Any GOOD Firewalls Out There?

[Rl'Halsinor]

Okay, I have a Lynksys Router. How does one go about making sure it is optomized or am I ignorant to the fact that they are "ready to go" per se.

I appreciate your replies. Agamon, Thanee, Xyanthon, if I may ask, what do you utilize - besides a router - for protection, i.e. anti-virus, etc.?

One of the things I want to guard against is outbound traffic. I do shop online. Does this make sense?

 

[IronWolf]

With that, you really don't need a software firewall. The router works as a better firewall for incoming data sets than any software firewall can. And you rarely have need of firewalling your outgoing data, especially if the incoming data is well protected.

Well.... For the truly security concious there is still a need for a host based firewall in addition to the router in front of it. Security in layers.

One of the very things host based firewalls excel at is firewalling outgoing data. With still yet to be patched MS vulnerabilities (and them taking March off on releasing patches) floating about it doesn't take a lot for someone intent on doing harm getting something to run on your computer. You can hope your AV definitions are up to date enough to catch something.

If this "something" is a keylogger or something that talks to a botnet - a host based firewall will alert you when something on your PC tries to talk to the Internet without you knowing.

There is still value in a host based firewall in addition to a router protecting your connection as well.

 

[Xyanthon]

Okay, I have a Lynksys Router. How does one go about making sure it is optomized or am I ignorant to the fact that they are "ready to go" per se.

I appreciate your replies. Agamon, Thanee, Xyanthon, if I may ask, what do you utilize - besides a router - for protection, i.e. anti-virus, etc.?

One of the things I want to guard against is outbound traffic. I do shop online. Does this make sense?

Well, the way the router works to protect you is that it uses NAT (Network Address Translation). In other words, the interface of your router that touches the Internet (the interface plugged into the cable/DSL/etc) presents a public IP address to the rest of the Internet. The other computers attached to the router have a private address scheme that is not broadcast out to the rest of the world. So, if you were being attacked from the outside, the hacker in most cases would only see the public interface of your router. They would have to be able to get past your router (you didn't leave the default username/password did you?) in order to be able to play on your network.

Now it certainly is possible to be able to hack into a router and take control of it, if it is secured with a good password and the like, you are probably safe. Remember, most "hackers" are like other criminals in that they are looking for an easy/opportune target. They don't want to wast time trying to crack into your system when there are plenty of easy targets out there. Another interesting thing about data protection is that approximately 80% of all data theft is accomplished by someone you know. So the chances are that if someone is really out to get you as opposed to an opportunistic hacker, then they will probably do it from the inside (meaning they will just hop onto your computer and install a keystroke logger).

Ok, as for me, I use a Linksys router and Symantec Client Firewall (has the Antivirus built in). Why? No real reason to use both I don't guess but since I live on a U.S. Military installation in Asia, it is not a bad idea to have a higher level of protection. If I really wanted to make my system more secure I'd use two routers and have a firewall machine in between them. Thus my setup would look like: cable modem to router1. Router1 to firewall computer interface1. Firewall interface2 to router 2. Router 2 to the rest of my network. That is perhaps a bit more than the average home user needs but it really depends on what you are doing.

 

[Xyanthon]

Rl'Halsinor, I just noticed your question about outbound traffic. In what way are you concerned about this? I mean are you asking if your personal information you send out through the firewall/router is safe or what?

 

[Rl'Halsinor]

Rl'Halsinor, I just noticed your question about outbound traffic. In what way are you concerned about this? I mean are you asking if your personal information you send out through the firewall/router is safe or what?

Yes, that is what I was driving at. I shop online at Amazon, ZipZoomfly, NewEgg and a few others. That is certainly outbound information that I don't want hackers to get their hands on.

 

[shaylon]

I know about the freebies like Comodo and Jetico, but they take considerable tweaking and a considerable amount of technical knowledge just to configure.

I am not sure where you got this information but I have not found it to be the case with Comodo. It was a breeze to setup and it is pretty much the same as Zone Alarm and the others. It tells you in a popup that something is trying to access the internet, explains what it is, and asks you to allow or deny. It is quite simple.

