Sign in with
Sign up | Sign in
Your question

How many firewalls is too many?

Last response: in Networking
Share
Anonymous
June 23, 2004 6:30:39 AM

Archived from groups: comp.security.firewalls (More info?)

Hello:

I have just recently install a cablemodem and now must deal with the
firewall issue. I have the cable modem connected to a Netgear MR814
Wireless Router/Access Point. This device has a built in firewall. I
have four computers accessing the internet through this Router. Three
of these computers are running XP, which has it own (rather basic from
what I gather) firewall, and the four has Norton Internet Security on
it. My questions is whether on not the MR814's firewall is all that I
need, or should I also have an additional software based firewall on
each computer as well?

Any help, advice or suggestions would be greatly appreciated.


Mark Dixon

More about : firewalls

Anonymous
June 23, 2004 7:15:47 AM

Archived from groups: comp.security.firewalls (More info?)

In article <iuqhd0poe78f5o80qjrkohlvtajkroldf4@4ax.com>, m-dixon@onu.edu
says...
> My questions is whether on not the MR814's firewall is all that I
> need

The router you have is NOT a firewall, it is using what is called NAT to
provide a sort of one sided firewall function of blocking unrequested
inbound traffic to your computers. Do not confuse marketing hype with
what a real firewall is or does.

To answer your question, as long as you don't care if your machines have
unrestricted outbound access to the internet, then the router will
provide a great line of defense against unsolicited inbound attempts.

It will not protect your web browsing experience, it will not protect
you from infected emails, and it will not protect you from spyware.

It is a critical first item in your defensive layer, and, with a quality
anti-virus package on ALL computers, all Windows updates (you can set it
to automatically update every evening) and frequent AV updates you can
feel reasonably secure - as long as you don't run any P2P programs, file
sharing services (with internet users) and don't visit hacker/hacked web
sites and never open email's with attachments that you didn't ask for.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)
June 23, 2004 7:26:13 AM

Archived from groups: comp.security.firewalls (More info?)

Leythos wrote:

> m-dixon@onu.edu wrote:
>> My questions is whether on not the MR814's firewall is all that I
>> need
>
> The router you have is NOT a firewall, it is using what is called NAT
> to provide a sort of one sided firewall function of blocking
> unrequested inbound traffic to your computers. Do not confuse
> marketing hype with what a real firewall is or does.

The Netgear MR814 has SPI, not just NAT.
Related resources
Anonymous
June 23, 2004 8:11:47 AM

Archived from groups: comp.security.firewalls (More info?)

"ยท" <sdglockman@hotmail.com> wrote in news:p L6Cc.114703$j24.13393
@twister.nyroc.rr.com:

> Leythos wrote:
>
>> m-dixon@onu.edu wrote:
>>> My questions is whether on not the MR814's firewall is all that I
>>> need
>>
>> The router you have is NOT a firewall, it is using what is called NAT
>> to provide a sort of one sided firewall function of blocking
>> unrequested inbound traffic to your computers. Do not confuse
>> marketing hype with what a real firewall is or does.
>
> The Netgear MR814 has SPI, not just NAT.
>

And it doesn't meet the specs for a true FW appliance.

http://www.firewall-software.com/firewall_faqs/what_doe...

The NAT router with SPI meets the spec in the link concerning a FW.

http://www.homenethelp.com/web/explain/about-NAT.asp

A lot of people run with a host based FW or some other element like IPsec
behind a NAT router.

Duane :) 
June 26, 2004 11:36:55 PM

Archived from groups: comp.security.firewalls (More info?)

Have a look at www.ipcop.org or www.astaro.com IPCOP is free linux distro.
Astaro gives a a"free" 10 user license for running as a true firewall in the
home.. Both are based on Linux.

What makes these a real products you might ask.
1) Inbound and outbound filters
2) Option to do Content filtering on WWW, SMTP.
3) Proxy for www, socks, smtp, dns,.
4) option to do virus scanning on http, ftp, smtp... (Astaro only)

Downsides.
1) The viruse and all content options are a small charge. (Astaro only)
Use Dansguardion on IPCop for this.
2) You have to run it on a PC. (Older PII is fine for astaro. P133 is
fine for ipcop.


"Mark H. Dixon" <m-dixon@onu.edu> wrote in message
news:iuqhd0poe78f5o80qjrkohlvtajkroldf4@4ax.com...
> Hello:
>
> I have just recently install a cablemodem and now must deal with the
> firewall issue. I have the cable modem connected to a Netgear MR814
> Wireless Router/Access Point. This device has a built in firewall. I
> have four computers accessing the internet through this Router. Three
> of these computers are running XP, which has it own (rather basic from
> what I gather) firewall, and the four has Norton Internet Security on
> it. My questions is whether on not the MR814's firewall is all that I
> need, or should I also have an additional software based firewall on
> each computer as well?
>
> Any help, advice or suggestions would be greatly appreciated.
>
>
> Mark Dixon
>
Anonymous
June 29, 2004 3:38:52 PM

Archived from groups: comp.security.firewalls (More info?)

