|
Posted by David Azose on September 9, 2007, 1:30 am
If you were Registered and logged in, you could reply and use other advanced thread options
Mr. Arnold wrote:
>
>>> If you want to be bold and beautiful, why don't you get rid of the
>>> XP FW
>>> too?
>>
>> I see no reason why to do so.
>
> That's if he or she knows what he or she is doing. So, why not be bold
> and beautiful if one knows that or she doen't need a packet filter
> running on the machine due to he or she running machines behind a FW
> router.
>
> You know, everyone is not as weak as you make them out to be.
>
>>
>>> And as long as XP's FW is sitting behind that NAT router, because
>>> XP's FW
>>> can only stop inbound traffic just like the NAT router, then using
>>> the XP FW
>>> router behind the NAT router is pointless. It buys you nothing.
>>
>> This is wrong.
>
> You're going to have to come up with more than just wrong. If that
> router is using SPI, then how is Windows using the XP FW doing any more
> than that. The only thing the XP FW can do is stop inbound traffic no
> more than what a NAT router using SPI is doing. The only time using XP's
> FW makes any senese is when the machine has a direct connection to the
> modem and therefore a direct connection to the Internet or the machine
> is in a LAN setting like a wireless cafe.
>
>>
>> Following the "defense in depth" strategy, the heuristics used for
>> packet filtering usually have holes, so a second filtering could help.
>
> I disagree. The only time it makes sense is if the first solution like a
> NAT router cannot stop outbound traffic, then a packet filtering
> solution at the machine level sitting behind a NAT router that cannot
> stop outbound makes sense.
>
>>
>> Of course, it would be better not to offer network services at all if
>> one does not need to.
>>
>
> Well of course, if the machine doesn't need to be in a network situation
> with other machines then why have the services enabled, period?
>
> On the other hand, as long as my machines are behind a border device
> like a packet filtering FW router or FW appliance, then I have no need
> to for a filter running on the machines behind them Windows, Linux or
> otherwise.
>
>
Mr. Arnold and others,
I'm ignorant of much of what constitutes networking and of what "packet
filtering" is. And I make an assumption that "outbound traffic" is
anything I type on my computer while connected to the internet that goes
out over the internet.
My main concern is attempting to discourage hackers from taking control
of my computer while I'm on the internet.
My router is a Linksys model WRT54G. The disk that came with it may have
an electronic users manual, but since I just plugged the thing in and it
worked (I was able to get on the internet from the computers connected
to it), I didn't see the need to go any further. Ignorance may not be bliss.
As for having both the basic (hardware?) firewall built into the router
AND the Windows Firewall enabled, would that cause any problems? I
really don't care if what they each do is redundant, if no harm is done.
David A.
| 
XML site map