[SOLVED] Firewall required?

[JHY-IC]

Recently, I set up my wireless network to require a "key" in order to access the Internet. When I open "View Available Wireless Networks," the dialog box displays "Security Enabled Wireless Network."

Due to some compatibility issues, I had to choose the "128-bit WEP" security option which utilizes 13 "hex digit pairs." I am using a Belkin Cable/DSL Gateway router.

On the Belkin router, I have also enabled the following security-related options:

Broadcast SSID = no
Firewall = enable
Block ICMP Ping = yes
Router Access Security = yes; password required to access router

In addition to enabling/changing security features on my router, I had ZoneAlarm Internet Security installed.

My question[s]:

If I have all of my router's security features [including the router's own firewall] enabled, do I still need to keep ZoneAlarm installed?

Would the Microsoft Windows XP Pro SP2 firewall be sufficient or should I reinstall the ZoneAlarm firewall [if the firewall is still required]?

Any input would be appreciated.

Thanks!

Joseph

[ephy]

In my opinion Zonealarm causes nothing but problems down the line. Use the Microsoft firewall if you need to use one. It works just fine.

[kinbard]

I feel the opposite of ephy, don't use the xp firewall but keep zonealarm. But that is coming from my experience. But, if you are using a hardware firewall you don't need a software one, unless the one on the router is not a good one.

[Cellus]

Let's clarify the different capabilities of the three security solutions mentioned so you can make a more informed judgement.

The wireless security of your router will help protect from having people jump in and use your wireless (to access the internet and your network) as well as help prevent people from sniffing wireless traffic and see your network activity to get a glimpse of what you do, the usernames/passwords you may transmit in the clear, and so forth. WEP security has been deemed ineffective these days, as people can download widely-available programs on the Internet to crack the encrypted security in as a little as a few minutes. However it will prevent the casual/uninformed user from stealing your wireless. The use of WPA/WPA-2 with a strong passphrase is recommended, however WEP is better than nothing at all.

Windows Firewall will help protect your computer (not your router, or anything else connected to it) from outside intrusions. This Personal Firewall (software firewall) can help protect malicious users from exploiting some common and weak vulnerabilities in a Windows machine (even if patched). It will not, however, protect from threats on the inside.

ZoneAlarm, as well as several other Personal Firewalls available, provides protection from both the outside and inside. Inside threats, like malware which has infected your computer, may try to talk to the outside world with malicious intent - from sending your browsing habits, stealing your usernames/passwords and personal information, to hijacking your computer to unknowningly assist in dastardly deeds against other computers. With protection on the inside going out with ZoneAlarm, applications which attempt to use your Internet connection must be given permission by you before being allowed. Applications which have previously been permitted, but have changed (from modification due to malware, or maybe a benign and safe update) must ask again, informing the user the application had changed.

With this information, you should be able to make a better informed judgement. For better security, use ZoneAlarm over Windows Firewall and utilize WPA/WPA-2 over WEP. The firewall on your router is basic and doesn't protect you if the router is bypassed or compromised. You should, at the very least, use Windows Firewall. It will also protect you if you ever at some point are not connected to the router. The use of ZoneAlarm may cause a decrease in system performance (usually minor), and tends to interrupt you when you may be trying to do something to ask for your opinion on an application's permissions. Windows Firewall will almost never ask you for anything, and the performance drop is less than ZoneAlarm, however it does not provide outbound protection and in some cases you may need to set up "exception" through its interface to allow certain programs to properly function.

If you would like to learn more about what you can do to protect your system, take a look at our PC Safety and Security thread for more information.

[skipidybebop]

If your running a modern day computer with a Microsoft operating system, the sometimes harsh but true facts are, that even an amateur oppertunist hacker running linux and a few free-to-download open source scripts and programs, is gonna open your PC like a can of baked beans. WEP, WPA, WPA2, TKIP, it reallys doesnt matter. There's ways around ALL of them.

