Re: firewall or securety software
On Sun, Feb 24, 2008 at 06:31:08AM -0500, Haines Brown wrote:
> I hope I may be allowed to expand a bit on the OP's question.
>
> What are the advantages of a hardware firewall over a firewall built
> into a router?
>
> Can one use both, or should the firewall in a router be disabled if there
> is a hardware firewall?
>
> If the OP finds that he has a firewall in his router, would there be any
> reason for him to install a software firewall such as shorewall?
>
I suppose one answer would be to consider if that router box is based on
a unix-like OS; it may even be based on Linux. Look at the number of
linux kernel updates there have been since Etch came out that addressed
a remote exploit. When last was the kernel on that router updated?
You may want some configuration that you can't do with the router's
firewall software. Can you do bandwith limiting based on protocol
(traffic shaping) from the router's config? This can be handy so that
downloads don't prevent snappy web browsing.
How do you know if the router's firewall has be breached? Are you able
to run intrustion detection on the box from your network?
I'd only disable the router's firewall if I needed a port open that it
wouldn't let me open. Even if it is imperfect, it still represents a
first line of defense that an attacker has to get past before they can
start to work on your own firewall box.
Doug.
Reply to: