Menu
News
All News
Dungeons & Dragons
Level Up: Advanced 5th Edition
Pathfinder
Starfinder
Warhammer
2d20 System
Year Zero Engine
Industry News
Reviews
Dragon Reflections
White Dwarf Reflections
Columns
Weekly Digests
Weekly News Digest
Freebies, Sales & Bundles
RPG Print News
RPG Crowdfunding News
Game Content
ENterplanetary DimENsions
Mythological Figures
Opinion
Worlds of Design
Peregrine's Nest
RPG Evolution
Other Columns
From the Freelancing Frontline
Monster ENcyclopedia
WotC/TSR Alumni Look Back
4 Hours w/RSD (Ryan Dancey)
The Road to 3E (Jonathan Tweet)
Greenwood's Realms (Ed Greenwood)
Drawmij's TSR (Jim Ward)
Community
Forums & Topics
Forum List
Latest Posts
Forum list
*Dungeons & Dragons
Level Up: Advanced 5th Edition
D&D Older Editions
*TTRPGs General
*Pathfinder & Starfinder
EN Publishing
*Geek Talk & Media
Search forums
Chat/Discord
Resources
Wiki
Pages
Latest activity
Media
New media
New comments
Search media
Downloads
Latest reviews
Search resources
EN Publishing
Store
EN5ider
Adventures in ZEITGEIST
Awfully Cheerful Engine
What's OLD is NEW
Judge Dredd & The Worlds Of 2000AD
War of the Burning Sky
Level Up: Advanced 5E
Events & Releases
Upcoming Events
Private Events
Featured Events
Socials!
EN Publishing
Twitter
BlueSky
Facebook
Instagram
EN World
BlueSky
YouTube
Facebook
Twitter
Twitch
Podcast
Features
Top 5 RPGs Compiled Charts 2004-Present
Adventure Game Industry Market Research Summary (RPGs) V1.0
Ryan Dancey: Acquiring TSR
Q&A With Gary Gygax
D&D Rules FAQs
TSR, WotC, & Paizo: A Comparative History
D&D Pronunciation Guide
Million Dollar TTRPG Kickstarters
Tabletop RPG Podcast Hall of Fame
Eric Noah's Unofficial D&D 3rd Edition News
D&D in the Mainstream
D&D & RPG History
About Morrus
Log in
Register
What's new
Search
Search
Search titles only
By:
Forums & Topics
Forum List
Latest Posts
Forum list
*Dungeons & Dragons
Level Up: Advanced 5th Edition
D&D Older Editions
*TTRPGs General
*Pathfinder & Starfinder
EN Publishing
*Geek Talk & Media
Search forums
Chat/Discord
Menu
Log in
Register
Install the app
Install
Community
General Tabletop Discussion
*Geek Talk & Media
To Firewall or not to Firewall
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="talmar" data-source="post: 2617389" data-attributes="member: 3877"><p>Somewhat true.</p><p></p><p>Depending on your network configuration, a NAT router can be a very cost-effective, inexpensive and reliable addition to your computer's security. At US$40 to $70, they can be worth getting even if you only have one computer.</p><p></p><p>In their default configuration, common NAT routers do effectively handle the particular problem of unsolicited inbound packets reaching a computer on an internal network.</p><p></p><p>But sometimes networks have requirements that make NAT boxes inadequate.</p><p></p><p>NAT routers provide very good protection for normal homes, and small offices and home offices (SOHOs) against unsolicited inbound events from outside the network. So a NAT router is normally adequate for homes and SOHOs for protection against incoming events.</p><p></p><p>However, you will want to consider additional protection for these reasons:</p><p></p><p>You should definitely run a software firewall on any computer that connects to AOL using a different Internet Service Provider (AOL's Bring-Your-Own-Access plan or AOL MAX using an ISP) no matter what kind hardware firewall or NAT router you have.</p><p></p><p>AOL BYOA connects to your computer by creating a "tunnel" through the Internet. With AOL BYOA, tunneling uses your real IP address to connect you to AOL's network where you have a second IP address. Traffic using that second IP address is inside the tunnel.</p><p></p><p>With AOL, the far end of the tunnel is other AOL customers and the Internet, so it is untrusted.</p><p></p><p>The solution is to use a software firewall. A software firewall will effectively filter the traffic after it leaves AOL's tunnel and before it gets into the rest of your computer. In some countries AOL9 Max includes the free option of installing the McAfee Firewall Express software firewall.</p><p></p><p>Somewhat similarly, if you connect to an untrusted network using Virtual Private Networking (VPN), you should either use a software firewall or an external VPN firewall.</p><p></p><p>VPN uses encrypted "tunnels" for privacy. Traffic is only decrypted when it leaves the tunnel. Each end of the tunnel looks somewhat like an extension of the LAN at the other end: one end of the tunnel may have LAN IP addresses such as 192.168.1.xxx and the other end may have LAN IP addresses such as 192.168.10.xxx. Network Address Translation is not used for traffic when it leaves the VPN tunnel, so there is no NAT protection for traffic through the tunnel.</p><p></p><p>With VPN, you can use software firewalls. Alternatively you can use an external VPN capable firewall. With an external VPN firewall, the VPN tunnel can be configured to end on the external VPN firewall. This means the external firewall is decrypting the VPN traffic, and it can then examine the traffic and protect your computers.</p><p></p><p>Be sure to test that your external firewall is configured correctly to protect against unauthorized traffic from outside and inside the tunnel.</p><p></p><p>If you have to turn on port forwarding or the DMZ to run servers or other applications you should consider either a software firewall or a more expensive SPI firewall.</p><p></p><p>Turning on port forwarding means traffic for the forwarded ports is forwarded to the specified computer automatically, without the protection of NAT. (Most NAT routers do at least basic packet filtering, in addition to NAT. So there is some protection, but not specifically against unsolicited traffic.)</p><p></p><p>In this circumstance you can add a software firewall, or run a more complex and expensive hardware firewall or firewall appliance.</p><p></p><p>The safer methods of "port triggering" or UPnP can be used instead of port forwarding or the DMZ, and this avoids this vulnerability. (See below.)</p><p></p><p>However, if you are running a publicly available server you will probably have to use port forwarding.</p><p></p><p>Generally software firewalls provide valuable additional protection that supplements the protection provided by NAT routers and SPI firewalls.</p><p></p><p>They can inexpensively provide good protection for individual computers on your network in the event that one of the computers gets infected.</p><p></p><p>Software firewalls can also watch for trojans, viruses, or unauthorized legitimate software, trying to connect out. Software firewalls have the advantage that they know what is going on inside your computer, they can see which program is trying to get out, and whether that program has changed since the last time it tried to get out. External firewalls and NAT routers can't do that.</p><p></p><p>The downside of software firewalls is that they can be shutdown by users, stalled or terminated by other software on the PC malfunctioning, and certain viruses and trojans disable them or shut them down.</p><p></p><p>On the other hand, while external firewalls and NAT routers don't know exactly what is going on inside your computer, they are simple devices that are much less likely to have problems that cause them to fail dangerously.</p><p></p><p>Ideally a software firewall should be an additional layer of protection behind an NAT router or external firewall. For homes a free version of a software firewall or the built in Windows firewall is normally adequate for this additional layer of protection.</p></blockquote><p></p>
[QUOTE="talmar, post: 2617389, member: 3877"] Somewhat true. Depending on your network configuration, a NAT router can be a very cost-effective, inexpensive and reliable addition to your computer's security. At US$40 to $70, they can be worth getting even if you only have one computer. In their default configuration, common NAT routers do effectively handle the particular problem of unsolicited inbound packets reaching a computer on an internal network. But sometimes networks have requirements that make NAT boxes inadequate. NAT routers provide very good protection for normal homes, and small offices and home offices (SOHOs) against unsolicited inbound events from outside the network. So a NAT router is normally adequate for homes and SOHOs for protection against incoming events. However, you will want to consider additional protection for these reasons: You should definitely run a software firewall on any computer that connects to AOL using a different Internet Service Provider (AOL's Bring-Your-Own-Access plan or AOL MAX using an ISP) no matter what kind hardware firewall or NAT router you have. AOL BYOA connects to your computer by creating a "tunnel" through the Internet. With AOL BYOA, tunneling uses your real IP address to connect you to AOL's network where you have a second IP address. Traffic using that second IP address is inside the tunnel. With AOL, the far end of the tunnel is other AOL customers and the Internet, so it is untrusted. The solution is to use a software firewall. A software firewall will effectively filter the traffic after it leaves AOL's tunnel and before it gets into the rest of your computer. In some countries AOL9 Max includes the free option of installing the McAfee Firewall Express software firewall. Somewhat similarly, if you connect to an untrusted network using Virtual Private Networking (VPN), you should either use a software firewall or an external VPN firewall. VPN uses encrypted "tunnels" for privacy. Traffic is only decrypted when it leaves the tunnel. Each end of the tunnel looks somewhat like an extension of the LAN at the other end: one end of the tunnel may have LAN IP addresses such as 192.168.1.xxx and the other end may have LAN IP addresses such as 192.168.10.xxx. Network Address Translation is not used for traffic when it leaves the VPN tunnel, so there is no NAT protection for traffic through the tunnel. With VPN, you can use software firewalls. Alternatively you can use an external VPN capable firewall. With an external VPN firewall, the VPN tunnel can be configured to end on the external VPN firewall. This means the external firewall is decrypting the VPN traffic, and it can then examine the traffic and protect your computers. Be sure to test that your external firewall is configured correctly to protect against unauthorized traffic from outside and inside the tunnel. If you have to turn on port forwarding or the DMZ to run servers or other applications you should consider either a software firewall or a more expensive SPI firewall. Turning on port forwarding means traffic for the forwarded ports is forwarded to the specified computer automatically, without the protection of NAT. (Most NAT routers do at least basic packet filtering, in addition to NAT. So there is some protection, but not specifically against unsolicited traffic.) In this circumstance you can add a software firewall, or run a more complex and expensive hardware firewall or firewall appliance. The safer methods of "port triggering" or UPnP can be used instead of port forwarding or the DMZ, and this avoids this vulnerability. (See below.) However, if you are running a publicly available server you will probably have to use port forwarding. Generally software firewalls provide valuable additional protection that supplements the protection provided by NAT routers and SPI firewalls. They can inexpensively provide good protection for individual computers on your network in the event that one of the computers gets infected. Software firewalls can also watch for trojans, viruses, or unauthorized legitimate software, trying to connect out. Software firewalls have the advantage that they know what is going on inside your computer, they can see which program is trying to get out, and whether that program has changed since the last time it tried to get out. External firewalls and NAT routers can't do that. The downside of software firewalls is that they can be shutdown by users, stalled or terminated by other software on the PC malfunctioning, and certain viruses and trojans disable them or shut them down. On the other hand, while external firewalls and NAT routers don't know exactly what is going on inside your computer, they are simple devices that are much less likely to have problems that cause them to fail dangerously. Ideally a software firewall should be an additional layer of protection behind an NAT router or external firewall. For homes a free version of a software firewall or the built in Windows firewall is normally adequate for this additional layer of protection. [/QUOTE]
Insert quotes…
Verification
Post reply
Community
General Tabletop Discussion
*Geek Talk & Media
To Firewall or not to Firewall
Top
