Why more then 1 Firewall?

BB,

all I can say is .....

~FIREDANCER~

 

What I'm amazed by is how many will not try it and test

Why should I test something that I know is only going to give me ONE WAY protection ?

And still have to install another firewall to make up for it. That is for the Birds. Not me. One program covering both ways is enough.

I knew that long before I ever installed XP. And was advised to install a firewall BEFORE letting XP access the Internet. That way both could be set up together and more than likely get along bettter.

But I did not have to worry about that as I put XP over SE which already had a Firewall. XP picked it up and kept right on going like it had always been there.

ICF is not needed if you already have a firewall or proxy server on your network in your home.

Can someone tell me why they offerd that advise?

HHMMMM That is a good question.

BillyBob

 

Hi FireDancer,

Again, my appologies. My only excuse is I feel like I've been pounded on all day on this subject

I understand your thinking on this issue. I don't have a history of bad experiences with Firewalls. Lucky I quess.

For both of you, no I don't think its necessary to run ICF with another FW. I would not run Sygate with ZA together, agreed, that would be asking for trouble.

I run ICF because its there, "free" - I got the point about its cost as part of the OS, have no conflicts, does relieve Sygate of work - this point I've read BB make about his router in relation to Kerio. I don't get the point about "not needed ". BB never really answered my question, why is the router FW needed? and why did he, more than once make a point of writing about a lighter load on Kerio. Is that needed? Obviously not because Kerio does such a good job on its own.

Ok, I've got to end this day. A good night to both of you.

Regards - Charles

 

MS state:

But this logic is flawed. People with a degree of security awareness shall not wish to run a firewall offering ingress-only "basic intrusion prevention ", whilst those without that awareness shall not think to enable ICF.

IMO, ICF, if enabled by default, would have been quite useful as a "something is better than nothing" security measure for those people who would not otherwise have installed a firewall. However, without being so enabled, it suffers from chocolate fireguard syndrome.

I can see absolutely no merit in running ICF in addition to a third-party product - doing so wastes (an admittedly small amount of) resources, does nothing to enhance the security of a system and makes troubleshooting connectivity issues slightly more problematic.

But Firedancer - it strikes me as rather peculiar that you should be critical of an election to run more than one firewall whilst yourself merrily running numerous anti-foistware products (the merits of which were discussed in this thread).

A simple way to avoid this is to take the time to protect yourself and not use "OVERKILL ". Determine what your needs are and impliment them, and that goes for everyone from the home user to the buisness user. More then one firewall is just plain silly!!! It's like hiring 3 people to do the same job at the same time... you would be just spending more money then you need and waisting time to get the job done that one can do arent you?

Hmmm

 

This "not needed" and "not necessary" issue is the heart of the matter, isn't it?

I run Proxomitron: local proxy/web filter - needed? No - but I like the results.

I run SSM (System Safety Monitor): Monitors all exe's on the system - needed? No - but I like the results.

ICF: No - but I like the results.

Regards - Charles

 

New day. New thoughts. Different angle.

First off my Router was not really installed for the Firewall part. That is just a well appreciated Bonus.

If I read correctly from the above ( in quote ) ICF does take some load off of the incoming side of Sygate. But does it take all or some ?

If it only takes some then I would not consider it safe to use alone. And it would appear to be as I first though. It does not block everything.

As to needing a 3rd party softwere Firewall I need it for the same reason charlesvar stated. To have control over the outgoing phone calls Which my Router and ICF do not have.

But if ICF is indeed catching some of the incoming calls and thereby relieving the stress on Sygate then I belive it would be acting similiar to my Router and may not be a completely bad idea to run it. As long as it does not cause conflicts.

But I do believe we all agree that ICF akone is not a good idea.

 

Good Morning BB,

"But it ICF is indeed catching some of the incoming calls and thereby relieving the stress on Sygate then I belive it would be acting similiar to my Router and may not be a completely bad idea to run it, "

You got it, its what I've been trying to get across in two threads.

"But I do believe we all agree that ICF akone is not a good idea. "

Emphatically agreed with.

Regards - Charles

 

I am liking the new day already.

Good Morning to you too.

As to the difference between ICF and a Router.

ICF.
If ICF goes down you would still be able to get to the NET I believe with little or no protection

Sygate
If it messes up I believe you could still get to the NET with little or no protection either way.

If the user messes up with either it can leave you vulnerable.

Router.

Like ICF it is only one way. Incoming. And you do still need a 3rd party software. I will not deny that in anyway.

The Router is a piece of hardware completely separate and not dependent on the OS. And therefore I believe more reliable than software.

If I forget to power up the Router I am going to get nowhere. If I forget to reset a software Firewall ( or it goes fluky ) I can still get to the net.

Especially if you are on DSL or Cable even with just one machine I believe you would see a Router as a very usefull/helpfull item. I think it took me the whole sum of 10 minutes to get mine installed and have not touched it since.

And they are much less expensive now than when I bought mine.

Although I believe there are upgrades/updates avaiable for it. BUT, It is working. You know the rest

There are ( I never had any anyway ) no conflicts to worry about. Capable of running Sygate ( or whatever ) alone and relieve a lot of stress on both you and your system.

Now please do not get the idea that I am saying that a Router will never fail. Because it would be outright wrong of me to do so.

BillyBob

 

BillyBob - just me back again!

As you know I asked a lot of questions in a previous post about routers & firewalls. I also do a lot of research myself before making a decision. I have followed all you advice and not only have I ordered a router for my ADSL connection but NIS is going too!

I was most interested to find this post tonight as it further assures me that I have made the correct choice by ordering a router modem and have all the AV & Firewall choices made.

I know it's going to be a nightmare to remove all of NIS but hopefully I will be getting help to sort this bit out.

Thanks to your advice I have finally got there in the end