Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Netgear Router as only firewall device

Status
Not open for further replies.
bpatters55

bpatters55

Technical User
May 9, 2004
25
US
I am running Norton Firewall and I also have a Netgear wireless access point from home. I have talked to several IT folks and I keep getting different answers. Is it necessary to have both a hardware and software running at the same time? Thanks, Bill
 
Sort by date Sort by votes
From a practical point of view, it is always best to have multiple lines of defense.

It is also a good idea to block undesirable incoming traffic in a device separate from any working computer. However, since a HW firewall is an incoming traffic cop by design, it is pretty much set-it-and-forget-it for that focus of concern. The highly desirable hiding of all your ports is generally more assured with a HW firewall.

A SW firewall is only as good as the user or users that interact with that tool. It is best at controlling outgoing traffic flows when configured properly.

There may be times when you need to disable a SW firewall to load some software. What happens if you forget to turn it back on? Some nasties can (or other people might) also potentially disable or turn off a SW firewall. At least with a HW firewall your incoming traffic is still in check regardless.

Vince
_____________________________________________________________
[*** If everyone is thinking alike, then somebody isn't thinking. ***]
 
Upvote 0 Downvote
Thanks folks. I was doing some work on my PC last night and Norton Alerted me to a Master of Paradise Trojan Horse. Norton must have read my post. ;-)

As I have learned, a hardware firewall is good for incoming traffic but does not protect from threats that originate on my PC and connect with a foreign, nasty host.

Lesson learned. I will keep both.

VOP, you do raise a good point though. I may be able to reconfigure the software firewall so that it monitors outgoing packets only and leave the incoming packet inspection to the hardware firewall. I could be wrong but it does not make sense to have both a hardware firewall and a software firewall examining incoming packets. That seems like duplication of effort to me.
 
Upvote 0 Downvote
A duplication or redundancy factor is fine and doesn't hurt anything. If things are working as they should, your second line of defense will never need to be called upon.

Anyway and ultimately you will find that there will be very little (if any) suspect incoming traffic for your SW firewall to deal with when a properly functioning HW firewall is in place.

It is, however, a nice comforting, verifying reminder when the incoming traffic blockage count is almost non-existent (as it should be) with a properly functioning HW firewall.

Vince
_____________________________________________________________
[*** If everyone is thinking alike, then somebody isn't thinking. ***]
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

sara1995
  • Locked
  • Question
IDS vs Firewall vs WAF for protect website against dos attacks
Replies
1
Views
351
mattKnight
mattKnight
nakbrooks
  • Locked
  • Question
Configuring NAT on SonicWall TZ210 to access ADSL router from LAN
Replies
0
Views
114
nakbrooks
nakbrooks
brokenhalo
  • Locked
  • Question
Open Source reverse-proxy/firewall
Replies
0
Views
73
brokenhalo
brokenhalo
rider90
  • Locked
  • Question
ASP.NET Forms Authentication - Security implications
Replies
0
Views
71
rider90
rider90
SysAdmMke
  • Locked
  • Question
Logging on to Workstation as a Local Admin instead of Domain Admin
Replies
5
Views
129
Grenage
Grenage

Part and Inventory Search

Sponsor

Back
Top