Hardware Firewall

Discussion in 'Networking and Security' started by dougcs, Sep 3, 2003.

  1. Last week, I was the victim of a variant of a virus that at this point is just being reported, its name is blaster.f and apparently has found new and creative ways into your system.

    I use a firewall and keep my OS, and antivirus up to date. I do not preview emails in Outlook Express and I do not open attachments without knowing what they are. Yet, I was hit with this virus and it took a few days to get the computer fixed. I did have good backups, so all I lost was some time.

    In discussions with two local computer shops, I learned that the new viruses will breach systems even if you patch you OS and keep your AV software up to date. In their words, the virus writers are smarter or at least a step ahead of the AV companies.

    I was told that the best defense is a "Hardware Firewall."

    My questions are:

    Does anyone use this? Is it effective? Does it cause other problems? Any recommendations?

  2. I use a hardware firwall. It's an old 486 running Smoothwall software which is a linux based product.

    Linux sotware is uneffected by the blaster.F virus which can only effect mircosoft products.

    A hardware firewall is cheap and easy to set up, and is essential if you have a broadband internet connection.

    Why would you risk losing everything on your hard drive for the sake of a few hundred bucks?

  3. Swish


    Buy a linksys switch (router) - it provides a hardware firewall - keeps changing your ip address while you're connected. Never had any problems with brokerage accts or stability.

    Also, as of yet, haven't got any of the virus' on any of my 3 computers.

    Are you using Norton Internet Firewall - if so, set security setting to highest level. Blocks ports that virus' attack.
  4. CalTrader

    CalTrader Guest

    If you have a public facing computer/system then attempts will be made to break into it directly and indirectly - through applications like email and others.

    The best solution on a public facing system is to have what is called a DMZ - like the de-militarized zone. The idea is to have a network between your real network and the outside world. This is the best configuration and can be achieved with cheap hardware routers and cheap or free intrusion detection systems on either Windows or Linux/Unix based systems.

    So, read up about this and see if you can move towards this configuration. You really need to know which ports you need open and why: once you know this you can watch them and use hardware and software firewalls to achieve a high level of security.

    Of course none of this will help you if you download software from an untrusted source which carries a trojan and install it on your computer - although even in this case a properly configured DMZ might offer some protection.
  5. Just get yourself a ROUTER from Belkin or Linksys.

    You can get them at COMP-USA or any other computer store for about $30.00 ( with rebates ).

    Even the most basic routers will come with NAT ( Network Address Translation ). In this way, the ROUTER will hide your IP address from attackers, AND those annoying pop-up jerks.

  6. nitro


  7. nitro,

    I am wondering myself. It actually takes quite a bit of study to compare the merits of the different firewalls. Looking at the Sonicwall, I think that for its price tag of about $400 it really does not offer any significant features over a $100 Netgear or so.

    Am I overlooking something?

  8. A firewall is a firewall, software or hardware, it doesn't really matter too much. The function of the firewall is to keep the traffic you want out and to let the traffic pass through that you want passed through. The rest is bells and whistles and irrelevant to the problem you're mentioning.

    Also, you have not kept your software up to date. If you did, you would have been immune to the virus you speak of. The patch was out for a couple of weeks before the sh*t hit the fan. I recommend turning on automatic updates. If you were wide open with your ass to the wind, this alone would've saved you.
  9. I think you may be referring to me, as I started the thread. All of my software (XP, Norton AV) was updated the night before the attack. I also subscribe to Microsoft's security emails and update the same day I get one that is regarding a critical update. So the supposed security hole was blocked, if I remember correctly, aroung the middle of July.

    I got the virus anyway. The guy at the computer shop who fixed the computer said this virus blasted through the firewall (Zonealarm) and was missed by the AV software(Norton 2003 PRO). He said the only thing that would have stopped it was a hardware firewall that I did not have, hence my starting this thread.

    #10     Sep 7, 2003