Any need for WINXP firewall with a Linksys router?

R

Robert Anastasio

My linksys router gives me a hardware firewall. For this reason, I did
not connect the WINXP SP2 firewall. Other than to get rid of the
annoying incorrect message that I am exposed, is there any reason to
connect the WINXP firewall?
 
D

David Sanders

Robert said:
My linksys router gives me a hardware firewall. For this reason, I did
not connect the WINXP SP2 firewall. Other than to get rid of the
annoying incorrect message that I am exposed, is there any reason to
connect the WINXP firewall?
The more layers of protection you have, the better.
 
D

Dave Patrick

Unless you have a specific reason not to use both then why not turn it on.

--
Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| My linksys router gives me a hardware firewall. For this reason, I did
| not connect the WINXP SP2 firewall. Other than to get rid of the
| annoying incorrect message that I am exposed, is there any reason to
| connect the WINXP firewall?
 
R

Robert Lewis

Robert,

Unless the router is also a hardware firewall, you should use a software
firewall. (You should probably use a software firewall even if you use a
hardware firewall)

I'm also running SP2, but instead of the Windows firewall, I use Zone Alarm
Pro version 5.5.062.004 which supports SP2. Versions earlier than 5.5.x
don't play nice with SP2, but this version works well for me. I also use a
couple of different anti-spyware tools (SpyBot S & D, AdAware SE Pro, and an
old and trusted friend, Norton Anti-Virus)

Click on the link for my favorite freeware at
http://www.aumha.org/win5/index.htm for more info. (The Windows Support
button on my site will also take you there)

Hope this helps.
 
V

Vagabond Software

If you think you may already have a suspicious program on your machine... or you use your computer in a way that puts you in a "high risk" category for accidently downloading and installing an unwanted trojan or worm...

then I would say "Yes", use the Windows Firewall along with your router. Otherwise, the router is probably not necessary and doesn't need to be running at all.

carl
 
L

Leythos

My linksys router gives me a hardware firewall. For this reason, I did
not connect the WINXP SP2 firewall. Other than to get rid of the
annoying incorrect message that I am exposed, is there any reason to
connect the WINXP firewall?

Lets start by fixing your misconception - the linksys unit IS NOT a
firewall of any sort, it's simply a NAT box which provides blocking
services to uninvited inbound attempts.

With that out of the way, there is little that your XP firewall will do
that the router won't do. I know of MANY people that run routers/NAT and
have no problems.

You still need to be aware that you can still get infected via the
web/email, and that the router does NOTHING to stop your computer from
connecting to anything on the internet.

Remember to change the default password, change the default subnet from
192.168.1 or 192.168.0 to something like 192.168.10 in order to avoid
one of the linksys website exploits that can reset your router and give
control to an outside user.
 
R

Richard Urban

I also use the Linksys BEFSX41 Firewall/Router.

It supplies only inbound firewall protection. An errant program, or spyware,
can get out anytime it wants - without any notice to you.

Likewise for the Windows XP SP2 firewall.

If you want outbound protection (highly recommended) use ZoneAlarm, either
the free version or ZoneAlarm Pro (with all the bells and whistles).

--

Regards:

Richard Urban

aka Crusty (-: Old B@stard :)

If you knew half as much as you think you know,
You'd realize you didn't know what you thought you knew!
 
K

Ken Blake

In
Robert Anastasio said:
My linksys router gives me a hardware firewall. For this
reason, I
did not connect the WINXP SP2 firewall. Other than to get rid
of the
annoying incorrect message that I am exposed, is there any
reason to
connect the WINXP firewall?


I wouldn't run the Windows firewall, since it offers no
protection over what you already have. But I would run a
third-party firewall, such as the free version of ZoneAlarm,
which adds outbound protection.
 
R

Richard Urban

See Linksys BEFSX41

It is a true firewall/router!

--

Regards:

Richard Urban

aka Crusty (-: Old B@stard :)

If you knew half as much as you think you know,
You'd realize you didn't know what you thought you knew!
 
L

Leythos

See Linksys BEFSX41

It is a true firewall/router!

I promise you that if all you are reading is the Linksys media, then you
are missing a lot of what is real in the world.

I've got one of every Linksys router they make, 10+ of some, and many D-
Link and Netgear ones also.

With the exception of the $200+ units, which means none of the linksys
units, none of those SOHO units are firewall devices - they are only NAT
boxes with enhanced features.

I also have several of the SOHO6tc units by Watch Guard, several of the
Firebox II and Firebox III line, and a couple older Netscreen and Sonic
units, all in my office or home.

Don't get me wrong, the Linksys BEFSX and BEFVP units are very nice for
what they do, and every user (in general) should have one of these (even
the BEFSR series) for use at home as the first line at the boarder, but
don't make the mistake of thinking these types of devices are firewalls.

Read up on security and firewalls, you'll be surprised at what companies
try to pass-off as a firewall today.

Did you know that when the BEFSR41 came out on the market, many years
ago, it was called a Cable Modem Router. Later, after marketing got into
the swing of the Buzz Word mode, they added Firewall to it's
description, but the functionality never changed.
 
B

Bruce Chambers

Robert said:
My linksys router gives me a hardware firewall.

No, it doesn't have a firewall. It does use NAT (network address
translation) to hide your computer's IP address from the Internet,
thereby providing you with some protection from unsolicited intrusions.
It won't protect you from the affects of any Trojans or spyware that
you've installed, as would a true firewall.

For this reason, I did
not connect the WINXP SP2 firewall. Other than to get rid of the
annoying incorrect message that I am exposed, is there any reason to
connect the WINXP firewall?


If you use a router with NAT, it's still a very good idea to use a
3rd party software firewall. Like WinXP's built-in firewall,
NAT-capable routers do nothing to protect the user from him/herself
(or any "curious," over-confident teenagers in the home). Again --
and I cannot emphasize this enough -- almost all spyware and many
Trojans and worms are downloaded and installed deliberately (albeit
unknowingly) by the user. So a software firewall, such as Sygate or
ZoneAlarm, that can detect and warn the user of unauthorized out-going
traffic is an important element of protecting one's privacy and
security. (Remember: Most antivirus applications do not even scan for
or protect you from adware/spyware, because, after all, you've
installed them yourself, so you must want them there, right?)

I use both a router with NAT and Sygate Personal Firewall, even
though I generally know better than to install scumware. When it
comes to computer security and protecting my privacy, I prefer the old
"belt and suspenders" approach. In the professional IT community,
this is also known as a "layered defense." Basically, it comes down
to never, ever "putting all of your eggs in one basket."

--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH
 
M

Mike

My linksys router gives me a hardware firewall. For this reason, I did
not connect the WINXP SP2 firewall. Other than to get rid of the
annoying incorrect message that I am exposed, is there any reason to
connect the WINXP firewall?

I had similar thoughts and finally decided on adding Symantec Personal
Firewall (other products may suit the needs of others - not a pitch for PF).
My rationale was that the linksys router does a great job of blocking incoming
packets. I send the log file over to my Linux server and am continually amazed
by the number and source of packets from unknown machines hitting my router on
a continual basis. That said, however, I wanted more control over the outgoing
packets. Windows XP seems to love sending out stuff to everyone. I set up PF
to essentially block all incoming and outgoing packets. I then allow those I
want. By monitoring and logging the flow of things, I then turn off those
things not needed.

My current analysis so far is

Running, but are they needed ?
Computer Browser - Started Automatic
DHCP Client - Started Automatic
Smart Card - Manual

Turned off, but are they needed ?
Messenger
Remote Registry - Disabled
Routing and Remote Access - Disabled
SSDP Discovery Service - Disabled
Telnet - Disabled
Terminal Services - Disabled
Windows Firewall/Internet Connection Sharing (ICS) - Stopped/Manual
Windows Time - Disabled

I would never have found these without the incoming/outgoing detailed
information. (Uhm, I think I will post these elsewhere to see what others have
done.)

PF also gives me highly configurable web permissions (scripts, activex, java,
and so on) on a site-by-site basis. My approach here is also to just about
block everything and turn it on as needed (although I have openned up scripts
since it is so heavily used).

I have done a lot of firewall stuff in Linux. The basic approach to turn
everything off and then turn that which is needed back on has served me well
in protecting a lot of systems.

I also use Cookie Pal so that I can manage the cookies as well. Same approach,
no cookie (except for session expires) unless authorized.

YMMV
 
M

Mike

Lets start by fixing your misconception - the linksys unit IS NOT a
firewall of any sort, it's simply a NAT box which provides blocking
services to uninvited inbound attempts.

Actually, that is not quite correct. The linksys router is both a router with
NAT and a incoming firewall. One can specifically block and allow packets. One
can log incoming and outgoing packets. Unless you have DMZ turned on, incoming
packets stop at the router - a socket is never established on the LAN side.
Further, one can also edit he routing tables. About the only thing missing is
managing outgoing packets.
With that out of the way, there is little that your XP firewall will do
that the router won't do. I know of MANY people that run routers/NAT and
have no problems.
You still need to be aware that you can still get infected via the
web/email, and that the router does NOTHING to stop your computer from
connecting to anything on the internet.
Remember to change the default password, change the default subnet from
192.168.1 or 192.168.0 to something like 192.168.10 in order to avoid
one of the linksys website exploits that can reset your router and give
control to an outside user.

And turn off remote management access. Only allow internal administration.
Stops that issue at the get-go.
 
L

Leythos

Actually, that is not quite correct. The linksys router is both a router with
NAT and a incoming firewall. One can specifically block and allow packets. One
can log incoming and outgoing packets. Unless you have DMZ turned on, incoming
packets stop at the router - a socket is never established on the LAN side.
Further, one can also edit he routing tables. About the only thing missing is
managing outgoing packets.

All of which is a function of NAT and does not make it a firewall. It
makes it a router that includes NAT as a primary function. The DMZ is
not a separate network, it's a single IP in the same subnet. Take about
15 minutes, scan google for Firewall definitions, and after you read the
ones that are based on non-marketing hype, you will understand better.

[snip]
And turn off remote management access. Only allow internal administration.
Stops that issue at the get-go.

Nope, the above mentioned exploit has nothing to do with being REMOTE,
it was a hack through the users browser that targeted the internal IP of
the router from the users machine, which would reset the router and
leave it open. The routers are setup with remote administration disabled
by default.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top