Hardware firewalls

[Ymets2k]

Is it worth it for a regular user to spend 50.00 on a hardware firewall?

[lil Jimmie]

If you have a broadband connection that is on all the time, a router using a NAT firewall is a great idea.

[luisr]

I just got a DSL connection and wonder the same thing. My telco provides a Zyxel Prestige 623-41 DSL modem.

There is a local forum where this issue is being discussed (security of the modems provided by the telco) but people don't seem to agree on the correct answer.

Some say a hardware firewall is a good idea, others say that a program such as ZoneAlarm is enough, yet others say that this particular modem is secure (NAT router - whatever that means - I am a newcomer to this networking thing).

Looking at the specs of this particular modem, it says the following: "Embedded firewall includes NAT, IP filtering and raw filtering".

I have noticed that the IP address the computer reports is assigned by the modem and entirely different from the IP address seen from outside. Is that good in terms of security?

Any one with experience about this particular DSL modem?

[njskatchmo]

firewalsl are really annoying. They block lots of non-malicious things, like update managers of various programs, games, and all that. I know you set up the ports and such but its rather annoying. Plus most hackers would never go after a single user, unless you frag them to much online then they might get pissed and trash your computer. Unless youre running some kind of server and posting your ip everywhere i see no point in them.

[Iman74]

Let's put it this way; getting a Linksys router can't hurt, it can only help. The only thing that will hurt (a little) is your wallet.

[reboot]

luisr, if it's got NAT, then you're behind a firewall already. Sounds like a good modem, as most don't include one.
If you plan on any networking in the future, get a router with NAT.
Software firewalls are better than nothing, but nowhere near as good as NAT.

[luisr]

Quote:

Originally posted by reboot luisr, if it's got NAT, then you're behind a firewall already. Sounds like a good modem, as most don't include one.

Thanks! That's good to know. The only thing is that the telco does not give the password to the users even though they "give out" the modem when signing up for the DSL service.

For what it's worth, I telnetted to my modem from work and got this in reply at the login prompt:

Code:

Raptor Firewall Secure Gateway (gv-ifw1)

                        ********************
                         Welcome to P623-41
                        ********************

ZyXEL Inc., Software Release 1.38(GA.3)
Copyright (c) 2001-2002 by ZyXEL, Inc.

Any comments?

[fudtone]

Quote:

Originally posted by reboot luisr, if it's got NAT, then you're behind a firewall already. Sounds like a good modem, as most don't include one. If you plan on any networking in the future, get a router with NAT. Software firewalls are better than nothing, but nowhere near as good as NAT.

sounds like the modem is taking care of the router part also. I think all he would need to network is a switch or hub.

I agree! sounds like a nice modem.

[KHT]

Quote:

firewalsl are really annoying. They block lots of non-malicious things, like update managers of various programs, games, and all that. I know you set up the ports and such but its rather annoying. Plus most hackers would never go after a single user, unless you frag them to much online then they might get pissed and trash your computer. Unless youre running some kind of server and posting your ip everywhere i see no point in them.

It`s not a personal vendetta thing with crackers (not hackers, get it right).

Ever hear of a port scanner? Software does the dirty work for them on a large scale.

[njskatchmo]

Somesones beign antsy, I know the difference between hacker and cracker but its generally accepted to use hacker as cracker.

[luisr]

I have been reading here and there about NAT security and that it rejects connection attempts from outside that are not part of a conversation initiated from inside.

Now my question is, how do instant messaging services such as ICQ and MSN Messenger get through? I mean, when a user in your contact list sends you a message first. Or is that very initial message sent through a server that already had a connection with my computer and already got past the NAT router? Or is it that these services use standard ports that are allowed access by the router?

[fudtone]

Correct Luisr these apps are using ports that your router has open and a client/server is monitoring.

Why thugs don't attack these ports more directly is beyond me.

[luisr]

Quote:

Originally posted by fudtone Correct Luisr these apps are using ports that your router has open and a client/server is monitoring.

Thanks. That could mean that a new application using a different port migh have trouble getting through firewalls and routers.

Quote:

Why thugs don't attack these ports more directly is beyond me.

Don't talk too loud...


I love this board! So many people hang around that I normally get good answers in minutes.