Routers with Firewalls

[cardude2004]

Ok, this isn't a question about what I should get, but more of a security question.

In my home we have a wireless network with several computers on. I have been using the firewall on our Linksys WRT-54G. I was wondering if I should also have a software firewall installed on the PC's or not?

The hardware firewall has been working fine up to this point, but I didn't know if a hardware firewall was a security risk because it could be disabled or something.

 

[DQuaN]

Hardware firewalls are usually more secure than software firewalls. The only security risk is if, as you said, it becomes disabled.

There shouldn't be too many problems with running a software firewall. You might find one or two programs have trouble getting in and out.

BTW. If you are talking about turning on windows firewall. That's the equivalent of reinforcing blast doors with a sheet of paper.

 

[CDailey]

As long as your log in info isn't admin/admin then it's gonna be fairly hard for someone to get into your router and disable the firewall, so you're good to go. No need for a software firewall too.

 

[Flerbizky]

As long as your log in info isn't admin/admin then it's gonna be fairly hard for someone to get into your router and disable the firewall, so you're good to go. No need for a software firewall too.

Agreed - If you have a dedicated Firewall between your box and the EvilNet, you should be good..

And yes - Change the default password !....

 

[cardude2004]

No, my login info to the control panel is not admin/admin. I have a username and a password that is hard to figure out.

I also don't disable the firewall. I just didn't know if it was easier for some hacker to disable the hardware firewall.

 

[amp88]

Yes, you should install software firewalls on each of the connected PCs to block outgoing threats.

 

[cardude2004]

Outgoing targets? The internet connection is on the router, so the signal has to go through the router and out the router.

 

[Evolution.]

Outgoing targets? The internet connection is on the router, so the signal has to go through the router and out the router.

Don't mind him. amp is a noob

Anyways, yeah, hardware firewalls will do the trick as long as they aren't disabled. Once they are disabled though, thats when the software firewall is a good idea.

 

[amp88]

Outgoing threats was what I said. Routers generally don't offer much protection (if any) against outgoing connections. A trojan or keylogger installed on your PC would therefore be allowed to broadcast freely through a router, whereas with a firewall you could actively block the connection.

 

[cardude2004]

Well, won't an active anti-virus stop a trojan from installing? The keylogger is another story, but I probably wouldn't install anything was risky.

 

[amp88]

Well, won't an active anti-virus stop a trojan from installing? The keylogger is another story, but I probably wouldn't install anything was risky.

Depends how good the trojan protection is with your AV. Most AVs are pretty pathetic at stopping trojans. Also, you don't necessarily need to install risky things to get trojans/keyloggers. They can be loaded through webpages entirely without your knowledge. If you're genuinely worried about trojans you should research a proper, dedicated anti-trojan to sit alongside your anti-virus and firewall.

 

[sucahyo]

About firewall

what make a good firewall is not wether is hardware or software, but wether you can configure it properly or not. At default instalation, most firewall either stop too many or allow too many. Both can have bug or hole.

Software firewall will know what application currently doing the connection. The hardware firewall do the filtering without slowing down the CPU.

to protect from trojan, always allow only the neccesary conection in/out. For safe percaution, stop anything in/out bellow port 1023 that is not neccesary.

 

[GilesGuthrie]

About firewall

what make a good firewall is not wether is hardware or software, but wether you can configure it properly or not. At default instalation, most firewall either stop too many or allow too many. Both can have bug or hole.

Software firewall will know what application currently doing the connection. The hardware firewall do the filtering without slowing down the CPU.

to protect from trojan, always allow only the neccesary conection in/out. For safe percaution, stop anything in/out bellow port 1023 that is not neccesary.

Well put.

When configuring anything at all to do with security, always observe the Least Privilege Principal: only grant the explicit rights required to complete the task.

A lot of firewalls come too tied down, and too hard to set up, which just causes the installer to configure an Any/Any/Any rule, thus defeating the whole purpose.

 

[Flerbizky]

Well put.

When configuring anything at all to do with security, always observe the Least Privilege Principal: only grant the explicit rights required to complete the task.

A lot of firewalls come too tied down, and too hard to set up, which just causes the installer to configure an Any/Any/Any rule, thus defeating the whole purpose.

You've been right a lot of times Giles, but never more righter than your last sentence :-)

👍