Solved

If I have a netgear WGT624 router, do I need any host-based firewalling software?

Posted on 2004-08-12
7
509 Views
Last Modified: 2013-12-14
So, I have this firewall setup for both NAT and SPI firewall mode. I have no port forwarding or port trigering and no DMZ established. According to Netgear's web site, you should NOT use a host-based firewall as it can interfere with the router's firewall.

I do not have much experience with PC-based firewalls so I am not sure this is the best course of action.

I would prefer to not use any software, since it saps performance. However, if I need to I will.

By the way, I have 3 Windows XP machines and 2 Linux machines.

Thanks for the help...Michael
0
Comment
Question by:mhyman
  • 2
7 Comments
 
LVL 11

Accepted Solution

by:
infotrader earned 25 total points
ID: 11796075
It really depends on your setup and who you ask:

Answer #1:
You are okay.  If you are not doing anything special and do not turn on port-forwarding, for the most part you should be ok.  If you start to tweak around the router, you might open up more holes, therefore more vulnerability.

Answer #2:
If you are really paranoid, then yes, install a personal firewall on ALL the WORKSTATIONS.  I personally think this might be an administrative nightmare, but some people believe that there is no such thing as too much security.

There is no good answer.  Since I do not have too much incriminating/confidential data on my computer, and I keep regular backup of my data, I opt for #1.  It is so much easier to troulbe-shoot and support internally, and should be adequate in most cases.

If you install a personal firewall software, you'd have to worry about granting the right access to the other local machines, etc.  Also, if you trouble-shoot connectivity, it may give you false-positives because the ports you are using might be blocked.  Finally, your firewall software might suck up unnecessary resources and even cause conflicts w/ other software installed.

You can, however, give XP Service Pack 2 a shot.  I am testing it out right now, and do not see too much problems.  Of course, this is day2, and I have yet to use any special features/tools.

- Info
0
 

Assisted Solution

by:pheriplex
pheriplex earned 25 total points
ID: 11802488
There is no such need to install a packet-filtering firewall in each system if you are using an ADSL router with NAT enabled. The Netgear router will filter out all the inbound packets that originate from the external network (internet) since NAT naturally allows no access from outside to the inside unless it is deliberately configured.

However; beware that this firewall scheme would allow any connection from inside to the outside. So if in any way, a host behind this router connects to an attacker's system via TCP/IP protocol, the router's firewall will be absolutely useless. There are countless vulnerabilities that are used on the wild that concern the flaws in Internet Explorer and Microsoft Outlook, which trigger a connection from your host first so that the attacker successfully disables your packet-filtering firewall this way.

At this point, the best way is to update the systems with the latest patches, and frequently check for new security patches in future. After all updates are done, a firewall has to be installed on each Windows XP host. A good option is to install the free Sygate Personal Firewall. However; there are different alternatives which are also free. The application-based firewalls slowly learn what should be allowed and what should be not as the user interacts with the settings. However; for Linux OS, most of the "free" firewalls do not contain any user interaction at all so they are just GUI applications that merely set the packet-filtering configuration in a rather easier way. Since Linux does not contain many of the risks associated with ever-vulnerable Windows applications, the Linux boxes might stay unfirewalled, although I recommend that you disable the ports that you do not use.

0
 

Author Comment

by:mhyman
ID: 12144945
I am still looking for more input, so please don't abandon the question.

Thanks.
0
 
LVL 11

Expert Comment

by:infotrader
ID: 12146457
Mhyman... Thumbs-up from me for Service Pack 2.  The router/firewall should be enough for most attacks, but the built-in (free!!!) firewall that comes with SP2 gives you even better protections on top of your hardware.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Cable Modem Provisioning from DPoE compliant server  This Article is to support CMTS administrators to provide an overview of DOCSIS compliance configuration file, and to provision a cable modem located at customer place from a Back office serve…
Sometimes you have to pull out old tricks to get a new firewall to work… While we were installing a new Sonicwall at a customers site we found that sites they were able to visit before were not working.  It seemed random and we could not understa…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question