FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


How does a firewall protect you?





Arno v. Lumig
Hello all,

All of my computers are connected through 2 NAT routers, so they can't be pinged or portscanned from the outside. The routers don't have port forwarding enabled, and the computers are not running any servers.
My computers run a virus scanner and a spyware scanner, so there is no real chance of getting a virus.
All programs on my computer have the right to connect to the internet (Yes, that includes WGA Wink)

Why would I need a firewall then? As far as I can see there are no real ways to bypass the NAT from the outside, and all computers on the inside of the network are trusted.

Greetings,
Arno
ninjakannon
I'm not all that knowledgeable about routers and that, and I must say I didn't think that a NAT router would be able stop people attempting to breach your system, I've had attempts blocked by my firewall before despite having a NAT router.

Even if you are protected though, I would have thought it best to use a firewall as a precaution. What if someone or something does get past your firewall? Then you would kick your self.

Is there any reason why you might not want one?
Arno v. Lumig
ninjakannon wrote:
I'm not all that knowledgeable about routers and that, and I must say I didn't think that a NAT router would be able stop people attempting to breach your system, I've had attempts blocked by my firewall before despite having a NAT router.

Even if you are protected though, I would have thought it best to use a firewall as a precaution. What if someone or something does get past your firewall? Then you would kick your self.

Is there any reason why you might not want one?


The only way to bypass a NAT is to make a reverse connection (Install a client on the compromised system instead of a server), and I don't see that happening unless I get a virus that is not in my virus scanner yet.

The reason I rather not have a firewall is just because it's another program that slows down the computer, and ZoneAlarm just keeps asking access for some programs, even if you say "remember", and it always denies the connection to my NAS system, even though I set it to allow the connection. Sometimes ZoneAlarm also just kills my internet connection, and I have to restart it to be able to use the internet/network again.
Studio Madcrow
Most NAT routers have built-in firewalls. Chances are, a software firewall won't protect you any more than you're already protected. The onlt exception would be if you're on a large network (such as at school or the library) where you're behing firewalled routers, but so might some people who want to hack your system...
badai
in your case, you might need firewall because

1. your router might enable upnp

2. protect from other internal computers. u never know what other user might bring in.

3. windows will bug you with that security alert if you don't have firewall.
Arno v. Lumig
badai wrote:
in your case, you might need firewall because

1. your router might enable upnp


My routers don't use upnp Smile

Quote:
2. protect from other internal computers. u never know what other user might bring in.


Nothing at all, I am the only one who does more on a computer then checking the mail and wrinting reports Wink

Quote:
3. windows will bug you with that security alert if you don't have firewall.


Not if you enable Windows *cough*Firewall*cough*

Anyway, thanks for your help! I don't think there is an "enemy inside our walls", or he/she has been hiding very well Smile
badai
you answer for no 3 conflicting your question
dan751
Perhaps you might want to consider getting a hardware firewall then? It's, well, a piece of hardware that does all the firewall tasks, and fast. It does everything on the fly. Here's one type of hardware firewall, http://www.alphashield.com/ I've never tried this one in particular, and there are others out there, just look around and read some reviews.Smile
Arno v. Lumig
badai wrote:
you answer for no 3 conflicting your question


The *cough*s are there for a reason. Windows firewall doesn't really do something, and it's cached in memory anyway. You are somewhat right though.

dan751, my routers claim to have a built-in firewall, but all they mean by that is they do port forwarding (which they have to do to be able to be a somewhat capable NAT filter)
qscomputing
Arno v. Lumig wrote:
I don't think there is an "enemy inside our walls", or he/she has been hiding very well Smile

Unfortunately that's not really something you can assume, particularly if your system is Windows-based. You can almost guarantee that someone will accidentally let something in sooner or later.
Agent ME
I've never seen a point in having a firewall (unless you are running an old insecure version of windows - but then the obvious answer is to upgrade) other than it alerts you when a program is connecting to the internet, that you possibly don't want, but if you have antivirus software that program is already going to be erased, or will be shortly.
AftershockVibe
OK, I apologise for the length of this post but a lot of information in this thread needs to be corrected or highlighted...

