Use XP Firewall with Router & Firewall?

[John]

Is it recomended to turn on and use the XP Firewall on workstations
even if our network sits behind a router with it's own Firewall? Will
this cause problems? Until the last XP service pack, I only used the
XP firewall when connecting from home or on the road. Now all
connections are firewalled by default.
Thanks.

 

[Peter]

Not wise to use two, they could conflict. Turn off Windows Firewall.

 

[da_test]

Is it recomended to turn on and use the XP Firewall on workstations
even if our network sits behind a router with it's own Firewall? Will
this cause problems? Until the last XP service pack, I only used the
XP firewall when connecting from home or on the road. Now all
connections are firewalled by default.
Thanks.

Leave it on. It's low overhead and it wont cause any
problem in this situation.
Some people run two software FW's such as the built-in
and Zonealarm - that raises a bigger concern in my mind.
Dave

 

[Yves Leclerc]

No conflicts! This would help in stopping any WORM virus that may get thru.
You can run a hardware firewall (router & firewall) and a software firewall
(SP2's).

 

[Connected]

Not wise to use two, they could conflict. Turn off Windows Firewall.

He said "router" firewall and XP firewall. That is fine, and wise.

 

[Ken Blake]

In

Not wise to use two, they could conflict. Turn off Windows
Firewall.

No, it's not wise to run two software firewalls because of the
possibility of conflicts, but the hardware protection the router
offers can't conflict with the software protection of the Windows
firewall.

However the Windows firewall offers little or no extra protection
over what the router offers. Both protect you against incoming
attacks but do nothing about monitoring outbound traffic, and
stopping rogue programs trying to call home. Fot that reason, I
do recommend running a software firewall in adition to the
router, but not the Windows one. Almost any of the third-party
firewalls will add such extra protection. Personally I use the
free version of ZoneAlarm in addition to my router.

--
Ken Blake - Microsoft MVP Windows: Shell/User
Please reply to the newsgroup

 

[Connected]

However the Windows firewall offers little or no extra protection
over what the router offers. Both protect you against incoming
attacks but do nothing about monitoring outbound traffic,

XP SP2 Firewall has stately inspection so it does.

 

[Tom Pepper Willett]

Windows Firewall does *not* offer outbound protection.

Tom
| On Tue, 8 Mar 2005 13:15:37 -0700, "Ken Blake"
|
|
| >However the Windows firewall offers little or no extra protection
| >over what the router offers. Both protect you against incoming
| >attacks but do nothing about monitoring outbound traffic,
|
| XP SP2 Firewall has stately inspection so it does.

 

[Ken Blake]

In

XP SP2 Firewall has stately inspection so it does.

Sorry, but that's wrong. XP's firewall, with or without SP2, is
incoming only.

 

[Admiral Q]

Running a "software" and "hardware" firewall is perfectly legit, and highly
recommended if behind the "hardware" firewall you have a network (as in a
home network) as it protects the computer from the remaining computers on
the network should one of them happen to become infected.

--
Star Fleet Admiral Q @ your service!
"Google is your Friend!"
www.google.com

***********************************************

 

[Bruce Chambers]

Is it recomended to turn on and use the XP Firewall on workstations
even if our network sits behind a router with it's own Firewall? Will
this cause problems? Until the last XP service pack, I only used the
XP firewall when connecting from home or on the road. Now all
connections are firewalled by default.
Thanks.

SP2's Firewall's most important virtues, I think, are it's improved
compatibility with internal LANs and its configurability via group
policies. Now, there's a simple, cheap tool that system admins can use
to protect the LAN workstations from that occasional - but not rare
enough - fool who manages to bypass the perimeter firewall and manually
install some malware that could then spread throughout the LAN via
shared drives.


--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH

 

[Leythos]

On Tue, 08 Mar 2005 19:47:57 -0700, Bruce Chambers wrote:
[snip]

SP2's Firewall's most important virtues, I think, are it's improved
compatibility with internal LANs and its configurability via group
policies. Now, there's a simple, cheap tool that system admins can use
to protect the LAN workstations from that occasional - but not rare
enough - fool who manages to bypass the perimeter firewall and manually
install some malware that could then spread throughout the LAN via
shared drives.

Got news for you, but if you're in a LAN and using the SP2 firewall it's
already setup to allow access to shares and will not protect your computer
while it's in a LAN/Domain.

 

[Leythos]

On Tue, 08 Mar 2005 19:47:57 -0700, Bruce Chambers wrote:
[snip]

SP2's Firewall's most important virtues, I think, are it's improved
compatibility with internal LANs and its configurability via group
policies. Now, there's a simple, cheap tool that system admins can use
to protect the LAN workstations from that occasional - but not rare
enough - fool who manages to bypass the perimeter firewall and manually
install some malware that could then spread throughout the LAN via
shared drives.

Got news for you, but if you're in a LAN and using the SP2 firewall it's
already setup to allow access to shares and will not protect your computer
while it's in a LAN/Domain.

It's not 100% effective, but it's still better than nothing. It
depends upon the specific type of threat, of course. Things like
Blaster, Welchia, and Sasser, that are not spread via network shares,
get stopped.

I agree, but the poster specifically implied that the SP2 firewall would
stop the spread of nasties that use file sharing.

 

[Bruce Chambers]

On Tue, 08 Mar 2005 19:47:57 -0700, Bruce Chambers wrote:
[snip]

SP2's Firewall's most important virtues, I think, are it's improved
compatibility with internal LANs and its configurability via group
policies. Now, there's a simple, cheap tool that system admins can use
to protect the LAN workstations from that occasional - but not rare
enough - fool who manages to bypass the perimeter firewall and manually
install some malware that could then spread throughout the LAN via
shared drives.

Got news for you, but if you're in a LAN and using the SP2 firewall it's
already setup to allow access to shares and will not protect your computer
while it's in a LAN/Domain.

It's not 100% effective, but it's still better than nothing. It
depends upon the specific type of threat, of course. Things like
Blaster, Welchia, and Sasser, that are not spread via network shares,
get stopped.


--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH

 

[Bruce Chambers]

On Tue, 08 Mar 2005 20:10:00 -0700, Bruce Chambers wrote:



I agree, but the poster specifically implied that the SP2 firewall would
stop the spread of nasties that use file sharing.

Good point. I'll need to reword that one, won't I?


--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH

 

[Leythos]

Good point. I'll need to reword that one, won't I?

I've actually taken to disabling the firewall service on every workstation
inside a network that we've setup security for. I've found the FW to be
nothing but a pain in a secure network.

 

[Connected]

Windows Firewall does *not* offer outbound protection.

Oh, well, I don't use it anymore anyway.

 

[Connected]

Sorry, but that's wrong. XP's firewall, with or without SP2, is
incoming only.

Yea, yea, I've been told ten times already.

 

[cquirke (MVP Windows shell/user)]

On Tue, 08 Mar 2005 19:47:57 -0700, Bruce Chambers

SP2's Firewall's most important virtues, I think, are it's improved
compatibility with internal LANs

There may be a shadow over that, given recent concerns about how File
and Print Services can be erroneously mapped to the whole Internet.

-- Risk Management is the clue that asks:

"Why do I keep open buckets of petrol next to all the
ashtrays in the lounge, when I don't even have a car?"

 

[Bruce Chambers]

There may be a shadow over that, given recent concerns about how File
and Print Services can be erroneously mapped to the whole Internet.

A possibility, if there's no perimeter defense in place. Why does
every silver lining have to come with a dark cloud? ;-}


--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH