Linsys WRT54GS, needs software firewall?

Astra

Limp Gawd
Joined
Aug 27, 2004
Messages
208
I have just installed Linsys WRT54GS router and connected my 2 computers to it. Desktop is cabled and laptop is wireless. Both of them behind the NAT. There is also some kind of firewall on the router, but not many options are available.
Anyway, I have got the following question.

Do I need software Firewall anymore? Something like Zone alarm pro or Sygate Pro?

What do you think?

Some ppl tell me that since I am behind the NAT I am safe.
But I do forward ports for some programs. I believe that these ports can be used by any hacker to get into my PC, because the router is not as smart as software firewall, he doesn't open the ports for some particular program and only while this program is running. I thinks it opens the ports for all the time and would allow communication via these ports to any program, even if it is not the one I allowed to use the ports.


A.
 

arkamw

[H]ard|Gawd
Joined
Jan 5, 2004
Messages
1,391
Well, for my money, a hardware firewall is only going to block INCOMING attackers. If there is something ALREADY on your PC that is requesting an outgoing connection, the hardware firewall is going to allow it without an issue. You need a piece of software that will monitor outgoing connections as well. Thus, software-based firewall (i.e. Zonealarm).

In other words, while the firewall is the locked front door to your house, anyone who's already got a key (because they're already inside, no matter how they got there) is going to get in and out of your house without a problem.

A hardware firewall (IMHO) is a necessity in today's world, but is only part of a layered-type defense.
 

Darkstar850

[H]ard|Gawd
Joined
Feb 18, 2004
Messages
1,308
I like having both, but mostly because I like to control what apps connect outbound, mostly because windows media player (and some other programs) do not need to contact the internet every time they start.
 

m1abram

2[H]4U
Joined
Mar 15, 2002
Messages
3,175
arkamw said:
Well, for my money, a hardware firewall is only going to block INCOMING attackers.

That statement is not exactly true. Yes most consumer firewalls out there do not allow you to block outgoing connections. However the Linksys can be setup to block outgoing however with the stock firmware it is not easy to do. With third party firmware you can make all the iptable rules you want. Also people who put together their own Linux based firewalls can block outgoing packets too, and these would be considered "hardware" firewalls just as much as a linksys firewall.

Now as for needing zonealarm too, well with a linksys firewall you are ok, however unless you tweak it, your system could make outgoing connections and do things like send email, try to DOS another system if you have a trojan, etc.
ZoneAlarm would help protect against those types of attacks.
 

arkamw

[H]ard|Gawd
Joined
Jan 5, 2004
Messages
1,391
m1abram said:
However the Linksys can be setup to block outgoing however with the stock firmware it is not easy to do. With third party firmware you can make all the iptable rules you want.

See there, learn something new everyday. I've heard of the third-party firware upgrades, but have no experience with any of them.
 

IceWindus

n00b
Joined
Mar 8, 2004
Messages
10
I just make sure everything is locked down so I don't get anything in the first place. Software firewalls are just just wasting precious CPU cycles that my games need on my machine. I tried a Sveasoft firmware on my WRT54g and I wasn't that impressed and went back to stock firmware, but thats just me. Im now using a D-Link DGL 4300 gaming router thats doing very well so far.
 
Top