1.) Firewalls (SOFTWARE firewalls we're talking about here because I doubt any of you have shelled out or configured a very expensive hardware device) are useful because:
a.) They block outgoing connections until you give your consent (with some reservations).
b.) They block incoming connections which can exploit insecure services running on your machine with open ports.

2.) Windows firewall is easily circumvented but is better than nothing.

3.) Your Anti-virus product will not catch everything. Your firewall should. Your firewall is a white-list whereas your AV is a black-list. If your AV doesn't know about the malware or if the program *technically* isn't malware (various adware programs) it will do whatever it likes.

4.) NAT is qutie useful although not really a proper firewall because it acts as a filter without any strict rules is only really useful against incoming traffic. It also doesn't protect you from anything inside the NAT'ed area already.

5.) Windows updates only ever come out every second Tuesday of each month. That means that (even assuming MS knows about it) there's plently of time for people to exploit a vulnerability in your system before you patch it so comments about running an up-to-date system making you safe aren't really valid. AV companies have a response in (usually) hours. Your firewall doesn't need to know so it should catch it anyway.

6.) A firewall is only as safe as its configuration. If you don't know what you're enabling, your firewall becomes useless very quickly.
Arno v. Lumig
Thank you for your post, but there are 2 reasons why I don't think a firewall will help. First of "we" only do safe things on a computer. Noone here is stupid enough to download "free smileys" or stuff like that, and if someone would accidentally download malware (which, as I said, probably won't happen) they would probably also accept the firewall warning.
Another problem is (but it can of course be solved by getting a different firewall) that ZoneAlarm doesn't like me. It keeps blocking connections for no reason at all, even though I told it to accept the connection. I've told it to accept all connections to and from 192.168.*.*, but still can't connect to my NAS device (which gets an DHCP IP that always starts with 192.168) when ZoneAlarm is on.
JayBee
There are at least two reasons why you would like to use firewall.
1) You sad, that other people on your network only checks emails and so on. Someone could receive bad mail which will use his PC to attack others (virus, or other unwanted software). You don't have firewall so you are potentially attackable and there ware many security holes in windows. You thing that there is no vulnerability, now?

2) If I would attack you, I could for example persuade you to watch my website and there could be some exploit that give me access to your computer throw your web browser. Every time, someone explore some new vulnerability. You will be a network client and I will be a server, so there is no problem with connection (your double NAT). I will not put any file to your computer (or I could put some own software which is not in antivirus database), so antivirus will not detect it.
Arno v. Lumig
JayBee wrote:
There are at least two reasons why you would like to use firewall.
1) You sad, that other people on your network only checks emails and so on. Someone could receive bad mail which will use his PC to attack others (virus, or other unwanted software). You don't have firewall so you are potentially attackable and there ware many security holes in windows. You thing that there is no vulnerability, now?


No, I don't think there is any vulnerability in Windows that will connect my computer to some virus site and download them. The only way a vulnerability could get passed my NAT would be if the virus would be executed because of a bug in iexplore/MSN/outlook. And then the anti-virus and anti-spyware program should also not notice it for it to be effective.

Quote:
2) If I would attack you, I could for example persuade you to watch my website and there could be some exploit that give me access to your computer throw your web browser. Every time, someone explore some new vulnerability. You will be a network client and I will be a server, so there is no problem with connection (your double NAT). I will not put any file to your computer (or I could put some own software which is not in antivirus database), so antivirus will not detect it.


I probably wouldn't watch your website, and even then a firewall wouldn't give me any protection either, because iexplore is on the trusted list.
Related topics
.htaccess tutorial
Machinegun Ownership
Teacher Caught in Bush Rant
Sex Before Marriage
Share Market
What are your thoughts on gay marriage?
Advantages or Disadvantages of Domain ID Protect
EMP Resistant Vehicles ?
Fire Glenn Beck: "Shoot them all in the head"
Opera Unite
how to take care of our throat?
Firesheep
how to protect ?
Winter Skin Problems
Reply to topic    Frihost Forum Index -> Computers -> Software

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.