Bienvenido! - Willkommen! - Welcome!

Bitácora Técnica de Tux&Cía., Santa Cruz de la Sierra, BO
Bitácora Central: Tux&Cía.
Bitácora de Información Avanzada: Tux&Cía.-Información
May the source be with you!

Tuesday, September 30, 2008

SW firewall or/and router?

An example of an inteface for a firewall (Gufw)A firewall is a device or set of devices configured to permit, deny, encrypt, decrypt, or proxy all computer traffic between different security domains based upon a set of rules and other criteria.
A firewall is a dedicated appliance, or software
running on another computer, which inspects network traffic passing
through it, and denies or permits passage based on a set of rules.

A firewall's basic task is to regulate some of the flow of traffic between computer networks of different trust levels.
Typical examples are the Internet which is a zone with no trust and an internal network
which is a zone of higher trust.
A zone with an intermediate trust
level, situated between the Internet and a trusted internal network, is
often referred to as a "perimeter network" or Demilitarized zone (DMZ).
Without proper configuration, a firewall can often become worthless.

Standard security practices dictate a "default-deny" firewall ruleset,
in which the only network connections which are allowed are the ones
that have been explicitly allowed. Unfortunately, such a configuration
requires detailed understanding of the network applications and
endpoints required for the organization's day-to-day operation.
businesses lack such understanding, and therefore implement a
"default-allow" ruleset, in which all traffic is allowed unless it has
been specifically blocked
. This configuration makes inadvertent network
connections and system compromise much more likely.
Firewalls permit a Stateful Packet Inspection (SPI) and give DoS attack protection
Cisco 1800 RouterA router is a computer whose software and hardware are usually tailored to the tasks of routing and forwarding information.
Routers generally contain a specialized operating system (e.g. Cisco's IOS or Juniper Networks JUNOS and JUNOSe or Extreme Networks XOS), RAM, NVRAM, flash memory, and one or more processors, as well as two or more network interfaces.
High-end routers contain many processors and specialized Application-specific integrated circuits (ASIC) and do a great deal of parallel processing.
Chassis based systems like the Nortel MERS-8600 or ERS-8600 routing switch have multiple ASICs on every module and allow for a wide variety of LAN, MAN, METRO, and WAN port technologies or other connections that are customizable.
Much simpler routers are used where cost is important and the demand is low, for example in providing a home internet service.
With appropriate software (such as Untangle, SmoothWall, XORP or Quagga), a standard PC can act as a router.
Routers connect two or more logical subnets, which do not necessarily map one-to-one to the physical interfaces of the router.
The term layer 3 switch often is used interchangeably with router, but switch is really a general term without a rigorous technical definition. In marketing usage, it is generally optimized for Ethernet LAN interfaces and may not have other physical interface types.
Routers operate in two different planes:
  • Control Plane, in which the router learns the outgoing interface that is most appropriate for forwarding specific packets to specific destinations,
  • Forwarding Plane, which is responsible for the actual process of sending a packet received on a logical interface to an outbound logical interface.

If you want outbound protection then install a software firewall.
If you have not set any rules with the router the default allow all outbound will apply (default inbound is block all).
You don't necessary need a software firewall behind a router and many don't use one it may depend on experience.
Firewalls in routers can be configured with rules for inbound and outbound or another tool may be used. If you feel it will help with and take care of the outbound then why not - something light and unobtrusive.
The issue of having an outbound FW depend on the risk profile you have on the www. If you just do email and light surfing for receipts and weather then everything you are doing is fine. Security trumps speed.
If on the other hand you keep financial and private information on your PC and purchase items on credit and do on line banking then your risk of identity theft is higher.
In the latter case leave the firewall ON.
Outbound protection is a must when bank transactions are involved.
Problems in PC security terms are of different kind and the worst of them are never spotted. 
Keep the SW firewall (e.g.ComodoPF) and don't let anything except browser, downloader and other safe apps out.

All the malware writers put the best of their skill to make trojans, keyloggers, etc. undetectable.
Hundreds of thousands of PCs are part of zombie networks and the owners think everything is OK.

No comments: