Hello fellow Ford truck enthusiasts,

I was just wondering who might know anything about firewalls for computers. I've got an always on internet connection (cable via Road Runner) and I'm using Norton Internet Security (NIS). There are occasions where I can't access certain pages and it's just a royal PIA to setup all the rules to allow, not allow, block, don't block, etc.

I've been looking at a router as a hardware type of firewall from a company named 2wire. Staples has been running a sale on one called a home portal/residential gateway.

What I'd like to know is what are the pros/cons to each type of firewall be it software or hardware managed.

I'm thinking of upgrading my NIS to version 2003 but I'm just not sure if it's going to be any better. The other options are Zone Alarm software firewall and then there's the hardware version I mentioned, the router.

I'm fairly sure that with a router, I can have multiple computers on the same internet service without the requirement of having separate accounts since I think the router assigns it's own IP addresses to each computer connected and the router maintains the internet account from the Internet Service Provider (ISP).

Any one have any suggestions or comments, please help.

Home built Computer setup:

AMD Athlon 1.4 GHz
768 Mb Ram
Windows XP professional
Two harddrives, one 80 Gb, the other 20 Gb
DVD, CDRW burner, high speed CDROM
Lots of extras too.

Later,

~DM~

 

Most software firewalls can provide the same security as a hardware firewall. Depending upon the hardware, the big advantage is speed. Router hardware is designed for specific purposes and the higher end routers can do security/firewall functions either in hardware or with hardware assist. The hardware firewalls can therefore handle greater bandwidth loads. The low end routers are typically software implementations of the same, thus providing security without using cycles from your system.

As far as connecting multiple computers, yes, most routers allow that, but you can also do it with a PC and Windows. A PC can be configured as a gateway to the internet for other pc's. The drawback is all traffic will flow through that gateway PC. If I were setting up what you are looking at, I would use the LinkSys Wireless Gateway (I have a ThinkPad and work from Home).

I work for IBM and used to be in the Networking Hardware Development area. An just as a reference, IBM has a corporate license for firewall protection for IBM owned PCs and Laptops, Symantec Desktop Firewall for employees that have cable modem connections.

John

 

I was upgrading a server for a customer the other day when one of the employees started asking me questions about firewalls. The way I explained it to him was that a fire wallis sort of like a master controll to all the doors and windows (ports) into your house. You can have the best and most secure doors on your house and have them all locked down tight but then leave your Garage door wide open when you leave and sure enough someone will come in and mess with your stuff.

The bottom line is all firewalls, hardware or software will secure your PC but you have to configure them corectly and if you plan to have a firewall don't plan on using file sharing programs like Kazaa and Morphius becuase that's is like leaving a door wide open for hackers...

 

I have Roadrunner also, I use the Linksys cable/dsl router. It lets me network both computers to the same cable connection and the router itself is the only thing visible to the internet. Was very simple to install and configure. Plus, being hardware, it is one less program I have to run draining those valuable system resources and one less thing that screws up Windows.

 

Hardware firewalls are expensive and are usually used by enterprises with dozens or more computers.

Software firewalls are cheap and very effective. Sygate, Tiny, and ZoneAlarm even have free firewalls if they are for personal use.

A linksys router, as well as others, provides firewall-like security by using network address translation (NAT), which hides your computer or network from the internet.

A router and software firewall will provide a high level of security. Add virus protection and you will have a pretty secure setup.

Just my thoughts.

 

Everone,

Thanks for the comments and suggestions, keep them comming. I need to change something since my subscription to Norton runs out in November for my virus protection and for $39 I can upgrade to NIS 2003 and for around $70 I can buy a decent router and be ready when I get my second computer up and running again. I've kind of always felt comfortable with NIS and I think even with a router, I'm going to need virus protection so software protection cannot be avoided unless I'm missing something.

As for the firewall and virus protection I've got now, I get hack attempts several times per day and knock on wood, I haven't been attacked to date.

Thanks for the pointers guys/gals.

JR, long time since we wound up in the same thread, hey? Thanks for your input dude...

~DM~

 

Hey Dave, can you elaborate on the several hacks you get everyday. Cable and DSL providers routinely "ping" all the computers that are on their network. I'm not sure why but it is normal. They should go away with a router though.

 

The chances are that what you are calling hack attempts are nothing more than what I call background noise. There will always be people scanning huge IP address blocks looking for vulnerable machines. Becuase you see these scans in your firewall log doesn't mean that they were targeting you directly.

Routers are good but I would still use a software firewall like ZoneAlarm for it's outbound protection.

 

mtucker and 01sport,

Here's a few from my daily log in NIS:

Alert 9/30/2002 17:19:27 NDIS Filter Security alert displayed for rule Default Block Backdoor/SubSeven Trojan horse.
Remote computer (65.64.152.217, 2163)

Alert 9/28/2002 19:37:41 NDIS Filter Security alert displayed for rule Default Block Backdoor/SubSeven Trojan horse.
Remote computer (68.45.166.20, 1849)

I've always seen these entries in my log as hack attempts, are you guys saying that these are routine pings from my ISP?

~DM~

 

DAVEMAN,

Those are not from your ISP. Someone is scanning for computers that are infected with SubSeven. The way they usually do this is to scan a large block of IP addresses. Let's say that your IP address is 123.456.789.000. Someone will scan a block of addresses from 123.000.000.000 to 123.999.999.999. Since your address is in that block you will see a hit in your firewall log. Since you are behind a firewall the person doing the scan won't know your computer exists. Even if you weren't behind a firewall if your computer wasn't infected with the SubSeven trojan he wouldn't pay you any attention. The scanner is looking for an answer from SubSeven.

If your ISP is calling it will usually show as an ICMP ping in the logs (I'm not sure how NIS logs pings).

 

01,

Thanks and I figured that was what was going on too. I've been reading my logs for over a year and hardly ever was I thinking it was my ISP. I've even sent some portions of my logs to my ISP security team and they never reply, strange huh?

Later and keep those ports closed, right?

~DM~

 

I use the zonelabs free firewall. Its really good. Very happy with it.