The first job any good virus will do is scan your system for packages like Norton, Mcafe, AVG, etc and disable them. Zone Alarm is no different. Makes you feel good for a bit if you spend a couple of hours reading all of the pop ups.

And as for Windows security updates, I wonder how many long term Windows users can HONESTLY put up their hands and say they have had a computer system's security compromised as a direct result of not downloading a Microsoft security update. What a load of tripe.

Windows firewall, simple free unintrusive anti-virus, and re-install regularly.

[Cellus]

While a skilled malicious cracker could possibly break into your system with the suggestions given, keep in mind that almost all Home and SOHO attacks are attacks of opportunity - many of which are automated. The real heavy-duty "hardcore" attacks usually only ever hit bigger targets such as businesses and corporations. In comparison to the defenses of a Home/SOHO systems and corporate networks, corporations tend to try to do better because they are a bigger target.

Firewalls, antivirus, antimalware, and security updates do protect your system. While it is possible to bypass and even completely disable such solutions, it is essential to keep in mind that IT Security in general has always been a game of catch-up. Malicious users (and benign IT security professionals) constantly try to defeat current security solutions to get access to resources and information that do not belong to them. In response, developers in security try to develop new ways in protection.

Allow me to be blunt. Patching and security software (even basic solutions) is vital. An unprotected, unpatched Windows machine left connected to the Internet can be compromised in a matter of minutes.

In response to the comment about the supposed "tripe" of Windows security updates, almost all users who've been compromised do not know or even ever find out that their systems were breached by exploitation of a Windows vulnerability. Vulnerabilities in Windows systems (and every other OS) are very real. You can find vulnerabilities and their exploits posted in newsgroups, mailing lists, and websites both for free and for money. IT Security is a billion dollar industry.

Ignoring it will not protect you. A quick peek at the thousands of HijackThis Log help threads in our security forum alone is evident proof by itself, and that only represents a tiny microcosm of the real problem.

[kinbard]

I agree with Cellus. The only secure machine is one off the internet, but you can make it more difficult than it is worth to hack your system, which is what updates and patches do. Sure, I admit, sometimes they cause issues. But just because you bust a water pipe, do you burn down your house and move on? No, you fix the issue. Not too long ago we had an issue at work where we pushed out some auto updates. We still don't know why, but we had to re-install all printer drivers after this. Know what we do when we find a pc that hasn't updated? Take it out to Microsoft and update it. Re-installing a printer driver is a small price compared to the problems we get with machines full of vuneralbilities.

[Music]

A firewall isn't a firewall really unless it blocks incoming and outgoing traffic, like supposing a scumbag dialer gets dumped on you, it then can't phone home.

For my experience as an 'untech' person when I wanted to use a firewall this is what I found. They can be anything but user friendly. With some there is a steep learning curve to get the best protection available, with setting rules and 'training them' depending on the firewall. Some, I hear, like zonealarm, offer a degree of protection through offering a more 'one size fits all' approach which is certainly better than nothing and doesn't require the user to be as knowledgable in things like protocols. The best protection is offered as I understand it, is one that you can completely set rules for yourself. I use Kerio 2.1.5 which is totally rules based, which was scary for me at first. What I liked was the password option and that once set it provides that much more protection.... like it is much less likely to be disabled. Its a freebie and very 'lightweight' unlike its successor. It is also no longer supported the last time I looked but is still obtainable if you search for it. Though thought to be a geekish firewall for some reason Kerio 2.1.5 seems to work really well for me, but admittedly I had to train it for a while.

Just my 2cents
Music

[johnwill]

FWIW, I have not used software firewalls for many years on most of the systems on my network. I can count the minor malware excursions on one hand that have ever happened to any of the systems here, and the most serious one was a dial-up machine that I was using for testing!

I'm not saying my way is always correct, but if you know where your computer is browsing, and you aren't connecting to P2P sites, the chances of infection through the router's NAT firewall is actually very small.

I run current spyware/AV protection on all machines, that seems to stop most of the issues that come up, usually in email.

YMMV.