Firewall Software.

[satans.barber]

Originally posted by arnisador

My wife and I finally got the router set up so that we both have an always-on DSL connection. Any advice on firewall software to protect us from miscreants?

Bear in mind that now you've got a router you don't really need a firewall, unless you're forwarding ports.

See, you only have one IP address for your house, which would have used to have belonged to the computer that you dialed up with, or that had your cable or DSL modem attatched to.

When people scanned IP ranges for exploits, if your IP was in the range it would have scanned your actual machine, which is why firewall software would have been a good idea. Now though, the IP will belong to your router, which isn't running Windows and therefore isn't vulnerable to the attacks you had to worry about before.

You only need to put a firewall on your PCs if you're forwarding ports (for instance if you're running an HTTP or FTP server on one of the machines), and firewall software would be useless then anyway since you'd need to tell it that people could access these services in order for them to work.

Ian.

 

[Mithios]

Your router has a built in firewall. But if you want to know about one that works well, try black ice or zone alarm. Trial versions of both are on www.download.com. Check out www.majorgeeks.com for more firewall selections. I tried bitguard not to long ago and wasnt impressed with the results. Zone alarm and black ice are much better.
Mithios

 

[lhommedieu]

like robert carver said, the hardware is better. basically because software becomes a part of your operating system so its not really keeping anyone or anything out of your computer, it just throws up a smokescreen from inside. the external hardware will put up a tangible first barrier against incoming hits. just another degree of security. ive heard that you will pay 100-200 u.s.$ for a good one.

I was recently attacked by a nasty little scumware program that hijacked my internet browser and kept spitting out popup ads, websites - you name it, I got it. It wouldn't let me overide my "homepage" options, so everytime I rebooted I got the same homepage again (disguised as a "search engine"). Every attempt to eradicate through Norton Utilities and Norton Anti-Virus failed; Finally I contacted the company that makes Norton and, after an hour of taking over my system (pretty cool to watch), they were able to kill the little sucker. No way I could have done it on my own, as they had to download programs onto my hard drive to get the job done. I guess the moral is that if I had an adequate Firewall, it probably wouldn't have happened in the first place.

Here in NYC where I have Verizon DSL, Verizon sells the Linksys router for $79.95, and offers technical support to boot. The payments can be split in three and put on your monthly bill.

Sounds like a great deal. After reading Robert Carver's post and contacting Verizon, I think that this is the route I'm going to go...

Thanks, Robert.

Best,

Steve Lamade

 

[phoenix]

Originally posted by arnisador
I appreciated the explanation of what the hardware and software versions do. It never occurred to me that the router might have this built in--I just assumed I'd have to buy one. I'll check its documentation (iPAQ Connection Point CP-2E) and look into the GRC site when it's back up (it is still down now) and also into Zone Alarm.

Thanks all, this has been very helpful!

Bear in mind there are two main kinds of attacks. Typically a hardware-based firewall solution will deter network-based attacks, while a software firewall (such as zone alarm, norton, etc.) stop host-directed attacks. I would recommend using your routers built-in firewall, if it has it, as well as a software based firewall (zone alarm if you're pretty computer savvy, norton or mcafee if you're more of a 'user').

Hope this helps.

Sean

 

[arnisador]

I'm in-between.

 

[Cthulhu]

You don't have to be 'savvy' to use ZoneAlarm. Installing it is very easy and setting the permissions isn't difficult at all. Now, if you want to be able to utilize all the information it logs, then it would help to have some familiarity with network and Internet concepts; however, if you just want to take advantages of its security, then it is definitly a worthy option.

And it's FREE.

Cthulhu