I have not noticed it being too much of a resource hog either but I do have a pretty nice system with a lot of ram. YMMW I guess.

-Shay

 

[Rl'Halsinor]

I misspoke. Jetico is the one that takes some real setting up. I am really impressed with the just released version of Comodo. It is getting great reviews. If the latest version of Sunbelt's Kerio 4.3.635 fails to remain stable (I just installed it) I am going to try Comodo.

 

[Xyanthon]

Yes, that is what I was driving at. I shop online at Amazon, ZipZoomfly, NewEgg and a few others. That is certainly outbound information that I don't want hackers to get their hands on.

Well, if that's the case, a firewall or router really isn't going to protect that data. You have to be more concerned about the encryption that sites such as Amazon and Newegg offer. Firewalls and routers do not encrpt data. Think of them like traffic cops. they just say what data can pass and where it can go to. Most larger and reputable web commerce sites such as Amazon and Newegg have a secure area of their web site that essentially creates an ecrypted data link between you and them. You should be able to tell if you are in a secure session in two ways. The url will be https instaed of http and there should be a closed lock icon in the lower right corner of your browser. If you click on the lock, it should bring up information about the security certificate issued to the site.

For instance, if you go to Amazon and go to your account info, notice how the http in the address bar changes to https. Also notice that the lock icon appears in the lower right corner. If you click on the lock icon, it should bring up the certificate window. This should tell you who the certificate is registered to. In this case it would be www.amazon.com. If it is issued to anyone else, this very well could be a false front and an attempt to get your private info. Usually this only occurs in the form of a phishing scam. Here's a link that describes phishing: http://en.wikipedia.org/wiki/Phishing.

So in a nutshell, what does all of this mean? Mostly that you are relying on sites such as Amazon and other online retailers to provide a secure environment for you to shop in. Nowdays, many online retailers are fairly secure. I feel pretty confident that Amazon, online banks, and other major sources of sensitive consumer info take security very seriously. But ultimately it's up to you. Do you feel secure with someone else safeguarding your data? Here's some safe computing practices that may or may not help you: http://www.washington.edu/computing/security/practices.html http://www.westminstercollege.edu/support/index.cfm?parent=1144&detail=5626
http://www.scotiabank.com/cda/content/0,,CID7765_LIDen,00.html

Hope that help some.

 

[Rl'Halsinor]

That is some really good info. Yes, I have seen the padlock and for some reason I have seen the http change to https but it never connected with me.

I am aware of Phising and I avoid any attempts like the plague.

That being said, do you think outgoing information is all that important as opposed to incoming traffic?

 

[Xyanthon]

That is some really good info. Yes, I have seen the padlock and for some reason I have seen the http change to https but it never connected with me.

I am aware of Phising and I avoid any attempts like the plague.

That being said, do you think outgoing information is all that important as opposed to incoming traffic?

I do think it is important to follow the secure computing best practices that are mentioned in the links above. That way you ensure that at least as much as you can (other than simply not sending info out over the Internet) that you are safeguarding your data. I don't think it really matters as to whether it is incoming or outgoing traffic really.

As far as home computing is concerned, you may be able to get by with just a router if you are concerned about something coming in from the outside and experience horrible performance lags due to a software firewall. Like I said, most times, attempts at intrusion are from people looking for a quick ripe plum to pick (thus not wanting to waste time and get caught) or from kids playing with kewl toyz (in which case they more than likely will move on as well if they can't get into your router within a minute or two). However, as long as you follow the secure computing best practices and use at least one form of barrier protection such as a router or firewall (if not both), then you should be fine.

Data does get stolen, computers are hacked into, but as long as you have taken some measures to safeguard yourself and are aware of the risks, you are doing about as much as anyone can do. Like I said, as long as you make yourself a hardened target, most malicious attackers will move on for greener pastures. The more difficult you make it for them the less and less likely they will be to waste their time on you.