Home Network, router firewall vs Windows firewall [closed]

firewall

Solution 1:

I have always heard that a router/hardware firewall is better than a software firewall. And yes they are redundant. But one thing you will hear a lot from security people is the phrase "defense in depth".

So even though they are redundant, you may find that doubling up on a firewall probably won't hurt and it is nice to have a backup just in case.

Solution 2:

Be aware that in Windows XP the built-in firewall (Windows Firewall) provides inbound protection only. A program running on your computer that attempts to access the internet will not be stopped or checked by the built-in Windows Firewall.

On Vista I believe the built-in firewall does do outbound checking, but it is disabled by default. Why this is, I can only guess.

The key security benefit my router provides is Network Address Translation (NAT). As others have said, this translates my external (ISP assigned) ip address to an internal private IP address. I could be wrong but this is what I mean when I talk about a hardware firewall.

So, on XP, I use the router (hardware) firewall and run another software firewall to provide an extra level of inbound protection, as well as much needed outbound protection.

As I'm sure you know, a router can be configured to open various ports. The software firewall will also watch for inbound access through any opened ports. So, for example, if you open a temporary port but then forget to close it, its useful to have the software firewall as a backup.

I also turn the built-in Windows firewall off. This is actually recommended by Microsoft and other vendors, ie. run only one software Firewall at a time.

Solution 3:

They are redundant, but the Windows Firewall can still be useful - for example if your child's computer gets infected and attacks other systems on the LAN, it won't be able to get past the Windows firewall. If you have a docked laptop, it is often convenient to leave the firewall enabled even while on the LAN so that you won't forget to re-enable it when the laptop travels.

Solution 4:

In most cases at home, whatever router you are behind is perfectly acceptable to protect you and your PC's from any sort of intrusion, especially if remote management is turned off. What you need to look out for is applications which might open ports in your router using UPnP. This is not generally bad, depending on how paranoid you are.

Windows Firewall, on the other hand, is not exactly redundant. All your router does is put your computer on a private network, with a different IP address than your publicly facing one, and when desired, forwards connections on specific ports to your machine on the private network. Windows firewall can protect and notify you about outgoing connections your machine attempts to initiate, as well as provide an additional layer of protection against incoming connections you did not explicitly allow.

Related

Backup of Active Directory
VMware ESX Auditing
Wireless Hotspot Security
MySQL database count limit
Differences between Active Directory Server and PDC
Improved SharePoint/MOSS 2007 Wiki
How to have downloads be automatically unblocked?
New Windows 2008 Disk Partitioning Offset question - should I worry about it?
What is the button on power supply of the Dell Optiplex 760 workstation for?
How to mount a LVM partition on Ubuntu?
Using rsync to maintain a copy of a directory with a name that changes
Linux programme to show me how much the fans are running?