If I have a netgear WGT624 router, do I need any host-based firewalling software?

So, I have this firewall setup for both NAT and SPI firewall mode. I have no port forwarding or port trigering and no DMZ established. According to Netgear's web site, you should NOT use a host-based firewall as it can interfere with the router's firewall.

I do not have much experience with PC-based firewalls so I am not sure this is the best course of action.

I would prefer to not use any software, since it saps performance. However, if I need to I will.

By the way, I have 3 Windows XP machines and 2 Linux machines.

Thanks for the help...Michael
Who is Participating?
infotraderConnect With a Mentor Commented:
It really depends on your setup and who you ask:

Answer #1:
You are okay.  If you are not doing anything special and do not turn on port-forwarding, for the most part you should be ok.  If you start to tweak around the router, you might open up more holes, therefore more vulnerability.

Answer #2:
If you are really paranoid, then yes, install a personal firewall on ALL the WORKSTATIONS.  I personally think this might be an administrative nightmare, but some people believe that there is no such thing as too much security.

There is no good answer.  Since I do not have too much incriminating/confidential data on my computer, and I keep regular backup of my data, I opt for #1.  It is so much easier to troulbe-shoot and support internally, and should be adequate in most cases.

If you install a personal firewall software, you'd have to worry about granting the right access to the other local machines, etc.  Also, if you trouble-shoot connectivity, it may give you false-positives because the ports you are using might be blocked.  Finally, your firewall software might suck up unnecessary resources and even cause conflicts w/ other software installed.

You can, however, give XP Service Pack 2 a shot.  I am testing it out right now, and do not see too much problems.  Of course, this is day2, and I have yet to use any special features/tools.

- Info
pheriplexConnect With a Mentor Commented:
There is no such need to install a packet-filtering firewall in each system if you are using an ADSL router with NAT enabled. The Netgear router will filter out all the inbound packets that originate from the external network (internet) since NAT naturally allows no access from outside to the inside unless it is deliberately configured.

However; beware that this firewall scheme would allow any connection from inside to the outside. So if in any way, a host behind this router connects to an attacker's system via TCP/IP protocol, the router's firewall will be absolutely useless. There are countless vulnerabilities that are used on the wild that concern the flaws in Internet Explorer and Microsoft Outlook, which trigger a connection from your host first so that the attacker successfully disables your packet-filtering firewall this way.

At this point, the best way is to update the systems with the latest patches, and frequently check for new security patches in future. After all updates are done, a firewall has to be installed on each Windows XP host. A good option is to install the free Sygate Personal Firewall. However; there are different alternatives which are also free. The application-based firewalls slowly learn what should be allowed and what should be not as the user interacts with the settings. However; for Linux OS, most of the "free" firewalls do not contain any user interaction at all so they are just GUI applications that merely set the packet-filtering configuration in a rather easier way. Since Linux does not contain many of the risks associated with ever-vulnerable Windows applications, the Linux boxes might stay unfirewalled, although I recommend that you disable the ports that you do not use.

mhymanAuthor Commented:
I am still looking for more input, so please don't abandon the question.

Mhyman... Thumbs-up from me for Service Pack 2.  The router/firewall should be enough for most attacks, but the built-in (free!!!) firewall that comes with SP2 gives you even better protections on top of your hardware.
All Courses

From novice to tech pro — start learning today.