Firewall for computer

I don't know what the rep at your ISP is smoking, but if they're discouraging their customers from using a firewall, whether hardware or software, they're just setting themselves up for a mess when their customers get infected with stuff.

From an ISP perspective, the only thing "bad" about firewalls are the potential support issues. How often do they have to field calls where the customer says "my internet is slow" and it turns out to be because of their router or firewall? For that purpose, it's a good idea to turn off software firewalls and/or bypass routers when troubleshooting issues with your Internet connection. If it's slow, and you remove the router and then it's fast, well then it's the router and not the ISP.Another company who makes routers and network cards. I hear good things about Orinoco as well, but I don't know offhand if they make routers. I know they make really good wireless gear though.A router, in its most basic form, routes packets between (at least) two different networks. In a home network environment, the two networks are commonly referred to as the LAN (local area network--the computers in your house) and the WAN (wide area network--the Internet).

In order to communicate within any TCP/IP network (including the Internet), each machine requires a unique IP address. Since residential ISPs normally only provide one IP address per account/modem, routers have a feature called Network Address Translation (NAT) to share that single IP address. Every PC connected to the router is assigned a unique, private IP address (usually in the 192.168.x.x range). When a PC makes a request to connect to something on the Internet (a Web site perhaps), the router handles the conversion between the local private IP and the public Internet IPs automatically. From the Internet side of the router, it looks like only a single computer (the router) is connected to the modem.

A firewall, in its basic form, controls network access. Basic firewalls are just packet filters; either they allow packets through or they block them, depending on how the firewall's rules are set up. More advanced firewalls, known as Stateful Packet Inspection firewalls, can control packets based on more specific criteria. In a home environment, hardware firewalls are usually configured to allow outbound connections (your computer can connect to web sites on the Internet), but they block inbound connections (hacker tries to connect to YOUR PC).

Due to the way NAT works, it provides a degree of "firewall" protection on its own. An outbound connection will be translated by the router, but inbound connection attempts are ignored, since the router won't know which computer to route the request to (unless it's configured to route to a specific computer). The better routers also offer filtering and SPI (stateful packet inspection), which provide additional firewall protection.

Software firewalls, such as Zone Alarm, run on your PC and offer control beyond what a hardware firewall can. A hardware firewall can only look at the data going over the wire and decide whether to let it through or not. A software firewall can look at what program on your PC is attempting to connect, and allow or reject it based on rules. For example, if you configured your hardware firewall to block access to nastysite.com, it would block it regardless of what program on your PC is trying to get to it. A software firewall, on the other hand, could be configured to allow Internet Explorer to access the Internet, but block it (or prompt) for unknown applications. That way, if your computer gets infected with a virus or spyware, the software firewall can block it from accessing the internet, but still allow IE to surf web sites. A hardware firewall wouldn't know the difference.

Well, that description wasn't exactly brief, but it gives an overview of what routers and firewalls are and do, and the advantages/drawbacks of both kinds of firewalls.

Other thing to point out is that there's no reason why you can't run both software and hardware firewalls at the same time...in that case the hardware firewall would prevent incoming attacks and the software would prevent trojans and other nasties from sending info from your PC back to the web (which a hardware firewall can't stop..at least not normally)

From what's been said so far you might get the impression that a software firewall is good enough but normally they're not...one reason is that all software is vunerable to attacks though bugs or just limitations of the code ...there's also a maintence aspect to most software where you need to keep up with the latest versions to get the best protection and lastly the software itself is sitting on the machine you're trying to protect so you have less of a buffer between you and the outside world. Where hardware firewall routers come in nicely is that for the most part they're more or less plug and play with no user intervention required once you've set up your account info during the setup screens. If its a wireless unit there's a little more to do to make sure your conneciton is secure but even that's not a requirement (it ought to be though :roll: ) Also don't forget that with a hardware router its a lot easier to share an internet connection with other PC's and wireless devices...it can be done via software in windows (and Linux no doubt) but for the average home user hardware routers are the way to go.

So my recomendation Greg is to see if there's a Netgear or D-Link router on sale at FS or BestBuy and install that between you and the DSL modem. You can still run the symantec firewall if you like but its not really required...esp if you're dillegent with your virus scans etc.

Also if you need help with any of that just let me know and I'll either talk you though it on the phone or drop by for that beer you owe me :lol:

Ok I just checked FS and with the rebate the Netgear wireless router that I currently have is cheaper then the non wireless one so you might as well go wireless even if its disabled for now...

Netgear MR814CN

Another point:

If a software firewall is disabled before it loads....does it really work :wink:

If your software firewall doesn't require a password to unload the engine then it's pretty much useless. There are programs that also show that software firewalls can be defeated if the rules are set to allow certain safe programs (these are more theory than anything).

