Re: firewall behind router
From: Lou (mac_at_qnet.com)
Date: 08/31/04
- Next message: Lance: "Re: my network places problems"
- Previous message: rcnmartell: "Multicast , XP and IGMPV3"
- In reply to: Steve Winograd [MVP]: "Re: firewall behind router"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 30 Aug 2004 19:42:01 -0700
On Sun, 29 Aug 2004 19:00:14 -0600, "Steve Winograd [MVP]"
<winograd@pobox.com> wrote:
>In article <vms4j05vvfvj9q869npgdj0vcj5jo7iusb@4ax.com>, Lou
><mac@qnet.com> wrote:
>>>>Is there a need for a firewall behind a router. My home network is
>>>>configured with private addresses (i.e. 192.168.x.x). The router ip
>>>>address which connects to the internet via cable modem is also private
>>>>(192.168.0.142).
>>>>
>>>>Reason for question is I seem to recall private addresses are not
>>>>accessible from the internet.
>>>>
>>>On computers running any version of Windows before XP Service Pack 2,
>>>I don't recommend running a firewall behind a typical broadband NAT
>>>router. In my opinion, the difficulty of configuring a firewall to
>>>allow access by other LAN computers outweighs any benefit.
>>>
>>>On computers running XP Service Pack 2, I recommend running the new
>>>Windows Firewall, with exceptions for File and Printer Sharing and for
>>>whatever other programs and services (e.g. Remote Desktop, VNC) that
>>>you use on the local area network.
>>>
>>>I'm not a fan of firewalls that block undesired outgoing traffic to
>>>the Internet, but some people are.
>>
>>Steve, thanks for the reply.
>>
>>Based on what I know and your response I have decided not to run the
>>firewall.
>>
>>My lan is for home use only; immediate family members. I am the only
>>one who installs applications or does any configuration; the family
>>members merely use their computer. Use includes surfing the net and
>>email with well understood rules about not downloading anything nor
>>opening any attachments without my permission.
>>
>>I am not concerned with security within the lan for the above
>>mentioned reasons.
>>
>>I am not concerned with blocking undesired outgoing traffic. I do use
>>Adaware and sysbot occasionally to check the systems. I've found
>>tracking cookies but never any spyware.
>>
>>My only concern is unsolicited access to the lan from unscrupulous
>>folks on the internet. The broadband NAT appears to offer the same
>>security as a firewall negating the need for the XP firewall.
>>
>>If you see a flaw in my thinking, let me know.
>>
>>Again, thanks for the help.
>>
>>Lou
>
>You're welcome, Lou. If the other family members are as knowledgeable
>and cautious as you are, all should be well.
>
>However, we all make mistakes, so I'd be sure to run an antivirus
>program on each computer and to update it with the latest virus
>definitions every day. I'd install Service Pack 2 on all of the XP
>computers.
>
>You could have Windows enforce the prohibitions on installing programs
>by giving other family members limited user accounts.
>
>I run Windows Firewall on all of my family's XP computers. I see no
>disadvantage to it, and I see a big advantage: blocking undesired
>traffic that originates on the LAN. If a computer gets infected with
>something like the Blaster worm, Windows Firewall will keep it from
>spreading to the other computers. A NAT router on the edge of the
>network can't do that.
Points well taken. XP SP2 firewall activated.
Till next time.
Lou
- Next message: Lance: "Re: my network places problems"
- Previous message: rcnmartell: "Multicast , XP and IGMPV3"
- In reply to: Steve Winograd [MVP]: "Re: firewall behind router"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
