If I have a netgear WGT624 router, do I need any host-based firewalling software?

Posted on 2004-08-12
Last Modified: 2013-12-14
So, I have this firewall setup for both NAT and SPI firewall mode. I have no port forwarding or port trigering and no DMZ established. According to Netgear's web site, you should NOT use a host-based firewall as it can interfere with the router's firewall.

I do not have much experience with PC-based firewalls so I am not sure this is the best course of action.

I would prefer to not use any software, since it saps performance. However, if I need to I will.

By the way, I have 3 Windows XP machines and 2 Linux machines.

Thanks for the help...Michael
Question by:mhyman
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 11

Accepted Solution

infotrader earned 25 total points
ID: 11796075
It really depends on your setup and who you ask:

Answer #1:
You are okay.  If you are not doing anything special and do not turn on port-forwarding, for the most part you should be ok.  If you start to tweak around the router, you might open up more holes, therefore more vulnerability.

Answer #2:
If you are really paranoid, then yes, install a personal firewall on ALL the WORKSTATIONS.  I personally think this might be an administrative nightmare, but some people believe that there is no such thing as too much security.

There is no good answer.  Since I do not have too much incriminating/confidential data on my computer, and I keep regular backup of my data, I opt for #1.  It is so much easier to troulbe-shoot and support internally, and should be adequate in most cases.

If you install a personal firewall software, you'd have to worry about granting the right access to the other local machines, etc.  Also, if you trouble-shoot connectivity, it may give you false-positives because the ports you are using might be blocked.  Finally, your firewall software might suck up unnecessary resources and even cause conflicts w/ other software installed.

You can, however, give XP Service Pack 2 a shot.  I am testing it out right now, and do not see too much problems.  Of course, this is day2, and I have yet to use any special features/tools.

- Info

Assisted Solution

pheriplex earned 25 total points
ID: 11802488
There is no such need to install a packet-filtering firewall in each system if you are using an ADSL router with NAT enabled. The Netgear router will filter out all the inbound packets that originate from the external network (internet) since NAT naturally allows no access from outside to the inside unless it is deliberately configured.

However; beware that this firewall scheme would allow any connection from inside to the outside. So if in any way, a host behind this router connects to an attacker's system via TCP/IP protocol, the router's firewall will be absolutely useless. There are countless vulnerabilities that are used on the wild that concern the flaws in Internet Explorer and Microsoft Outlook, which trigger a connection from your host first so that the attacker successfully disables your packet-filtering firewall this way.

At this point, the best way is to update the systems with the latest patches, and frequently check for new security patches in future. After all updates are done, a firewall has to be installed on each Windows XP host. A good option is to install the free Sygate Personal Firewall. However; there are different alternatives which are also free. The application-based firewalls slowly learn what should be allowed and what should be not as the user interacts with the settings. However; for Linux OS, most of the "free" firewalls do not contain any user interaction at all so they are just GUI applications that merely set the packet-filtering configuration in a rather easier way. Since Linux does not contain many of the risks associated with ever-vulnerable Windows applications, the Linux boxes might stay unfirewalled, although I recommend that you disable the ports that you do not use.


Author Comment

ID: 12144945
I am still looking for more input, so please don't abandon the question.

LVL 11

Expert Comment

ID: 12146457
Mhyman... Thumbs-up from me for Service Pack 2.  The router/firewall should be enough for most attacks, but the built-in (free!!!) firewall that comes with SP2 gives you even better protections on top of your hardware.

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This solves the problem of diagnosing why an internet connection is no longer working. It also helps identify the likely cause of the lost connection if the procedure fails to re-establish your internet connection. It helps to pinpoint the likely co…
Cable Modem Provisioning from DPoE compliant server  This Article is to support CMTS administrators to provide an overview of DOCSIS compliance configuration file, and to provision a cable modem located at customer place from a Back office serve…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question