Don't get lulled by home-based routers being the end-all be-all though because they only filter in-bound traffic (and only the expensive enterprise class hardware ones filter outbound as well).

If your pc is a little underpowered,and you have a toss-up between which program to let go to make things run quicker, my advice would be to use a good (aggressive) antivirus and a hardware router and call it a day.

The antivirus will give you more bang for the buck than a outbound software firewall like sygate, zonealarm, outpost and the like.

Good points guys... but why not go the belts & suspenders route and use a hardware firewall/router, a software firewall, AND a good anti-virus? I wouldn't go online without at least two (one must be anti-virus), and preferably all three of them.

Of course, being the Super Geek(tm) that I am, my network uses a Linux box as a firewall/router. In addition to that, both my PCs have ZoneAlarm Pro on them, as well as anti-virus programs (I have CA eTrust AV on my laptop, and NOD32 on my desktop, after dropping Norton last year).

Last but not least, my Linux box, which also hosts email for my patzcatz.com domain, has a virus scanner which scans all incoming email. So that's another layer of protection, on top of the email scanners on my PCs.

Oh yeah, I have a suite of anti-spyware apps as well... AdAware, Spybot S&D, CWShredder, Hijack This. And I use Mozilla Firefox for surfing instead of Internet Exploiter.

They are giving you bad advice. There are just too many hackers and virus-mongers out there to be on the Internet unprotected. Some firewall products are more compatible than others with various ISPs' configurations, but having one that works on your 'net-linked computer is very important.

A year and a half ago, when Road Runner was giving me fits (for example, spontaneously disconnecting on a frequent basis), their "helpful", "knowledgeable" tech :>) told me that I needed to disable my firewall (I was using Zone Alarm at the time) to be able to connect properly to their system. He said he had been surfing the 'net without one for over five years without a problem. I told him he was living in a fool's paradise and asked to speak with his supervisor. I told the supervisor that if off-the-shelf firewall programs conflicted with Road Runner, then they owed it to their customers to find one or develop one that did the job properly (IOW, find a program that both protects and permits unimpeded access and let people know which one it is).

My suggestion was not received warmly at the time. But -- lo and behold -- a year later, Road Runner began to offer a firewall and anti-virus suite "optimized" for use with Road Runner free of charge to its customers. So now I've switched to their package (eTrust EZ Firewall and EZ Antivirus by Computer Associates) in addition to using anti-spyware apps and an occasional run of McAfee Antivirus as a double-check (McAfee has found a few things that EZ overlooked and vice versa).

Hope you find a solution that works right for you.

Burke

Burke - the "EZ Firewall" that comes with the EZ Armor suite is actually a rebadged, older version of ZoneAlarm Pro. When I got EZ Armor through the Microsoft promotion, I tried EZ Firewall but then went back to ZoneAlarm Pro 4.5 since it has more features.

The Anti-virus is pretty nice though. Especially if you upgrade to the 6.2 version, where they added POP3 email scanning.

Excellent information, guys! Thank you so much.

I'll comment some more when I get back from snagging that NetGear one from Future Shop. My nearest one is sold out, but the one on St. James has a few.

So, I'm going to run out there and then I have a couple of questions to ask.

For the record, I use Norton AntiVirus 2004 with automatic Live Update and I also do a manual update if I here of any nasty viruses that have come out. Since I've had Norton AntiVirus, I have not had ANY viruses win an attack on my computer. Norton has caught them all! So, I have that software for sure.

I will now have a hardware router.

My only other question (for now) is since ZoneAlarm 5.x is a beggar, how would I get 4.5 now that 5 is out; or should I try learning how to run my Symantec Internet Security product, which is also of 2004 vintage.

Thanks a bunch guys!

Running to Future Shop...............

Greg :B

Gregorius

Just a word of warning before you go and purchase a combined router and firewall.
Most companies claim they have firewall capability in their routers, but few of them are actual firewalls.
Mots of them dont even prevent Denail of Service (DOS) or ping of death - two of the most basic things to protect from.
So be sure that you have full return policy and test the unit you buy on Gibson research (grc.com) and adsl.com.
Both places can simulate attacks and tell you how good the unit is.
Also be sure that you can upgrade the unit, and that the company have an active support policy. Better spend a little more now and have a unit that works and can/will be supported for a long time.
Finally, think of future needs. Do you need DMC capability (webserver running outside your firewall, but on your network), Wireless support, PC card plug in interface for new technologies or better match for your wireless adapters.

Oh - and yes, an external firewall is infinitly better than software versions - not due the fact they are software (bot are running software) but due to the fact that you dont put 100's of programs to run beside it and worst of all put cd's from magazines that are created with all kind of stuff on it - not to mention cd's of suspicious origin into it. Not that I think you do... :W

I've run several online hacking tools against the router Greg's trying to buy (its the same one I have) and its never failed a test yet.

