If I have a netgear WGT624 router, do I need any host-based firewalling software?

Posted on 2004-08-12
Last Modified: 2013-12-14
So, I have this firewall setup for both NAT and SPI firewall mode. I have no port forwarding or port trigering and no DMZ established. According to Netgear's web site, you should NOT use a host-based firewall as it can interfere with the router's firewall.

I do not have much experience with PC-based firewalls so I am not sure this is the best course of action.

I would prefer to not use any software, since it saps performance. However, if I need to I will.

By the way, I have 3 Windows XP machines and 2 Linux machines.

Thanks for the help...Michael
Question by:mhyman
  • 2
LVL 11

Accepted Solution

infotrader earned 25 total points
ID: 11796075
It really depends on your setup and who you ask:

Answer #1:
You are okay.  If you are not doing anything special and do not turn on port-forwarding, for the most part you should be ok.  If you start to tweak around the router, you might open up more holes, therefore more vulnerability.

Answer #2:
If you are really paranoid, then yes, install a personal firewall on ALL the WORKSTATIONS.  I personally think this might be an administrative nightmare, but some people believe that there is no such thing as too much security.

There is no good answer.  Since I do not have too much incriminating/confidential data on my computer, and I keep regular backup of my data, I opt for #1.  It is so much easier to troulbe-shoot and support internally, and should be adequate in most cases.

If you install a personal firewall software, you'd have to worry about granting the right access to the other local machines, etc.  Also, if you trouble-shoot connectivity, it may give you false-positives because the ports you are using might be blocked.  Finally, your firewall software might suck up unnecessary resources and even cause conflicts w/ other software installed.

You can, however, give XP Service Pack 2 a shot.  I am testing it out right now, and do not see too much problems.  Of course, this is day2, and I have yet to use any special features/tools.

- Info

Assisted Solution

pheriplex earned 25 total points
ID: 11802488
There is no such need to install a packet-filtering firewall in each system if you are using an ADSL router with NAT enabled. The Netgear router will filter out all the inbound packets that originate from the external network (internet) since NAT naturally allows no access from outside to the inside unless it is deliberately configured.

However; beware that this firewall scheme would allow any connection from inside to the outside. So if in any way, a host behind this router connects to an attacker's system via TCP/IP protocol, the router's firewall will be absolutely useless. There are countless vulnerabilities that are used on the wild that concern the flaws in Internet Explorer and Microsoft Outlook, which trigger a connection from your host first so that the attacker successfully disables your packet-filtering firewall this way.

At this point, the best way is to update the systems with the latest patches, and frequently check for new security patches in future. After all updates are done, a firewall has to be installed on each Windows XP host. A good option is to install the free Sygate Personal Firewall. However; there are different alternatives which are also free. The application-based firewalls slowly learn what should be allowed and what should be not as the user interacts with the settings. However; for Linux OS, most of the "free" firewalls do not contain any user interaction at all so they are just GUI applications that merely set the packet-filtering configuration in a rather easier way. Since Linux does not contain many of the risks associated with ever-vulnerable Windows applications, the Linux boxes might stay unfirewalled, although I recommend that you disable the ports that you do not use.


Author Comment

ID: 12144945
I am still looking for more input, so please don't abandon the question.

LVL 11

Expert Comment

ID: 12146457
Mhyman... Thumbs-up from me for Service Pack 2.  The router/firewall should be enough for most attacks, but the built-in (free!!!) firewall that comes with SP2 gives you even better protections on top of your hardware.

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Cable Modem Provisioning from DPoE compliant server  This Article is to support CMTS administrators to provide an overview of DOCSIS compliance configuration file, and to provision a cable modem located at customer place from a Back office serve…
Sometimes you have to pull out old tricks to get a new firewall to work… While we were installing a new Sonicwall at a customers site we found that sites they were able to visit before were not working.  It seemed random and we could not understa…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now