Solved

If I have a netgear WGT624 router, do I need any host-based firewalling software?

Posted on 2004-08-12
7
503 Views
Last Modified: 2013-12-14
So, I have this firewall setup for both NAT and SPI firewall mode. I have no port forwarding or port trigering and no DMZ established. According to Netgear's web site, you should NOT use a host-based firewall as it can interfere with the router's firewall.

I do not have much experience with PC-based firewalls so I am not sure this is the best course of action.

I would prefer to not use any software, since it saps performance. However, if I need to I will.

By the way, I have 3 Windows XP machines and 2 Linux machines.

Thanks for the help...Michael
0
Comment
Question by:mhyman
  • 2
7 Comments
 
LVL 11

Accepted Solution

by:
infotrader earned 25 total points
Comment Utility
It really depends on your setup and who you ask:

Answer #1:
You are okay.  If you are not doing anything special and do not turn on port-forwarding, for the most part you should be ok.  If you start to tweak around the router, you might open up more holes, therefore more vulnerability.

Answer #2:
If you are really paranoid, then yes, install a personal firewall on ALL the WORKSTATIONS.  I personally think this might be an administrative nightmare, but some people believe that there is no such thing as too much security.

There is no good answer.  Since I do not have too much incriminating/confidential data on my computer, and I keep regular backup of my data, I opt for #1.  It is so much easier to troulbe-shoot and support internally, and should be adequate in most cases.

If you install a personal firewall software, you'd have to worry about granting the right access to the other local machines, etc.  Also, if you trouble-shoot connectivity, it may give you false-positives because the ports you are using might be blocked.  Finally, your firewall software might suck up unnecessary resources and even cause conflicts w/ other software installed.

You can, however, give XP Service Pack 2 a shot.  I am testing it out right now, and do not see too much problems.  Of course, this is day2, and I have yet to use any special features/tools.

- Info
0
 

Assisted Solution

by:pheriplex
pheriplex earned 25 total points
Comment Utility
There is no such need to install a packet-filtering firewall in each system if you are using an ADSL router with NAT enabled. The Netgear router will filter out all the inbound packets that originate from the external network (internet) since NAT naturally allows no access from outside to the inside unless it is deliberately configured.

However; beware that this firewall scheme would allow any connection from inside to the outside. So if in any way, a host behind this router connects to an attacker's system via TCP/IP protocol, the router's firewall will be absolutely useless. There are countless vulnerabilities that are used on the wild that concern the flaws in Internet Explorer and Microsoft Outlook, which trigger a connection from your host first so that the attacker successfully disables your packet-filtering firewall this way.

At this point, the best way is to update the systems with the latest patches, and frequently check for new security patches in future. After all updates are done, a firewall has to be installed on each Windows XP host. A good option is to install the free Sygate Personal Firewall. However; there are different alternatives which are also free. The application-based firewalls slowly learn what should be allowed and what should be not as the user interacts with the settings. However; for Linux OS, most of the "free" firewalls do not contain any user interaction at all so they are just GUI applications that merely set the packet-filtering configuration in a rather easier way. Since Linux does not contain many of the risks associated with ever-vulnerable Windows applications, the Linux boxes might stay unfirewalled, although I recommend that you disable the ports that you do not use.

0
 

Author Comment

by:mhyman
Comment Utility
I am still looking for more input, so please don't abandon the question.

Thanks.
0
 
LVL 11

Expert Comment

by:infotrader
Comment Utility
Mhyman... Thumbs-up from me for Service Pack 2.  The router/firewall should be enough for most attacks, but the built-in (free!!!) firewall that comes with SP2 gives you even better protections on top of your hardware.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

This solves the problem of diagnosing why an internet connection is no longer working. It also helps identify the likely cause of the lost connection if the procedure fails to re-establish your internet connection. It helps to pinpoint the likely co…
Cable Modem Provisioning from DPoE compliant server  This Article is to support CMTS administrators to provide an overview of DOCSIS compliance configuration file, and to provision a cable modem located at customer place from a Back office serve…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now