in message
...
QUESTION ONE: If I buy a hardware firewall then will it completely
replace the need for me to have a software firewall? That would save
me some headaches!

If you have an hardware firewall then there is no need for a second

software
firewall, this only causes issues with some routing packets


But a hardware firewall can't distinguish between packets you've

requested,
and packets a virus has requested.

Agreed, but all virus are caught by you AV software I would have thought


AV software can only catch viruses/tojans it already knows about. So a
software firewall can still serve a purpose in stopping outgoing
traffic if you get infected by something your AV software doesn't know
about yet.

Unfortunately the sort of people who manage to install viruses and
trojans are the same people that will probably just click "allow" when
the software firewall spots something fishy going on....

thus not sending out any packets, there is no use sticking a firewall in
front of you network if you do not have any AV software running locally

--
Andy Norman
http://www.norman.cx/
Replace the fish with my first name to reply
  #5  
Old March 21st 05, 11:25 PM posted to ntl.discussion.broadband.cm,uk.telecom.broadband,alt.computer.security,comp.security.firewalls
Eirik Seim
external usenet poster
 
Posts: 1
Default Completely replace software firewall with hardware firewall?

On Mon, 21 Mar 2005 22:32:08 +0000, Andrew Norman wrote:
On Mon, 21 Mar 2005 22:15:12 GMT, "Chet" wrote:

"Nat Stott" wrote in message
...
QUESTION ONE: If I buy a hardware firewall then will it completely
replace the need for me to have a software firewall? That would save
me some headaches!

If you have an hardware firewall then there is no need for a second
software
firewall, this only causes issues with some routing packets


But a hardware firewall can't distinguish between packets you've
requested,
and packets a virus has requested.

Agreed, but all virus are caught by you AV software I would have thought


AV software can only catch viruses/tojans it already knows about. So a
software firewall can still serve a purpose in stopping outgoing
traffic if you get infected by something your AV software doesn't know
about yet.

Unfortunately the sort of people who manage to install viruses and
trojans are the same people that will probably just click "allow" when
the software firewall spots something fishy going on....


They won't have to. The virus needs only to add the ~20 lines of
code needed to click the "allow" button itself. There is no way
a personal firewall will protect a compromised system as long as
it allows user interaction and/or does not run with higher privs
than the virus can obtain.


- Eirik
--
New and exciting signature!

  #6  
Old March 22nd 05, 02:02 AM posted to ntl.discussion.broadband.cm,uk.telecom.broadband,alt.computer.security,comp.security.firewalls
Ian JP Kenefick
external usenet poster
 
Posts: 5
Default Completely replace software firewall with hardware firewall?

On Mon, 21 Mar 2005 21:56:13 GMT, "Chet" wrote:

If you have an hardware firewall then there is no need for a second software
firewall, this only causes issues with some routing packets


That's bull****. It doesn't cause issues with routing of packets
whatsoever. A hardware firewall offers inbound protection. A software
firewall offers both inbound and outbound protection. A combination of
both is the optimal arrangement.

--

Regards,
Ian Kenefick
Got a virus?
Go to www.ik-cs.com 'Got a virus?'
  #7  
Old March 22nd 05, 03:09 AM posted to ntl.discussion.broadband.cm,uk.telecom.broadband,alt.computer.security,comp.security.firewalls
Duane Arnold
external usenet poster
 
Posts: 14
Default Completely replace software firewall with hardware firewall?

Ian JP Kenefick wrote in
:

On Mon, 21 Mar 2005 21:56:13 GMT, "Chet" wrote:

If you have an hardware firewall then there is no need for a second
software firewall, this only causes issues with some routing packets


That's bull****. It doesn't cause issues with routing of packets
whatsoever. A hardware firewall offers inbound protection.


A NAT router with (no FW) only provides inbound protection with no outbound
protection.

You'll notice the part (is not a real FW but good enough).

http://www.homenethelp.com/web/explain/about-NAT.asp

A software
firewall offers both inbound and outbound protection. A combination of
both is the optimal arrangement.


