Wondering about firewall

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Author Message
madmaxmugie
DD-WRT Novice


Joined: 12 Jul 2006
Posts: 5

PostPosted: Sat Jul 15, 2006 22:36    Post subject: Wondering about firewall Reply with quote
I'm just wondering if it's recommended to use a 3rd party firewall with the one built into dd-wrt sp1 final on my wrt54gl. My firewall settings right now are set to "Block Wan Requests" with all boxes checked, and no "Additional Filters" set. I also have 1 port forwarded.

Should I be all set with only the router firewall or should get another one such as zonealarm.

Thanks for any help

MMM
Sponsor
HWS
DD-WRT Guru


Joined: 06 Jun 2006
Posts: 579
Location: Germany

PostPosted: Sat Jul 15, 2006 22:55    Post subject: Re: Wondering about firewall Reply with quote
madmaxmugie wrote:
Should I be all set with only the router firewall or should get another one such as zonealarm.
In most cases there is no need of other firewall.
_________________
DD-WRT v23 SP2 (09/13/06) std on WRT54GL V1.1
Last News
madmaxmugie
DD-WRT Novice


Joined: 12 Jul 2006
Posts: 5

PostPosted: Sat Jul 15, 2006 23:21    Post subject: Reply with quote
Thanks HWS, I kinda thought one firewall would be enough. Well actually there's the built in win xp one too so I guess I should be fine. I don't really have anything that important on my computers anyway.
ro-maniak
DD-WRT User


Joined: 07 Jun 2006
Posts: 367

PostPosted: Sat Jul 15, 2006 23:30    Post subject: Reply with quote
I have exactly the same question, but would be happy with some more technical insight if anyone can give it.

What are the capabilities of SPI of ddwrt exactly? How save is it, seen on itself and in also in comparison with, say, ZoneAlarm?

I've never had to wonder about this, because I have always used ZoneAlarm free, which has always worked like a charm and has protected me perfectly.

Alas, with their newest update they have screwed up bigtime so that many people including me are no londer able to properly install on a perfectly normal windows xp sp2 machine. They have confirmed the trouble themselves (see their forum) and also I have had this problem now on quite a few quite different computers (but all running recent and updated windows XP).

Whatever. But because of what I've written above, I have had to uninstall ZA. Right now, I do not want to install any other free product YET, I want to see whether they fix it in their next release. For the mean time I have turned on SPI on the router and (...yes I know, don't tell me) Windows Firewall.

Sooo... how good is ddwrt spi? I have no idea as to what it is, can or can't do etc etc.

_________________
If you use DD-WRT, you HAVE to make a donation! See this topic too: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=228
DKP
DD-WRT Novice


Joined: 06 Jun 2006
Posts: 11

PostPosted: Sun Jul 16, 2006 4:03    Post subject: Reply with quote
DD-WRT provides firewall security through NAT. Anyone looking at your computer's IP from the outside will only see the router, and nothing behind it. The only time anything is allowed through the router to your computer directly is when your computer makes an outbound connection and requests something.

That being said, the router should protect you from 99% of all the random port scanning, worms, etc. that plague most broadband users. DD-WRT arguably does a better job than ZoneAlarm at this because ZA filters packets that have already gotten to your computer, while DD-WRT stops them before they enter your network.

On the contrary, DD-WRT does not allow you to filter outbound connections. ZA still finds good use behind a NAT router because it allows you to see if programs, viruses, or spyware are "phoning home."

Again, no firewall is 100% perfect, but DD-WRT does provide sufficient protection from incoming attacks, however i would reccomend ZoneAlarm in addition to good Antivirus and malware tools to control anything from unknowingly leaving your network.
ro-maniak
DD-WRT User


Joined: 07 Jun 2006
Posts: 367

PostPosted: Sun Jul 16, 2006 8:18    Post subject: Reply with quote
Thanks! If anyone has anything to add to this, I am still interested of course... Very Happy
_________________
If you use DD-WRT, you HAVE to make a donation! See this topic too: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=228
HWS
DD-WRT Guru


Joined: 06 Jun 2006
Posts: 579
Location: Germany

PostPosted: Sun Jul 16, 2006 11:32    Post subject: Reply with quote
My additional favorite Firewall is Kerio.
I want to know which software are "phoning home".
I can see all active connections of running applications.

_________________
DD-WRT v23 SP2 (09/13/06) std on WRT54GL V1.1
Last News
leftovers
DD-WRT User


Joined: 11 Jul 2006
Posts: 63

PostPosted: Sun Jul 16, 2006 21:09    Post subject: Reply with quote
Outpost for the win....and the block and complete control both inbound and outbound.

Also has excellent logging and some nice pluggins to enhance
Spankster
DD-WRT Novice


Joined: 07 Jun 2006
Posts: 16

PostPosted: Sun Jul 16, 2006 22:49    Post subject: Reply with quote
DKP wrote:
Again, no firewall is 100% perfect, but DD-WRT does provide sufficient protection from incoming attacks, however i would reccomend ZoneAlarm in addition to good Antivirus and malware tools to control anything from unknowingly leaving your network.


I agree with DKP on this one. DD-WRT will provide good protection to your network from incoming attacks. Port scans and other direct approaches. However, it will not stop a virus from entering your network through an email attachment. It will not stop that trojan from "phoning home" once you're infected because DD-WRT only protects against incoming attacks. Zonealarm (or most other personal firewalls like Norton Firewall or any number of others) will protect you from dangers that have made it into your network from other sources (email being the most common).

Even if you don't "keep anything valuable" on your computer, you should still take every precaution to protect your network because you'd be amazed at how much personal information can be gleaned from your computer. When was the last time you entered a credit card number, name and address on a web page for purchasing something. That info is likely still in your local cache somewhere. Identity theft is a real problem, and so you should protect yourself with every reasonable method available. Since DD-WRT and Zonealarm are both free there's no reason to not use both (and a good antivirus is a must of course).

Spankster
PisstMSTRCHIEF
DD-WRT User


Joined: 12 Jun 2006
Posts: 95
Location: Chicago

PostPosted: Mon Jul 17, 2006 7:32    Post subject: Reply with quote
I agree with everything said, there is an excellent podcast called Security Now!, it goes through everything said and has/is teaching me alot.

Anyone can download it with itunes, or visit there site:

http://www.grc.com/securitynow.htm

_________________
It's easy to fly, just throw yourself at the ground and miss.

WRT54G v1.1- SP1, xbox cooling fan.
WRTSL54GS - DD-WRT v23 SP2 (09/15/06) voip
catalyst
DD-WRT User


Joined: 11 Jun 2006
Posts: 162
Location: DE

PostPosted: Mon Jul 17, 2006 9:39    Post subject: Reply with quote
http://en.wikipedia.org/wiki/Firewall_%28networking%29

guys don't forget: you're talking about "Personal Firewalls"
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum