Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
routers and security 1
- Thread starter Lassetter
- Start date
goombawaho
MIS
If by "parent system" you mean another desktop/laptop that is part of your network - the answer is NO. The new laptop is not protected. Each system needs to be protected in terms of antivirus, antispyware and firewall if you want to be fully protected.
To some extent, having a computer behind a router acts as a hardware firewall by keeping your from being directly on the internet. But lots of people want a software firewall on the computer so they can see what applications are trying to access the internet in case they are trying to "phone home" with information about you or your data.
Personally, I just keep antivirus and antispyware up to date and skip the firewall. It's up to you and your level of paranoia. The other aspect of this is that many of these suites of software (Norton, Mcafee, Trend, etc.) slow your computer down, so it's a trade-off of performance vs. security to some extent.
To some extent, having a computer behind a router acts as a hardware firewall by keeping your from being directly on the internet. But lots of people want a software firewall on the computer so they can see what applications are trying to access the internet in case they are trying to "phone home" with information about you or your data.
Personally, I just keep antivirus and antispyware up to date and skip the firewall. It's up to you and your level of paranoia. The other aspect of this is that many of these suites of software (Norton, Mcafee, Trend, etc.) slow your computer down, so it's a trade-off of performance vs. security to some extent.
In a business environment, typically there are layers of true firewalls monitoring inbound and outbound traffic on the edges of the network. There is no need to have a local software firewall running on each workstation.
Obviously the home environment is different. If you are not the only one using the computer and/or access will be given to teenagers, then it's usually a good idea to have a personal firewall monitoring outbound traffic. Once infected with a trojan and worm, a software firewall would alert you to its presence which is helpful when your antivirus doesn't.
The downside of course can be the time spent setting it up approving a list of applications that are allowed thru. Also, it will consume a few more resources in the background (though today's fast dual-core computers shouldn't even flinch). Trend Micro Internet Security suite is a nice package overall that has spyware scanners, antivirus protection, and a two-way firewall with advanced settings. Good luck finding any documentation on it, but at least it offers a lot of goodies...
~cdogg
"Insanity: doing the same thing over and over again and expecting different results." - Einstein
[tab][navy]For posting policies, click [/navy]here.
Obviously the home environment is different. If you are not the only one using the computer and/or access will be given to teenagers, then it's usually a good idea to have a personal firewall monitoring outbound traffic. Once infected with a trojan and worm, a software firewall would alert you to its presence which is helpful when your antivirus doesn't.
The downside of course can be the time spent setting it up approving a list of applications that are allowed thru. Also, it will consume a few more resources in the background (though today's fast dual-core computers shouldn't even flinch). Trend Micro Internet Security suite is a nice package overall that has spyware scanners, antivirus protection, and a two-way firewall with advanced settings. Good luck finding any documentation on it, but at least it offers a lot of goodies...
~cdogg
"Insanity: doing the same thing over and over again and expecting different results." - Einstein
[tab][navy]For posting policies, click [/navy]here.
Still need to have 2 things and I dont know what that security software is that you have.
Virus Scanner
Anti-Spyware
This is a somewhat useful free version of a virus scanner and they also have a free Anti-Spyware product. It is better than nothing.
I do not care for personal firewalls. They tend to slow down your system so much it makes it like a lame duck. Either that or it blocks a lot of stuff you might need to see or gives you a bunch of useless warnings.
One rule I like to use for teenagers is they should only be allowed to use a computer in a public place like the living room. This keeps people honest.
If you do not like my post feel free to point out your opinion or my errors.
Virus Scanner
Anti-Spyware
This is a somewhat useful free version of a virus scanner and they also have a free Anti-Spyware product. It is better than nothing.
I do not care for personal firewalls. They tend to slow down your system so much it makes it like a lame duck. Either that or it blocks a lot of stuff you might need to see or gives you a bunch of useless warnings.
One rule I like to use for teenagers is they should only be allowed to use a computer in a public place like the living room. This keeps people honest.
If you do not like my post feel free to point out your opinion or my errors.
I disagree. You always need a personal/software firewall running, regardless of if it is a home network or business network. What does a personal/software firewall do for you that your Cable/DSL router or multiple layers of network firewalls do? They protect you from other systems on the inside of the network. You could have ten layers of firewalls and filtering between your corporate network and the Internet, but if I plug an infected machine into the inside of your network (or infect a machine inside your network) then your entire network could be compromised. The same principle applies to home networks too. All it takes is one person to download and install a malicious, non-virus application and your security is compromised. If you're running a personal/software firewall then you'll see that application trying to connect to other systems and be able to contain it.
Trend Micro makes a great product that does antivirus/antispam/antispyware/personal firewall/internet filtering all rolled in one. One other bonus is that if you buy it you are allowed to use it on up to three systems. So in your case you already have it, why wouldn't you install it?
________________________________________
CompTIA A+, Network+, Server+, Security+
MCP, MCSA 2003
Not necessarily. Most large business networks have a mechanism in place that monitors the type of traffic that travels through each port. Where I work, we have some kind of Enterprise level security through Symantec with real-time monitoring that does an excellent job locating infections right down to the internal IP address. That's not my area of support, but I have witnessed dozens being caught on our network over the past year alone. I know the tool on the server side alerts our 24x7 operations group, and on the outside Symantec is in a contract to monitor traffic leaving our network alerting us of threats that are trying to contact home. The relationship has worked well thus far.
I understand that having a personal firewall on each workstation can only add additional security, but I'm convinced in many situations that it's more optional than a necessity. Sure, any hacker knows that physical access on the inside means full access. But then again, the software firewall wouldn't do any good either if that were the case.
I've worked for four different Fortune 500 companies in the past 10 years in environments with at least 5000 workstations. I can tell you that workstation-side firewalls have not been used at any one of them, yet all were able to quickly pinpoint internal infections. You have to balance security with functionality. If you lock things down too tight at a low level such as your employee's workstations, you risk losing productivity. There has to be a reasonable expectation of trust in the relationship with the employee.
~cdogg
"Insanity: doing the same thing over and over again and expecting different results." - Einstein
[tab][navy]For posting policies, click [/navy]here.
-
1
- Thread starter
- #7
Thanks to everyone who responded to router security.
My best response was from kmcferrin who informed me that by owning micro trend I have a license agreement to put my pc-cillin on 3 machines. Trend Micro has not even responded with that information and I am still waiting to hear from them to validate the suggestion I got.
Thanks for your time everybody.
My best response was from kmcferrin who informed me that by owning micro trend I have a license agreement to put my pc-cillin on 3 machines. Trend Micro has not even responded with that information and I am still waiting to hear from them to validate the suggestion I got.
Thanks for your time everybody.
I think you will find that most threats are caused by users opening E-Mail, or visiting websites and downloading free software, or using Chat or IM software allowing file downloads.
One of the most effective things you can do is to keep windows updated assuming you are using a Microsoft Operating System. Often there are attacks that can be thwarted just by keeping windows updated.
Even if you had a firewall, it would have to be updated all the time to be effective. You could spend some extra $$ and just buy a device that is a router with a firewall.
Another layer of protection not mentioned is the application of wireless access. Many laptops have wireless, and the wireless connections need to locked down and/or encrypted. Wireless Laptops are in a lot of danger from wireless attack. I dont use wireless and I dont own a laptop. However, sometimes people drive around neighborhoods just looking for open wireless access. This is something to consider.
If you do not like my post feel free to point out your opinion or my errors.
One of the most effective things you can do is to keep windows updated assuming you are using a Microsoft Operating System. Often there are attacks that can be thwarted just by keeping windows updated.
Even if you had a firewall, it would have to be updated all the time to be effective. You could spend some extra $$ and just buy a device that is a router with a firewall.
Another layer of protection not mentioned is the application of wireless access. Many laptops have wireless, and the wireless connections need to locked down and/or encrypted. Wireless Laptops are in a lot of danger from wireless attack. I dont use wireless and I dont own a laptop. However, sometimes people drive around neighborhoods just looking for open wireless access. This is something to consider.
If you do not like my post feel free to point out your opinion or my errors.
LawnBoy
MIS
- Mar 12, 2003
- 2,881
- 0
- 0
I've gotta side with cdogg on this one. Personal firewalls on every desktop are just way too much maintenance. We use appliance based proxy/firewalls and then run an IDS to monitor network behavior.
SNORT works very well for me, and it's free.
"We must fall back upon the old axiom that when all other contingencies fail, whatever remains, however improbable, must be the truth." - Sherlock Holmes
SNORT works very well for me, and it's free.
"We must fall back upon the old axiom that when all other contingencies fail, whatever remains, however improbable, must be the truth." - Sherlock Holmes
Really? I've never had any issues with it. Most people just use a unified antivirus/antispyware/personal firewall suite and manage the settings from a central location. Worst case scenario, just use the Windows Firewall and manage it with group policy.
________________________________________
CompTIA A+, Network+, Server+, Security+
MCP, MCSA 2003
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question
