Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Is ICF recommended when a hardware firewall is available?

Posted on 2005-03-30
Medium Priority
Last Modified: 2013-12-04

In my network, i have a Cisco Hardware Firewall.

I use Windows XP Service Pack 2 as my client computer. Should i use the ICF, the Hardware Firewall, or both?

Does ist cause problems it i use the Hardware Firewall and ICF together? On which OSI Layer does ICF operate?
Question by:readyyy
  • 3
LVL 38

Expert Comment

by:Rich Rumble
ID: 13663162
All layers, assuming you have something physically connected (a second pc- layer 1)
You can use both, it's no harm. Windows firewall is great blocking traffic, but it's not a configurable as other firewalls, meaning you can't allow certain ip's in and deny all others, it's really an all or nothing blocker. You allow a port, and any device can connect to that port. A hardware firewall or even commercial software firewalls allow you to configure the control alot more typically.
LVL 38

Expert Comment

by:Rich Rumble
ID: 13663237
http://www.protocols.com/pbook/tcpip1.htm This can help you understand what applications use certain layers, but with tcp you can think of a port being allowed on a firewall as transport layer (3). The xp firewall is able to block on all layers (broadcast's etc...) Technically you can allow things like dhcp bradcast's and icmp etc... so it will allow on layer2 as well.
LVL 16

Accepted Solution

JammyPak earned 500 total points
ID: 13663473
I would use it...using ICF will protect you if anyone on your LAN gets infected with a network worm or something...some may say it's overkill, but it certainly won't hurt. I think nowdays you'll probably find more and more companies using SW firewalls to protect the client machines, as well as the HW firewall at the perimeter. You may have some problems until you figure out all of the ports that you need to open for your backups, anti-virus updates, etc.

Since I don't think that the ICF can block traffic based on MAC or IP addresses, I would agree with richrumble that it's operating at layer 4. It's not an application proxy, so I don't think it operates on higher layers.
LVL 38

Expert Comment

by:Rich Rumble
ID: 13664014
True, the "gray-area" is that it can block layer2 broadcasts, and 3, which will null the other layers as no handshake can take place without layer 3 or above, and it's able to block UDP no problem as well. Again it has no grainular control, it's either an open port, or a closed port- it can't filter on anything more than that(icf that is).

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses
Course of the Month10 days, 20 hours left to enroll

572 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question