Well, so does a FW appliance with a (true/real) FW that can stop inbound or
outbound traffic by port, protocol or IP and is better than a NAT router
supplemented with a PFW solution running on a machine, IMHO. If one has a
FW appliance, one doesn't need the combination of a NAT (no FW) router and
a PFW solution. And one doesn't need a PFW solution.

(What does a FW do) software or FW appliance?

http://www.vicomsoft.com/knowledge/r...irewalls1.html

Duane
  #8  
Old March 22nd 05, 04:32 AM posted to ntl.discussion.broadband.cm,uk.telecom.broadband
Ian JP Kenefick
external usenet poster
 
Posts: 5
Default Completely replace software firewall with hardware firewall?

On Tue, 22 Mar 2005 03:09:23 GMT, Duane Arnold
wrote:

A software
firewall offers both inbound and outbound protection. A combination of
both is the optimal arrangement.


Well, so does a FW appliance with a (true/real) FW that can stop inbound or
outbound traffic by port, protocol or IP and is better than a NAT router
supplemented with a PFW solution running on a machine, IMHO. If one has a
FW appliance, one doesn't need the combination of a NAT (no FW) router and
a PFW solution. And one doesn't need a PFW solution.


Yes, but a hardware solution cannot offer in/out-bound application
level protection. A modified dll by an unknown virus would bypass AV
and hardware firewall. A personal firewall would detect the
modification and allow you to block it pending further investigation.
Hardware based solution cannot enforce this.

--

Regards,
Ian Kenefick
Got a virus?
Go to www.ik-cs.com 'Got a virus?'
  #9  
Old March 22nd 05, 07:32 AM posted to ntl.discussion.broadband.cm,uk.telecom.broadband,alt.computer.security,comp.security.firewalls
Andrew Norman
external usenet poster
 
Posts: 96
Default Completely replace software firewall with hardware firewall?

On 21 Mar 2005 23:25:02 GMT, Eirik Seim wrote:

Unfortunately the sort of people who manage to install viruses and
trojans are the same people that will probably just click "allow" when
the software firewall spots something fishy going on....


They won't have to. The virus needs only to add the ~20 lines of
code needed to click the "allow" button itself. There is no way
a personal firewall will protect a compromised system as long as
it allows user interaction and/or does not run with higher privs
than the virus can obtain.


Good point, but you can setup most of the software firewalls so that
you have to enter a password to change the allow/disallow rules.
--
Andy Norman
http://www.norman.cx/
Replace the fish with my first name to reply
  #10  
Old March 22nd 05, 01:56 PM posted to ntl.discussion.broadband.cm,uk.telecom.broadband,alt.computer.security,comp.security.firewalls
Ian JP Kenefick
external usenet poster
 
Posts: 5
Default Completely replace software firewall with hardware firewall?

On Tue, 22 Mar 2005 11:57:29 GMT, Leythos wrote:


Hardware (Appliances) Firewalls offer inbound and outbound protection,
they do not offer application protection. NAT Routers are NOT FIREWALLS!


WHO ever SAID they WERE?

--

Regards,
Ian Kenefick
Got a virus?
Go to www.ik-cs.com 'Got a virus?'
 




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Is firewall software still needed? Mutley uk.telecom.broadband (UK broadband) 43 January 15th 05 06:25 PM
Best Firewall LoSalt \(UK\) uk.telecom.broadband (UK broadband) 67 January 5th 05 06:25 AM
Best Firewall software - Outpost or Zonealarm zero uk.telecom.broadband (UK broadband) 7 February 16th 04 04:10 PM
Win XP firewall John Edgar uk.telecom.broadband (UK broadband) 13 September 16th 03 10:28 AM
Does my hardware firewall need to be PPPoA ? solaris9000 uk.telecom.broadband (UK broadband) 1 September 12th 03 12:53 PM


All times are GMT +1. The time now is 11:38 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.Content Relevant URLs by vBSEO 2.4.0
Copyright 2004-2019 BroadbanterBanter.
The comments are property of their posters.