In article <wZ5ee8Aa9Q4AFwcH@clara.co.uk>, brianphillips@clara.co.uk
says...
> I am wondering, in view of the above, whether I could have done anything
> that would have stopped the trogen accessing its home site,

The real question is: Could I have done anything that would have
prevented the installation of the Trojan?

Most of those things, if not through IE, require the user to do
something or to be visiting a questionable site. If you turn off Java
Scripting, disable Active-X, and (in IE) set your "Internet" zone to the
highest security level, you stand a much better chance to keep from
getting infected.

With a router, and no AV or FPW software you can't stop outbound
traffic, and even if you allow port 80, a PFW may not stop it anyway.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)
Anonymous
June 30, 2004 6:33:51 PM

Archived from groups: comp.security.firewalls (More info?)

>> However, had my PC been infected with the recent trogen you wrote about
a day or so ago, (and fortunately I do not run IE) then nothing would
have stooped it accessing its Russian home site (217.107.218.147) given
that it appears that it was accessing its home site using port 80.

I am wondering, in view of the above, whether I could have done anything
that would have stopped the trogen accessing its home site, and indeed
whether an expensive commercial firewall could have stopped the trogen
accessing its home site.

Brian:

Once you know the address, add a line to the hosts file (resolving it to
you) on each computer.
Or, if you have a router that has f/w rules, add a rule to block it for all
wss (my Netgear RT 314 supports rules).

The best solution is prevention, and as Leythos says, use MSIE with active
content blocked for MSIE's Internet zone(which is what I do).

I have been using PopUpCop (http://www.popupcop.com) as a backup to the MSIE
High Security setting. It works very well (it does much more than popup
control).
Anonymous
June 30, 2004 7:21:48 PM

Archived from groups: comp.security.firewalls (More info?)

In article <jbAEc.9267$pY6.4660@newssvr22.news.prodigy.com>,
CZ@no99spam.com says...
> The best solution is prevention, and as Leythos says, use MSIE with active
> content blocked for MSIE's Internet zone(which is what I do).

To follow up that advise, here is a link to the MS site that explains,
in detail, how to secure your IE:

http://www.microsoft.com/security/incident/settings.msp...

While using this, you will have problems with normal sites until you add
them to your trusted zone - I have one change to their suggestion - set
your Trusted zone to MEDIUM so that if you screw up and add a site to it
you still get a little protection.

With this method I've not had any problems, infections/compromises, in
the 6 months I've been doing it. It takes a couple days to get all your
trusted sites configured, but once you do it's fine.




--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)
Anonymous
July 1, 2004 1:29:42 AM

Archived from groups: comp.security.firewalls (More info?)

> Brian:
>
> Once you know the address, add a line to the hosts file (resolving it
> to you) on each computer.

I understand that if IE is using a proxy server with the HOST file in play,
then IE bypasses the HOST file. I just found this out recently.

Duane :) 
Anonymous
July 1, 2004 8:10:05 AM

Archived from groups: comp.security.firewalls (More info?)

>> I understand that if IE is using a proxy server with the HOST file in
play,
then IE bypasses the HOST file. I just found this out recently.

Duane:

Interesting thought.

I will run a test using an XP ws against MS's ISA proxy server and post the
results tomorrow.
Anonymous
July 1, 2004 8:10:05 AM

Archived from groups: comp.security.firewalls (More info?)

>> I understand that if IE is using a proxy server with the HOST file in
play,
then IE bypasses the HOST file. I just found this out recently.

Duane:

Interesting thought.

I will run a test using an XP ws against MS's ISA proxy server and post the
results tomorrow.
Anonymous
July 1, 2004 6:42:09 PM

Archived from groups: comp.security.firewalls (More info?)

>> I understand that if IE is using a proxy server with the HOST file in
play, then IE bypasses the HOST file. I just found this out recently.

Interesting thought.
I will run a test using an XP ws against MS's ISA proxy server and post the
results tomorrow.

Duane:
Re: test setup and test results

Setup:
XP Pro ws with MSIE setup as an ISA Web Proxy client into a SBS2k3 Premium
server (running ISA server s/w).
ws's hosts file has: 127.0.0.1 dell.com.
Using Ethereal for packet sniffing.

Results:
ws's MSIE attempts to connect to dell.com:
ws sends a DNS query to the domain's inside DNS server (which is the SBS2k3
computer setup as a DNS forwarder).

ping dell.com command:
dell.com resolves to 127.0.0.1
Anonymous
July 2, 2004 1:31:23 PM

Archived from groups: comp.security.firewalls (More info?)

> I understand that if IE is using a proxy server with the HOST file in
play,
> then IE bypasses the HOST file. I just found this out recently.

The way a proxy works is that the client simply sends the requested URL to
the proxy server... it is thus the proxy server that does the DNS lookup.

As such, any form of local name resolution is ignored.... which includes
both the local HOSTS table and the local DNS server details.


paul
Anonymous
July 2, 2004 1:33:19 PM

Archived from groups: comp.security.firewalls (More info?)

> If you configure IE to use a proxy server the IE will just pass the
hostname
> to the proxy and let the proxy figure out the IP address.

More so than that: the client passes the whole URL to the proxy server, and
the proxy goes and finds it (which starts with it figuring out the hostname)


Paul
!