E-Mail:

Firewall - What Should I Use?

Wednesday, December 6th, 2006
by Ron Schenone

There are two different firewalls available for consumer use. A hardware firewall and a software firewall.

Hardware firewalls
Hardware firewalls are important because they provide a strong degree of protection from most forms of attack coming from the outside world. A typical hardware firewall may be a broadband router, which is easy to configure and can protect all computers on the local network when they connect to the Internet.

Software firewalls
When you first set up a software firewall, you can specify which applications are allowed to communicate over the Internet from that PC. Programs that aren’t explicitly allowed to do so are either blocked or else the user is prompted for confirmation before the traffic is allowed to pass. In another words, the software must be trained by the user to allow or disallow traffic.

Which is best?
For those using a broadband connection, I would recommend using both. This allows a layer of protection and you can have the best of both worlds, hardware and software protections. And there are several free firewalls available, including the firewall that comes with Windows XP and Windows Vista. Just remember that the Windows XP firewall only blocks incoming traffic, whereas Windows Vista blocks traffic incoming and outgoing.

And here are several good FREE software firewalls linked below:

Zone Alarm free edition can be found here.

Comodo free firewall from here.

Sygate free edition is still available here.

And which do I personally use? I have both a hardware firewall via a DLink router and I also use the built-in firewall for XP and Vista.

[tags]firewall, hardware, software, windows, xp, vista, DLink[/tags]

5 Comments

Esra

September 10th, 2007
at 6:26pm

Greetings Ron,
I recently discovered that my Outpost firewall showed my ports to be 90% UNstealthed. It was suggested to me the “Shields Up” online tester and others, are reading my D-Link Router firewall which I also run.
When I turned off the router (hardware) firewall, the same test yielded FULLY STEALTHED. So this poses a question. If my software firewall is hiding my PC , what is the use of that if my router (hardware) firewall is making my PC totally visable. Does anyone know this occurs? What is the right thing to do, particularly as you suggest above, to use both?
Regards
Esra

Ron Schenone

September 10th, 2007
at 7:32pm

Hello Ersa,
The built in firewall that comes with the DLink is to filter out IP addresses not ports. Disable the DLink firewall. Than run the Shields Up tests again.

To confirm that all is working OK, try turning off Outpost and run the test again. Make sure you turn Outpost back on after the test is completed.

Let me know the test results.

Ron

Esra

September 10th, 2007
at 8:59pm

Greetings Ron,
I tried what you suggested. Outpost ON DLink ON, Outpost OFF DLink ON = same result, most ports closed not stealthed, some stealthed.
Then tried Outpost ON, DLink OFF = all but 3 ports stealthed (don’t know if that means they are also closed). One was open 53, 2 were closed 20,21.
The DLink Router 504T firewall protection options are as follows:
DoS Protection, SYN Flooding checking, ICMP Redirection checking,
Port Scan attacks, FIN/URG/PSH attack, Xmas Tree attack, Null Scan attack,
SYN/RST attack, SYN/FIN attack.
Service Filtering from External Network, Ping, FTP, DNS, IKE, RIP, DHCP and ICMP from LAN.
It seems to concur with what you said.
So should I just turn off the DLink firewall and run Outpost?
Esra

Ron Schenone

September 11th, 2007
at 5:24am

Hello again Esra,

Two things. First I downloaded the manual for the DLink 504T and saw what you are talking about in the firewall setting options. It would seen to me that with DOS and Port Scan both enabled, the router should stand on its own and block ALL ports as either stealth or closed when you run Shields Up. That is IMHO.

Second a software firewall I consider as a secondary line of defense in the rare instance something may break thru the router firewall. Software firewalls are also recommended for those who may not be using a router.

With this in mind, and since it appears your router is not blocking all ports, I would call DLink tech support and see what they recommend at
1-877-453-5465.

Let me know what you find out.

If you still are having problems or concerns let me know.

If I were able to sit down at your system I would be able to find out which combo of settings between your router and software firewall would work the best. But since that is not possible, it makes it difficult to remedy using this comment section or by email. This is why I recommend calling DLink.

Regards, Ron

Esra

September 11th, 2007
at 11:05am

Ron,
Thanks, I will try to follow up on your advice. Your thoughts are appreciated.
Cheers and Good Health
Esra

What Do You Think?

 

Want to Start a Blog Here for Free?

Are you an expert in one subject or another? If your goal is to help others and dispense hard-earned information back to the community, stake a claim on your very own Lockergnome blog today! You can write about anything - no matter the topic. Sign-up to start blogging!

General, Google, Internet, Microsoft, Technology - Oct 12, 2008

Google Phone A Failure? Think Again

Blogroll, General, Internet, Technology - Oct 10, 2008

Walmart To Reverse DRM Decision

Blogroll, General, Internet, Technology - Oct 8, 2008

Are You The Type That Can Work At Home?

AMD, Blogroll, General, Intel, Internet - Oct 7, 2008

AMD To Split Itself In Two

66 queries / 0.445 seconds.