General Questions

...merely a lot of inquisitive idiots.


Hi-

I'm hoping one of you will take a moment to help out this bloke.  Ever since I installed Norton Firewall (now Norton Security or whatever) I've wondered how anybody tolerates such a big fat toad of a program.  To mix metaphors, it's a resource hog that found me thinking that surely an old computer could become a stand-alone firewall and let my other machines breathe easier.  (This is a home network I'm talking about here.)  A quick snoop of the Internet led me here, and my hope is that m0n0wall will fit the bill.  Here's my question:

If I keep *antivirus* software on my personal computers, can a m0n0wall box do everything that I need in terms of firewall protection?  That is to say, do I need a software firewall on my individual computers in addition to a m0n0wall box protecting the whole network?  If I just have m0n0wall, what types of protection might I be missing?

I know this is a basic question, but I swear a search through all the previous threads and a read of all the available documentation didn't yield an answer.  (I'm guessing that simply means my question is sooooooooooo basic that anyone who is here in the first place knows the answer.)

Thank you in advance for your time,

-Bryan

M0n0wall will keep out all internet based attacks. Anything that traverses from the WAN (internet) to the LAN will go thru the m0n0wall and be blocked unless you specifically allow it. This leaves only a few methods of attack: attack a service that is allowed thru the m0n0wall, or an attack that comes from the LAN. I do not run any local firewall on my winblowz box, I just run m0n0 on my DSL connection. But I trust all the devices on my LAN.

Hope that helps.

Absolutley.

Thank you!  Now I know my next step: setup a m0n0wall box.

Cheers,

-Bryan

You don't need a firewall on your clients, as DJEMIVT said. But no firewall eliminates the need for other security controls on your client machines. If you allow any traffic through any firewall, your internal machines can be compromised. Not from traffic initiated from the Internet if you don't allow anything inbound, but if you allow anything outbound you're open to attack.  Web browser vulnerabilities, social engineering convincing a user to download malware, amongst many other possibilities only requiring outbound traffic can all compromise machines. 

Chris-

Thanks for your time.  I take your post to mean "No one will ever be totally safe."  Or, when you write that "no firewall eliminates the need for other security controls on your client machines" are there specific things that a commercial software product do that are actually worthwhile?  Should I be less hasty in condemning Norton Internet Security and its ilk?  Knowing that there are always risks, should I be content to run m0n0wall and then have an antivirus (or some such) product sitting on my desktop machines?

By the way, you're being very gracious to take time responding to my entry-level questions.  It just seems like more average consumers should be pouncing on things like m0n0wall.  (Although, in my defense, this "average consumer" used to write software for a living.)

-Bryan

Hi tsma,

The only security software i'm running on my LAN machines is a good antivirus. There are many good and light weight antivirus tools out there like avast or antivir. I run those along with m0n0wall and i'm happy with this setup.

Norton is a bad piece of software heavy as hell, and makes any high end machine run like an old pc....

I've still got software firewalls on a couple of windows servers in my DMZ because 1.) I'm paranoid, and 2.) There are still some malicious attempts made through legitimate ports to compromise the machines using SQL injections, ASN1 heap corruption, and a few others. I use the firewalls to log data on the attackers and send it to their ISP's, although I can't say with any certainty that any action is taken against them; chances are good that the traffic is from an infected or compromised machine and unbeknownst to the machine's owner.

Just my $0.02 worth.

Max2950, DJEMiVIT, Chris & javanator-

Thanks, again, to you all for you $.02.   Really, it was worth considerably more to me. 

Methinks I can procede with confidence now!

-Bryan

I'm hoping one of you will take a moment to help out this bloke.  Ever since I installed Norton Firewall (now Norton Security or whatever) I've wondered how anybody tolerates such a big fat toad of a program. 
If I keep *antivirus* software on my personal computers, can a m0n0wall box do everything that I need in terms of firewall protection?  -Bryan

As others have said, firewall software on your client PCs is redundant if you already have a good firewall such as M0n0wall. For antivirus, I suggest anything BUT Norton/symantec products. My company serves many businesses with IT/IS services, and we suggest Trend Micro Client/Server for SMB (latest version 3.6) to almost all of them. If you have more than one PC on your network, you should consider this product. Just disable the firewall and spam filter controls. They both will interfere with your normal day-to-day stuff. You will need to have one PC running all the time as the server for the SMB product, though. But you will have ONE place to configure and check status for all protected PCs, and you can also stop users from canceling scans or messing with settings. The price is right, too. Less than $30 per PC. If you want a standalone product, try out Avira Antivir but be aware you will only protect against viruses and not malware. Do NOT get Trend Micro Internet Security, it's a SUPER resource hog!!!
As I've said in other threads, you also have the option of using Untangle Server for gateway security, it has integrated anti-virus, malware, spam, firewall, routing, and web filtering built-in but requires a healthy PC with at least 1.5 GHz cpu and 512 MB RAM with 40 GB HDD. The software is free too.