Re: local firewall needed behind hdwr. firewall & LAN

From: Bruce Chambers (bchambers_at_nospamcableone.net)
Date: 04/10/04 

Date: Sat, 10 Apr 2004 11:40:25 -0600

Greetings --

    I would say "yes," for two reasons.

   First, like WinXP's built-in firewall, NAT-capable routers do
nothing to protect the uninformed user from him/herself. Again -- and
I _cannot_ emphasize this enough -- almost all spyware and many
Trojans and worms are downloaded and installed deliberately (albeit
unknowingly) by the user. So a software firewall, such as Sygate or
ZoneAlarm, that can detect and warn the user of unauthorized out-going
traffic is an important element of protecting one's privacy and
security. Most antivirus applications do not scan for or protect you
from adware/spyware, because, after all, you've installed them
yourself, so you must want them there, right?

    Secondly, if you're operating on a large network, and don't have a
software firewall in place, your only intrusion protection is the
LAN's perimeter firewall. What is there to safeguard your workstation
from being compromised by a worm or Trojan installed upon another
workstation on the LAN by a user who inadvertently downloaded and
installed something malicious? An awful lot of LANs were compromised
by Blaster and Welchia because some users connected their laptops to
their unprotected home networks, or to compromised public networks -
like those in hotels and airports, and then returned to the office and
plugged into the company LAN.

Bruce Chambers 

--
Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html
You can have peace.  Or you can have freedom.  Don't ever count on 
having both at once. -- RAH
"PaulG" <gluck@kfarhanassi.org.il> wrote in message 
news:%233CuiuwHEHA.2928@TK2MSFTNGP10.phx.gbl...
> Do I need a local software firewall on my machine if I'm behind a 
> firewall
> and router on a LAN?  I of course have a working up to date AV 
> running.
> TIA, Paul
>
>

Relevant Pages

  • Re: Router vs software firewall
    ... second software firewall, regardless of brand? ... Well, in a situation where a LAN has multiple machines, a firewall can protect from prospective malicious traffic from those machine. ... Also, should the machine get infected (a firewall cannot protect the machine from a lot of malicious software), the firewall logs in the machine can point to the problem and perhaps prevent unauthorized outbound traffic. ...
    (microsoft.public.windowsxp.general)
  • Re: Security, router vs. software firewall
    ... A NAT router will protect you from most ... A third party software firewall like ZoneAlarm protects you against outgoing ...
    (microsoft.public.windowsxp.network_web)
  • Re: iptables configuration
    ... I have a RH firewall setup to protect my LAN, ...
    (comp.os.linux.security)
  • Re: NT 4 server firewall?
    ... Because software firewalls "protect" computers by closing ports. ... A Windows NT4 server running Oracle will most likely have the ... let's install the software firewall and see what happens. ...
    (comp.security.firewalls)
  • Re: Most rapists are women
    ... do reject the notion that men protect and provide for women because of ... People like Lan try to blame ... and considerable disadvantage for some men and some women. ... I like about the more relaxed roles that men and women have, ...
    (talk.rape)