Do I really need a firewall on ALL my computers?

  • Thread starter Thread starter Guest
  • Start date Start date
Toggle sidebar Toggle sidebar
G

Guest

Guest
Archived from groups: comp.security.firewalls (More info?)

Okay, here is my setup. I have a small home network with one computer
serving as the NAT router (using WinXP ICS) and I am also running a
software firewall on that computer (Norton). Shields UP and other scanning
sites show all ports stealthed, so I feel pretty good on that front.

Now with that going on, it seems to me that the only reason I need a
firewall running on the other computers on the LAN (which are behind the
fairly well protected router computer) is to monitor for outgoing
communications (to catch a possible trojan, for example). Of course, I also
know that I need good virus protection, but here I am just wondering about
firewall.

Now, if I am right about that, then I would want to find the simplest
firewall with the smallest footprint that offers good outgoing monitoring.

So, would the experts please pipe in and tell if I am right or wrong in my
assessment. And if I am right, please recommend the smallest footprint
firewall you know that will do the trick.

TIA for your advice.

James
 
Archived from groups: comp.security.firewalls (More info?)

James Bond <jbond@ue.com> wrote in
news:Xns94D5180273852jbonduecom@216.168.3.44:

> Okay, here is my setup. I have a small home network with one computer
> serving as the NAT router (using WinXP ICS) and I am also running a
> software firewall on that computer (Norton). Shields UP and other
> scanning sites show all ports stealthed, so I feel pretty good on that
> front.

As long as the ports are closed is the important part. And passing that
stealth tests means nothing. You want the machine or machines to be
stealthed, and then put the machines behind a NAT router, because the
scans and attacks will never reach the machines behind the router so
that the O/S and the FW will react.


>
> Now with that going on, it seems to me that the only reason I need a
> firewall running on the other computers on the LAN (which are behind
> the fairly well protected router computer) is to monitor for outgoing
> communications (to catch a possible trojan, for example). Of course, I
> also know that I need good virus protection, but here I am just
> wondering about firewall.

There is no such thing as fairly well protected. Currently, a Trojan or
spyware on the machine can beat ICF to the TPC/IP connection at system
boot. I would say that malware can beat any third party PW solution at
boot, because the FW is not integrated with the O/S. In addition,
malware can easily circumvent and defeat any solution that has
application control, although the SP2 FW for XP will have app control and
the FW is suppose to be getting to the TCP/IP first.

As long as the machine is up 24/7, then app control is affective in a FW
solution; otherwise IMHO it's kind of useless.

>
> Now, if I am right about that, then I would want to find the simplest
> firewall with the smallest footprint that offers good outgoing
> monitoring.
>
> So, would the experts please pipe in and tell if I am right or wrong
> in my assessment. And if I am right, please recommend the smallest
> footprint firewall you know that will do the trick.
>
Yeah, use can use a NAT router as the gateway device for the LAN and
WAN, if you have no reason preventing you from using a router. The
router is the better protection on unsolicited inbound traffic to the
network. A router such a Linksys BEF model router can use the (free)
Wallwatcher and you can review inbound and outbound traffic on the
network to and from the machines. The router will cost you as much as
paying for a third party FW solution on the machines.

http://www.homenethelp.com/web/explain/about-NAT.asp

However, a NAT router for home usage cannot stop outbound, since it is
not a FW appliance. So, you may need to protect on outbound, if needed
and IPsec can provide it on the Win 2K and XP O/S(s), along with
stopping inbound as well. IPsec can also get to the TCP/IP first, since
it is integrated into the O/S. Or you can use a third party FW solution
to stop outbound or inbound on a port and I am not talking about
application control.

http://www.petri.co.il/block_ping_traffic_with_ipsec.htm
http://www.analogx.com/contents/articles/ipsec.htm

You may want to use some of the tools mentioned in the link and not
depend solely upon some personal FW solution to tell you what is
happening on the network or a machine on the network. You should look for
youself from time to time with other tools, like putting Active Ports in
the Start folder to watch connections at boot.

http://www.windowsecurity.com/articles/Hidden_Backdoors_Trojan_Horses_and
_Rootkit_Tools_in_a_Windows_Environment.html

Duane :)
 
Archived from groups: comp.security.firewalls (More info?)

James Bond <jbond@ue.com> wrote in
news:Xns94D5180273852jbonduecom@216.168.3.44:

> Okay, here is my setup. I have a small home network with one computer
> serving as the NAT router (using WinXP ICS) and I am also running a
> software firewall on that computer (Norton). Shields UP and other
> scanning sites show all ports stealthed, so I feel pretty good on that
> front.
>
> Now with that going on, it seems to me that the only reason I need a
> firewall running on the other computers on the LAN (which are behind
> the fairly well protected router computer) is to monitor for outgoing
> communications (to catch a possible trojan, for example). Of course, I
> also know that I need good virus protection, but here I am just
> wondering about firewall.
>
> Now, if I am right about that, then I would want to find the simplest
> firewall with the smallest footprint that offers good outgoing
> monitoring.
>
> So, would the experts please pipe in and tell if I am right or wrong
> in my assessment. And if I am right, please recommend the smallest
> footprint firewall you know that will do the trick.
>
> TIA for your advice.

If you are using the Windows Internet Connection Sharing (ICS - not the
ICS firewall of WinXP that some people here get this confused with), then
the Norton PF you have on the ICS host computer, does provide incoming
protection to all your ICS using computers. In fact, the client
computers have no inbound protection from having a software firewall of
their own. But, as you already know, that software firewall on the host
only provides outgoing protection to the host computer itself. If you
want outbound control on the client computers, they do need to have their
own firewall. Although software firewalls are not perfect, they are a
needed layer in your defense (in my opinion - I am no expert).

--
Tom McCune
My PGP Page & FAQ: http://www.McCune.cc/PGP.htm
 
Archived from groups: comp.security.firewalls (More info?)

The simplest way would be to test your theory by leaving the others
unprotected. There is a lot of paranoia about hackers, cracker and other
I-net vermin. Its kind like telling your son or daughter that they can do
everything except ... Whatever "except" is, will be the thing they want to
do most! Once you firewall and anti-virus everything, it just makes it more
attractive to seek, gain entry...since obviously there must be something
interesting behind those locked and bolted passages.
"James Bond" <jbond@ue.com> wrote in message
news:Xns94D5180273852jbonduecom@216.168.3.44...
> Okay, here is my setup. I have a small home network with one computer
> serving as the NAT router (using WinXP ICS) and I am also running a
> software firewall on that computer (Norton). Shields UP and other
scanning
> sites show all ports stealthed, so I feel pretty good on that front.
>
> Now with that going on, it seems to me that the only reason I need a
> firewall running on the other computers on the LAN (which are behind the
> fairly well protected router computer) is to monitor for outgoing
> communications (to catch a possible trojan, for example). Of course, I
also
> know that I need good virus protection, but here I am just wondering about
> firewall.
>
> Now, if I am right about that, then I would want to find the simplest
> firewall with the smallest footprint that offers good outgoing monitoring.
>
> So, would the experts please pipe in and tell if I am right or wrong in my
> assessment. And if I am right, please recommend the smallest footprint
> firewall you know that will do the trick.
>
> TIA for your advice.
>
> James


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.663 / Virus Database: 426 - Release Date: 4/20/2004
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom