Firewall question

[Peter in New Zealand]

For some years I have had a LAN with four computers at home, based on a
DLink DSL504T modem/router also providing access to the Internet. With the
kids all grown up and gone now-a-days I decided to simplify everything. My
one remaining machine now connects to the Internet via a SmartAX ADSL2+
MT882 modem using the ethernet port.

The old DLink had a hardware firewall built in, and I also ran a software
firewall on each individual computer. My question is, now with a firewall
also in
the new modem, and no LAN any more, do I really need a software firewall on
my single machine as well any more? I am running Windows XP SP3 with the
Windows firewall enabled at present.

Many thanks for any advice offered.

 

[Pegasus \(MVP\)]

For some years I have had a LAN with four computers at home, based on a
DLink DSL504T modem/router also providing access to the Internet. With the
kids all grown up and gone now-a-days I decided to simplify everything. My
one remaining machine now connects to the Internet via a SmartAX ADSL2+
MT882 modem using the ethernet port.

The old DLink had a hardware firewall built in, and I also ran a software
firewall on each individual computer. My question is, now with a firewall
also in
the new modem, and no LAN any more, do I really need a software firewall
on
my single machine as well any more? I am running Windows XP SP3 with the
Windows firewall enabled at present.

Many thanks for any advice offered.

Your DLink 504T is an ADSL modem/router and has therefore an inbuilt
firewall. It will protect you quite effectively against hackers. You would
need a more sophisticated firewall only if you wanted to limit the access
granted to applications that you run on your PC.

IMHO, people who exercise discipline and restraint when visiting Internet
sites do not need a firewall other than the one built into their router.
However, if you only had a modem but no router then a firewall would be
mandatory.

 

[RJK]

Some people will relate that a software firewall in addition to a NAT is not
necessary. They're the clever clogs who know what they are doing !
I love it when the odd one of those, (who always proclaim that all that is
needed is for one to be "web-savvy" and "never open that unsolicited email
etc. ...and practice safe surfing habits etc.), get something nasty which
has slipped past all their web-savviness

My view is that considering that so much software, that ends up in a PC is
web-enabled, (and that software writers seem continually to be insisting in
their software that it needs to scuttle along to its' home web-site for
various reasons), that I like to be notified when something lurking in the
background raises its' head with the intention of communicating with its'
home web-site !

I don't want all the free "runtime" software such as Adobe reader, and Sun
Java, and various application programs to be continually checking with their
home site to see if an upgrade is available, for a whole multitude of
reasons !! And I've found that some software still tries to 'get out' even
after digging right through it to switch off "automatic check for updates,"
so it makes one wonder just what some of the software writers are up to !

Exceptions are of couse a/v and and other trusted, (and uninfected!),
software which is best given permission to collect regular updates.

The main attraction of a good 3rd party software firewall, for myself, is
that it monitors for, and alerts you to "unauthorized outbound connection
attempts", in addition to "unauthorized inbound connection attempts," and
for myself helps me to keep and eye on software in my PC that tries to get
out, even after telling it "No"

regards, Richard

 

[Peter in New Zealand]

Thanks for the comments. I agree some software just doesn't seem able to do
without it's umbilical. I always try to disable all calling home that is
unnecessary, apart from, as you say, antivirus software and so on. My
question was prompted by the fact that the SmartAX ADSL2+ MT882 modem I am
using now has a part of it's config setup that has "enable" and "disable"
for a firewall, so I assumed it has some sort of firewall built in like the
old DLink did. Curious thing is that the manual for it simply doesn't
mention anything about a firewall. Hence my question.

UPDATE: Just did some more digging on the Internet and found that it does
indeed have a firewall built in. So I guess I just answered my own question.
My thanks again to those who helped with ideas and comments.

 

[RJK]

Well I'm blowed ! I worked on a PC a couple of months ago that was using a
SmartAX adsl modem, and inaddition to the menu labelling in it being a whole
world unto itself !! ...I also noticed that the "firewall" seemed to be
broken into two parts, after I'd tweaked it around as best I could -
www.grc.com 's "Shields Up" reported that lots of ports were actively being
detected by GRC as "blocked" rather than "Stealthed" ...as he calls it,
....which can attract attention to those ports of course because they're
responding as blocked, instead of simply denying access and not responding !

Despite the ambiguous menu labelling inside that SmartAX, it seemd to
require that NAT, (again - ambiguously not labelled as such if I recall
correctly), and the other "Firewall" options to be enabled. Trying to
match up some of the options in that modem with more common terms for them
was VERY difficult, I remember. Hers was a adsl modem + 2 or 4 port router,
made in China, and supplied by her UK ISP "TalkTalk"
....I can remember not liking it at all !

regards, Richard

 

[MAP]

Some people will relate that a software firewall in addition to a NAT
is not necessary. They're the clever clogs who know what they are
doing ! I love it when the odd one of those, (who always proclaim that all
that is needed is for one to be "web-savvy" and "never open that
unsolicited email etc. ...and practice safe surfing habits etc.),
get something nasty which has slipped past all their web-savviness

My view is that considering that so much software, that ends up in a
PC is web-enabled, (and that software writers seem continually to be
insisting in their software that it needs to scuttle along to its'
home web-site for various reasons), that I like to be notified when
something lurking in the background raises its' head with the
intention of communicating with its' home web-site !

I don't want all the free "runtime" software such as Adobe reader,
and Sun Java, and various application programs to be continually
checking with their home site to see if an upgrade is available, for
a whole multitude of reasons !! And I've found that some software
still tries to 'get out' even after digging right through it to
switch off "automatic check for updates," so it makes one wonder
just what some of the software writers are up to !
Exceptions are of couse a/v and and other trusted, (and uninfected!),
software which is best given permission to collect regular updates.

The main attraction of a good 3rd party software firewall, for
myself, is that it monitors for, and alerts you to "unauthorized
outbound connection attempts", in addition to "unauthorized inbound
connection attempts," and for myself helps me to keep and eye on
software in my PC that tries to get out, even after telling it "No"
regards, Richard

Good post Richard.

 

[MAP]

For some years I have had a LAN with four computers at home, based on
a DLink DSL504T modem/router also providing access to the Internet.
With the kids all grown up and gone now-a-days I decided to simplify
everything. My one remaining machine now connects to the Internet via
a SmartAX ADSL2+ MT882 modem using the ethernet port.

The old DLink had a hardware firewall built in, and I also ran a
software firewall on each individual computer. My question is, now
with a firewall also in
the new modem, and no LAN any more, do I really need a software
firewall on my single machine as well any more? I am running Windows
XP SP3 with the Windows firewall enabled at present.

Many thanks for any advice offered.

http://blog.scotsnewsletter.com/2008/03/24/the-best-firewall-software-of-2008-online-armor/

 

[Twayne]

Your DLink 504T is an ADSL modem/router and has therefore an inbuilt
firewall. It will protect you quite effectively against hackers. You
would need a more sophisticated firewall only if you wanted to limit
the access granted to applications that you run on your PC.

IMHO, people who exercise discipline and restraint when visiting
Internet sites do not need a firewall other than the one built into
their router. However, if you only had a modem but no router then a
firewall would be mandatory.

That's nearly as ignorant as the poor souls who don't yet have the savvy
to even know what discipline and restreaint etc. are necessary yet. If
you didn't have such a huge ego you'd have room for your software
firewall and because you think you know, doesn't mean anything about any
other single person on this planet.

NAT routers et al only give you a first level of protection. Because
YOU think you don't need one, and the size of you ego makes me wonder,
has absolutely no bearing on the rest of society. A second, 2-way
firewall such as ZoneAlarm etc., is indeed worth having for most people.
One of the thngs I detest most on the internet is misinformation, which
your bloated-ego response meets perfectly.

 

[Peter in New Zealand]

Well I'm blowed ! I worked on a PC a couple of months ago that was using
a SmartAX adsl modem, and inaddition to the menu labelling in it being a
whole world unto itself !! ...I also noticed that the "firewall" seemed to
be broken into two parts, after I'd tweaked it around as best I could -
www.grc.com 's "Shields Up" reported that lots of ports were actively
being detected by GRC as "blocked" rather than "Stealthed" ...as he calls
it,

Interesting - I had forgotten about GRC, so after your timely reminder I
tried it myself. The system is running just with the Windows firewall, and
with the modem in an "out-of-the-box" state, apart from my user name and
password of course. And it was reported by Shieldsup as being stealthed on
all of the 1056 ports it tests.

Perhaps Vodafone (my NZ ISP) is tweaking something before sending out the
modems. The modem itself and its manual are certainly VERY unhelpful as far
as information about the firewall is concerned.

 

[Pegasus \(MVP\)]

That's nearly as ignorant as the poor souls who don't yet have the savvy
to even know what discipline and restreaint etc. are necessary yet. If
you didn't have such a huge ego you'd have room for your software firewall
and because you think you know, doesn't mean anything about any other
single person on this planet.

NAT routers et al only give you a first level of protection. Because YOU
think you don't need one, and the size of you ego makes me wonder, has
absolutely no bearing on the rest of society. A second, 2-way firewall
such as ZoneAlarm etc., is indeed worth having for most people. One of the
thngs I detest most on the internet is misinformation, which your
bloated-ego response meets perfectly.

I suggest you change the balance of your reply: Ease off on attacking me
(which does nothing whatsoever for the OP), put some real meat on the
technical side of your reply (which would be of real value to the OP).

 

[RJK]

I should have mentioned that her SmartAX modem is fine, and after resetting
it, and setting it back up with her ISP details - it was fine, including a
quick check at www.grc.com 's "Shields Up" that was okay.
....I suppose what I was really saying is that there were some screens in
there using labels that I couldn't quickly identify, compared to NetGear and
Linksys products. ...Pretty much like motherboard bios screens !

regards, Richard

 

[db.·.. >]

hmm..?

people who are highly
knowledgeable can run
around the internet w/o
a anti virus, like i do
for the reason you state.

but using the windows
firewall is convenient and
better than not having one
at all.

router firewalls are not
worth the time or trouble
and perhaps are a secondary
defense for webservers and
not home servers.

 

[Bill in Co.]

hmm..?

people who are highly
knowledgeable can run
around the internet w/o
a anti virus, like i do

Come again??

 

[Pegasus \(MVP\)]

hmm..?

people who are highly
knowledgeable can run
around the internet w/o
a anti virus, like i do
for the reason you state.

I thought the subject was "Firewall", not "Virus"?

 

[db.·.. >]

potato's, patato's...

running around w/o
protection is best
left for the experts.

 

[John John (MVP)]

hmm..?

people who are highly
knowledgeable can run
around the internet w/o
a anti virus, like i do
for the reason you state.

Perfect example of a false premise in a syllogism, only the conclusion
is missing...

 

[Bill in Co.]

Perfect example of a false premise in a syllogism, only the conclusion
is missing...

You better explain to him what a syllogism is.

 

[Peter in New Zealand]

Gentlemen, gentlemen, (& ladies?), I appreciate the helpful and knowlegeable
comments here, and I have read them carefully. I think I will stay with the
router firewall, and the built in Windows XP firewall. Frankly. it's been so
long since I last picked up a problem that I can't remember when that was.
What I do remember about it is that it was my own stupid fault for browsing
without any protection whatsoever at the time. I learned a sharp lesson, and
deservedly so.

I also run Avast antivirus, and a paid for version of Ashampoo AntiSpyWare.
I used my old DLink router for a few years with nothing more than its own
built in firewall, and never had a problem (that I know of - grin), so I'll
keep the same sort of setup for now.

Once again, I am grateful for the comments and suggestions.

 

[Kayman]

On Mon, 1 Sep 2008 16:25:29 -0400, Twayne wrote:

A second, 2-way firewall such as ZoneAlarm etc., is indeed worth having
for most people.

Please provide technical & security related reasons for recommending ZA and
relevant statistics in relation to "...worth having for *most* people".

One of the thngs I detest most on the internet is misinformation,

Recommending ZA as an Internet Security application is gross
misinformation!

which your bloated-ego response meets perfectly.

Which 3rd party software manufacturer do you represent?

 

[Twayne]

I suggest you change the balance of your reply: Ease off on attacking
me (which does nothing whatsoever for the OP), put some real meat on
the technical side of your reply (which would be of real value to the
OP).

I will "attack" as you put it, misinformation wherever and whenever I
find it and wish to do so. You attempted to paint the universe with all
one color and that doesn't work. If you want someone to have more
accurate information, I would suggest you provide it.
I have nothing against you personally; only misinformation. If you
feel that's against you, then so be it; I can't help that. I seldom pay
attention to names unless I see grossly incorrect information so up to
this point i had no idea it was you who posted that; the author wasn't
important yet. The misinformation is/was.

I think I made myself clear enough. The OP can make his own decisions,
even do his own research. Were he to ask further questions I would
gladly provide any relevant information or experience that I may have.

I will admit one thing; I did have more for the OP In the way of
information, but I was interrupted and didn't get back to posting
directly until just now. So in some way I am remiss in providing
information. But from the look of the thread it's all become moot now.