Question about hardware firewall... (1 Viewer)

[Paul_Fisher]

OK, I just got a D-Link 614+ wireless broadband router and hooked it up a couple of days ago. Once my broadband connection is going through the router to my computer, do I need to do anything else to protect my computer?

Thanks

 

[John*Jones]

i've got the same router...good choice. an anti-virus program is a good idea. downloading ad-aware and spybot-search & destroy is a must. both of these programs are free (unless you want an upgraded version of ad-aware) and help remove unwated ad and spyware from your machine. i don't run a software firewall, but i'm sure it couldn't hurt.

cheers

 

[Paul_Fisher]

Yep, I've got ad-aware and Norton Antivirus. One of the reasons I went with the router was to get rid of the resource hogging firewall software.

 

[Chris Hovanic]

software and hardware firewall is like wearing suspenders and a belt at the same time.

Though software can block outgoing packets where hardware will only block incoming packets.

IMHO.... overkill

Make sure you lock down that wireless connection unless you want to share it with you neighbor

 

[John*Jones]

Enabling WEP is very good idea indeed. I can't tell you how many times I've come across an unsecure wireless network with my laptop. And I've even been able to access the router itself (not for malicious intent mind you) because people refuse to change the default login and password. I forgot that when I upgraded the firmware and had the default login/password for a few weeks.

Anyway, even if you have ad-aware I'd still recommend spybot. I often find that one program misses something the other catches.

Cheers.

 

[Rob Gillespie]

Though software can block outgoing packets where hardware will only block incoming packets.

IMHO.... overkill

What's overkill about stopping unauthorised apps from accessing the web?

 

[Steve_Ch]

This is slightly off subject, but I just brought one of those Dlink for a friend of mine (it was $9.99 at eCost), I tested it on my static IP DSL, worked like a dream, took all of 5 minutes. But no luck at the friend's Comcast (I've reset the Dlink, everything all cleared, and set the IP to dynamic, also followed all the good stuff over at DLink's product help on connecting to Comcast). Anybody here has experience with this thing and Comcast?? Thanks.

 

[John_Berger]

What's overkill about stopping unauthorised apps from accessing the web?

I think he means that it's overkill *if* both are used for inbound security. I would have to agree, depending on whether there is a network involved or just a single PC. If there is a DMZ involved, then having both is a very smart move.

A firewall like Zone Alarm to keep an eye on outbound connections would be a good idea. It's amazing how many programs that you install are designed to phone home without your knowledge for whatever nefarious reason the software designers have.

 

[JohanD]

overkill is better than underkill

 

[Kimmo Jaskari]

With the wireless option, the PC's inside the router could still be at risk.

You can minimize it by turning on MAC address filtering on the router. A MAC address is a dedicated hardware address on all network cards and it is unique for your card. Turning on WEP encryption and only allowing computers with certain MAC addresses to even talk to the router (wirelessly or otherwise) will cut the risk way down.

You can get the MAC address for your network card by opening up a command prompt in windows and typing: ipconfig /all

You're looking for the line marked "physical address" and it is in the form xx-xx-xx-xx-xx-xx.

Just keep in mind that any computer you want to connect to your router and have access to the Internet needs to have its MAC address entered into the routers filter to be allowed out.

Personally I still run a software firewall inside the router. I don't find the resources it uses to bother me any. Then again, that's just me.

 

[Chris Hovanic]

What's overkill about stopping unauthorised apps from accessing the web?

I guess I keep better tabs on what software I run and know if they "phone home" Therefor its overkill for me and another layer of BS eating up memory and CPU cycles.

If you do not know what you are running and download/install apps from anywhere on the net without seeing what they do then it may be smart to install a software firewall on your pc.

just my 2 cents!

 

[Jason Merrick]

I have the same D-Link router, can anyone tell me what settings I should put in the firewall portion of the router setup? It is not very user-friendly and I have no experience with setting up a hardware firewall manually.

 

[Rob Gillespie]

Therefor its overkill for me and another layer of BS eating up memory and CPU cycles.

Rubbish. I'm running ZoneAlarm Pro and it's using just under 3mb of RAM and 0%. The TrueVector service take around 7mb and again - 0% and this doesn't change when I'm browsing. Unless you're running on a really low-spec machine the performance hit is negligible, if even measurable.

 

[JohanD]

Also.. I recently updated my mouse drivers for my microsoft optical mouse.. (intellipoint software)

I have zone alarm installed. The intellipoint software was installed and my machine rebooted. About 30 seconds later, I get a prompt that the mouse drivers are attempting to access the internet. Naturally I declined. Why would mouse drivers need to access the internet. A lot of legitimate programs also try to register via the internet if connection is available. I always block those too.

Zonealarm does not eat up very much memory or CPU power and even if you have an additional firewall it is still a good idea.

 

[Chris Hovanic]

To each their own.... I for one am not that paranoid about applications phoning home.

I still stand by a hardware firewall, good updated AV software and an updated OS is all you need.

The problem I have with software firewall's is that they can/will interfere with applications that you want to access the internet. And for the computer challenged that is a huge headache. They will just shut the thing off and go unprotected because they don't want to deal with it. Now this is just my opinion and the reason I point my customers/friends/family to use a hardware firewall. Easy to manage and work well.

If you or anyone out there wants to wear suspenders and a belt at the same time then thats their/your choice.

 

[John_Berger]

I for one am not that paranoid about applications phoning home.

These software companies have absolutely no business having their software report back to a mother ship for any reason whatsoever unless you VOLUNTARILY have accepted a term that allows functions like update notifications.

For any company to think that they have the right to have their software report back to them for no reason that is blatantly apparent to the user is in my never-to-be-humble opinion completely unethical and devious in that it takes advantage of any trust that the user might have towards that company.

My stance against these Big Brother tactics is purely on principle, not paranoia.

 

[Chris Hovanic]

Sorry Paul_Fisher and Mods that this has veered off topic a bit....

These software companies have absolutely no business having their software report back to a mother ship for any reason whatsoever unless you VOLUNTARILY have accepted a term that allows functions like update notifications.

When you click "I agree" to the licence agreement you are more than likely, though I have not read every licence agreement for every piece of software out there, VOLUNTARILY accepted a term that allows communication. Can you tell me you read every word of every licence agreement you install and not install it if it communicates with the mothership? Or do you let zonealarm block that communication which you agreed to when you accepted the licence agreement?

I am not saying that "phoning home" is a good thing but I don't think its that bad either. Sure there are thousands of apps that glean more info from peoples computers, but lumping honest companies and programmers into that vat of scum is just not right.

Take a pro-active stance... know what your installing before you install it.

Heres a thought.... Maybe Zonealarm is bypassing its own software firewall and sending info to the mothership... better get another software firewall to monitor it... will the madness never end?

My advive is the same... a hardware firewall, good updated AV software and an updated OS is all you need.

 

[Paul_Fisher]

Sorry Paul_Fisher and Mods that this has veered off topic a bit....

No problem for me, I enjoy intelligent conservations where people give their opinions.

 

[John_Berger]

Sorry Paul_Fisher and Mods that this has veered off topic a bit...

Not really. We're still pretty much on the same topic. The whole concept about using firewalls is for security and intrusion prevention. Using Zone Alarm to prevent unauthorized outbound connections is the same thing. And we are taking about ZoneAlarm as an augment to hardware firewalls.

 

[Chris Hovanic]

... has no relevance because you're assuming that companies will always be forthcoming and straightforward about what their software does. That's a bad assumption brought on my misplaced trust.

Has all sorts of relevance, because I know what I am installing. I know that Kazaa and Bonzi Buddy are loaded with spyware therefore I do not install them. I do not download and install some new "boNzaA KbudDi" program that I have never heard of until I have some time to hear/read about it on some reputable tech sites or from trusted friends. Again, know what your installing!

Just out of curiosity do you have a Grocery Store Club card of some type or use a debit or credit card? I bet they are spying on you. Time to go Grizzly Adams.