Andrew

Dont know the specific NetGear model, just wanted Gregorius to be alert to some of the things I find important. 8)

Well, I'm a proud owner of a box that says:

NetGear Cable/DSL Wireless Router MR814
...True Firewall - SPI and NAT Protection...

True Firewall - That's what the box says! The box is always right, right? :W

I couldn't get one at my nearest Future Shop and the sale was ending today (Thursday - THANKS ANDREW!) so by the time I had done some stuff that HAD to be done, I put the pedal to the medal on my Suzuki Aerio SX and sped on down to the Polo Park Future Shop........ got there at 8:54 (Closes at 9:00) and went straight to the computer section. The salesman grabbed me right away (oh really? in a Future Shop? you found a salesman? not 5 of them trying to "help" you? 8O ) and found the router..... I paid for it.... went out the door..... looked left, then right for cars.... looked down at my watch and just saw it move from 9:00:00 to 9:00:01. Talk about cutting it close on the sale!

Anyway, I have it sitting right here beside the monitor and I don't think ANY hackers have gotten into my computer since I put it there. So it's working nicely. I love the wireless part of it. Just sit it next to the computer and you're all set! :P

Now to reality. I've got the Windows XP firewall running - my ONLY barrier to the internet - so I'm going to need to get this puppy up and running.

I'll read all of the instructions (laugh on dotted line ............... ) and have it up in 3 to 4 months.

OR, I'll call Andrew and get him to talk me through it over the phone. I'm wondering just how many bottles of that Honey Brown beer I'm going to owe him before I actually pay up! :E

Anyway, $79.99 CAD on sale for $69.99 plus a $40 send in rebate makes the whole thing $30 buckaroos. Good deal, I'd say! Thanks again Andrew.

And as far as I'm concerned, if it's good enough for Andrew, it's good enough for me!

So, I'll stop in tomorrow (actually later today) and see what y'all have to say about my purchase.

Question: So if the best thing is to have all 3 types of protection running - 1) AntiVirus, 2) Software Firewall, 3) Router/Firewall, then which software firewall should I use?

No, I'm not going to build an entire computer and learn the Linux OS in order to protect my machine. Sorry, Kev! :B

I can get ZoneAlarm free version, which is the 5.0 version that screwed up my internet experience AND my download speeds. Or I can get Zone Alarm Pro, at a price, but I doubt it would be any better.

Or, I have the latest version of Symantec Internet Security, which I can use if anyone wants to give me the basics of what I should and shouldn't let in/out.

Or, is their better software out there? (Money is not something I come by easily).

So, NAV, SIC, and NetGear MR814? Sound good?

Any thoughts would be appreciated!

Thanks a lot guys! I am learning a lot as I go thanks to all of you!

Greg :B

Edit: COOL! I hit 900 posts, and most of them either informative, entertaining or downright life-enriching...... at least, IMHO! :W

Edit #2: Apparently I not only have the MR814, but it is VERSION 2! Yoiks!!! And still no hackers getting through! Hard to type though, because the box covers most of the keyboard! :cry:

I managed to find the latest version of ZoneAlarm Free 4.5.

I installed it and it doesn't act weird like 5.0.xxx and it doesn't slow my download speed, so I'm going to stay with it until someone tells me Symantec's is better for the software firewall, or someone tells me I shouldn't be using Zone Alarm Free at all.

Greg

Nothing wrong with ZoneAlarm Free as a basic firewall, as long as you use 4.5 and not 5.0.

The Netgear routers are good, and if you want a "real" firewall, SPI is good to have. Stateful Packet Inspection. In other words, a "real" firewall.

Gregorius

You could use suspencers and belt, but there really is no need to.
My recommendation would be to have antivirus (always) and the hardware firewall. Forget all about the software firewall and instead get a good spyware program like Lavasoft.

In theory a hardware firewall will not prevent a trojan horse sending from your system, but in 99% of the time it will be the same result with zonelabs as you will have no clue when it say's that mdrc34.sys wants acess to the internet. If you say yes you could be granting access to a trojan horse or a spyware program - or you could be blocking the whole system.. Get my point?

The spyware program should be scanning automatically on every startup and will by that prevent this from happening and should, like your antivirus, be running in the background as well.
This should IMHO give you the best security possible.
Please remember that a hacker can ALWAYES, get in to your system, given enough time and dedication, but be happy that your simply to small a fish for them to even bother when you have this kind of protection.

Should you require the next level in security, then rest assure that 30$ will not be enough :W

Good luck with it and I still recommend getting adsl.com to do a 24 hour scan of your system..

I have a Link Sys router and Point to Point wireless setup that works flawlessly from the router/hub standpoint. The only thing I have problems with are the satellite cards disconnecting some, that sort of thing, but I expect this is pretty normal for wireless.

Lex