question
in [Windows Viruses]
|
From: David H. Lipman on 11 Apr 2010 19:55 From: "RB" <NoMail(a)NoSpam> >>I'm not one for a FireWall application but a NAT Router or FireWall Appliance >>combined with the native FireWall of XP, Vista or Win7. | 2 questions, | 1. I have a NAT router but I don't think it has any hardware firewall | on it, do I need one that does ? (I do have the netbios ports blocked on the Wan | port) | 2. I heard the Microsoft Firewall only monitors what comes in and no control | over what goes out. Isn't it prudent to monitor the outflow also ? NAT Routers by their nature are simplistic FireWalls and have FireWall constructs such as blocking and IP from accessing the Internet, blocking a port or port range, etc. Some NAT Routers have a full FireWall implementation built-in. The idea that the MS included FireWall is unidirectional is untrue. The rumour may have gotten started with WinXP Gold/SP1 which had a premature FireWall. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: Leythos on 11 Apr 2010 20:14 In article <#xLkwAd2KHA.4332(a)TK2MSFTNGP02.phx.gbl>, NoMail(a)NoSpam says... > > >I'm not one for a FireWall application but a NAT Router or FireWall Appliance > >combined with the native FireWall of XP, Vista or Win7. > > 2 questions, > 1. I have a NAT router but I don't think it has any hardware firewall > on it, do I need one that does ? (I do have the netbios ports blocked on the Wan port) A basic NAT router is often called a firewall by sales people and marketing types. The "NAT ROUTER" works to 'protect' your network by only allowing inbound connections that have been requested by something INSIDE your network. Some NAT routers have "firewall like" features, allowing you to block inbound or outbound ports, but, don't confuse them with firewalls. As an example, if I choose to specify an HTTP rule, the firewall can inspect the traffic to ensure that it's actually HTTP traffic and not FTP or SMTP traffic, but the NAT router only passes the PORT traffic without actually knowing what it's passing. If you secure your operating system properly and don't run as a local Admin, a simple NAT router is likely to protect you from most attacks. At the same time, a poorly configured firewall is likely to not provide as much protection as a NAT router. With that said, most of the quality firewall can inspect traffic and remove detectable malware from web-browsing, email, ftp, etc... -- You can't trust your best friends, your five senses, only the little voice inside you that most civilians don't even hear -- Listen to that. Trust yourself. spam999free(a)rrohio.com (remove 999 for proper email address)
From: RB on 11 Apr 2010 20:28 > NAT Routers by their nature are simplistic FireWalls and have FireWall constructs such as > blocking and IP from accessing the Internet, blocking a port or port range, etc. Some NAT > Routers have a full FireWall implementation built-in. I am aware (in my unprofessional ability) of the more secure NAT hookup as opposed to a direct connection to the WAN modem, but I have read some texts that while more challenging it is possible to hack past and see inside the NAT. I have been thinking of looking for a good router with a built in two way firewall, but have been apprehensive about the logistics. I.e. it will have to periodically download updateds to new issues just like a software fire won't it ? > The idea that the MS included FireWall is unidirectional is untrue. The rumour may have > gotten started with WinXP Gold/SP1 which had a premature FireWall. Wow that is enlightening. There is "much" talk recorded on the net referring to the dated scenario (without any mention of the updated capability)
From: David H. Lipman on 11 Apr 2010 20:39 From: "RB" <NoMail(a)NoSpam> >> NAT Routers by their nature are simplistic FireWalls and have FireWall constructs such >> as >> blocking and IP from accessing the Internet, blocking a port or port range, etc. Some >> NAT >> Routers have a full FireWall implementation built-in. | I am aware (in my unprofessional ability) of the more secure NAT hookup as opposed | to a direct connection to the WAN modem, but I have read some texts that while more | challenging it is possible to hack past and see inside the NAT. | I have been thinking of looking for a good router with a built in two way firewall, but | have | been apprehensive about the logistics. I.e. it will have to periodically download | updateds | to new issues just like a software fire won't it ? >> The idea that the MS included FireWall is unidirectional is untrue. The rumour may >> have >> gotten started with WinXP Gold/SP1 which had a premature FireWall. | Wow that is enlightening. There is "much" talk recorded on the net referring to the | dated scenario (without any mention of the updated capability) The problem with NAT is that it is possible to be "invited" to the LAN side. The WAN/LAN door may be closed but, it can be opened. Specifically blocking posrts such as 135 ~ 139 and 445 means the door is locked andf can not be opened. As for updates to a FireWakll appliance, that usually would be a firmware upgrade. The actual FireWall would be rules based. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: RB on 11 Apr 2010 20:43 Thanks for the info, it was explained well. I have read that by using a bonafide firewall router in conjunction with a software firewall that one would get better performance. I have no idea how this would occur since the text did not elaborate, but I surmised something to do with possibly less restrictive settings for software (depending more on the router firewall ) and thereby leaving the software to concentrate on malware issues. Is this a bunch of web blab or is there any reality to it ?
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 Prev: Worries About Stealing, etc - PCBUTTS Exposed, again Next: https / "Man In The Middle" Q. |