General discussion


routers and firewalls

By jdawson ·
if i have a router on between my network and the internet and have no ports open what are the reasons for having firewall software on any pc on the network. i would like reasonable answers and not tech speak.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Hard to avoid tech speak.

by JamesRL In reply to routers and firewalls

If you have a router that is totally closed, you have no access between the internet. By definition, if you are accessing the internet you have multiple ports open, because various services use different ports.

The webservers you contact may use different ports for web pages, downloads, and may use differnt programs for add on programs like adobe acrobat reader or Quicktime. Your mail program uses different ports for sending and receiving. If you use an Internet messaging program, you will find that it again uses different ports, and some of them aren't consistent on which ports they use.

So the short story is that it is a challenge to start by locking down a router and then opening up the ports you need.

If you want the best control and security, don't put firewall software on users desks, put a real hardware firewalll between the router and the Internet. Then you can better define rules for traffic, explicitly block certain types of attack and better monitor the comings and goings of traffic.

Hope that helps.


Collapse -

Depends on the software

by gralfus In reply to routers and firewalls

I use Zone Alarm as additional software to the Linksys router I have between my network and the Internet. Since I added the router, I have seen the attacks that get through to my PC drop to almost zero. However, Zone Alarm has the added benefit of telling me what programs are trying to communicate *out from* my PC, not just those that are trying to come in. This helps to detect and rein in spyware and other such programs.

Collapse -

In your opinion

by pc_user In reply to Depends on the software

what is the best FireWall program in the market today and the best Anti-Virus too? I use Norton 2004 but they have removed the tracing website attack facility from it.


Collapse -

Home vs Business

by jt In reply to In your opinion

The answer to your question has a lot to do with your setup and what level of security you do need.

In a home environment, most software based firewalls will do, try and find one from a company that has been around a while (this goes for antivirus as well). Norton is what I recommend, however most the product out there will do just as well if not better providing the user takes the proactive approach to updating. (the lack of this approach caused serious damage to BlackICE users)**

Use what your comfortable with, just make sure you dont open everything up with the idea that you may use it, keep everything that you can keep closed... closed. And update! The same goes for antivirus, Norton is also my recommendation but no matter what you use, if it is not updated regularily it will do no good.

In a more corporate environment things need to be much tighter, employment of separate intrusion detection systems, strong authentication systems such as certificate based authentication, and multiple zones with multiple firewalls must be used.

I personally am in this world, employing Squid proxy services, with custom IPtables firewalls and Snort based intrusion detection. We use Symantec enterprise for our windows domains, and H+BEDV at our mail server and application gateways.

If your looking for trace utilities and want something graphical, informative, and easy to use I recommend NeoTrace (now owned by McAfee) which can be had for around $20 last time I checked at McAfee's website. It wont auto trace on a scan, however if your knowledgeable enough to use the information you get from it you should be able to find the IP you want to trace fairly easily.

Most attacks that register on home firewalls are simply port scans or traffic generated from virus infected machines floating out there on the internet, tracing the former is almost always a waste of time, where tracing the latter will only do you any good if you can contact the user of the other side and they happen to be caring enough to take care of the problem. In a real attack situation, the attacking addresses are also almost always innocent bystanders who have no idea that they are running a zombie (compromised machine that is used in the attack) and your real attacker is simply controlling the zombies.

Extremely wordy, but I'll sum up --

Use what your comfortable using, gather recommendations from many sources and go by that combined with your own experience, most packages offer a trial.

Update constantly, if your virus definitions are out of date your not going to catch whats coming in. Worse so, if your firewall software has a flaw it may stop functioning, or cause serious damage to what it is protecting.

Collapse -

True router block external initiated

by Deadly Ernest In reply to routers and firewalls

One of the simplest ways to get extra security nout of a true router is to block all externally initiated connections, you simply set the router table to ignore external contacts except in response to internal requests.

The only weakness then is if you have a trojan or adware or spyware that initiates a connection to oeprate, the router will alow this but a good firewall will detect bit and tell you.

Collapse -


by jt In reply to True router block externa ...

Everyone seems to block items coming in, but the same ACL methods used to block incoming can and should be used to block outbound traffic as well. Egress filtering should be employed to avoid a network being used for an attack, as well will keep sensitive information from leaking out. Lack of Egress is most probably the main vulnerability used in distributed attacks, and is most often overlooked as part of a security solution. SANS has many good resources and tutorials on exactly what to filter, and most vendors offer their own taylored papers.

Collapse -

A firewall is Different then a router

by LordInfidel In reply to routers and firewalls

But the question you are asking is not why have a firewall, but why have a firewall on the desktop.

If this is a corporate enviroment, then I don't agree with personal firewalls on the desktop in any way shape or form.

If this is a personal home network, then it can't hurt.

A routers funtion is not to filter traffic, but instead it routes traffic.

The advent of the home dsl user has blurred the distintion of what a router is by building in the classic functionality of a firewall/nat/proxy device into a single device that will route your requests to the net.

In a normal scenario, A router will be a dedicated device that sits on the outermost edge of your network, connecting your network to the hostile net. The router will typically be secured enough so that it can be managed by authurized users. And usually it will filter out "noise", but nothing else.

A firewall then sits between your router and your local area network, and not only filters inbound connections, but outbound as well.

All because you are not allowing anything thru, does not necesarily mean that you are hack proof.

My personal mode of attack vector to show how insecure dsl networks really are, is to send a specially crafted e-mail that makes a connection outound and downloads some files to the users startup menu then creates a bufferoverflow causing the system to reboot.

Once it reboots and my scripts activate, the remote system will initiate a tftp session to one of my servers, which in turn downloads my toolkit and then contacts my system again over port 80, whereby giving me a command prompt on the newly exploited system, for which I can then do what I ever I want.

With a properly configured firewall, this exploit would not be so simple to achieve. Notice I said, not so simple, since there are other ways for me to get files installed on your system.

Related Discussions

Related Forums