PDA

View Full Version : Advantages of using extra PC as Firewall?????



br0nwyn
14-05-2003, 09:25 AM
It was suggested to me to buy a new PC and use the old as firewall.Does this mean i know longer need anti virus?What would i need to do to connect the two?

Mike
14-05-2003, 09:31 AM
> It was suggested to me to buy a new PC and use the
> old as firewall.Does this mean i know longer need
> anti virus?What would i need to do to connect the
> two?

Personally I don't think there are any real benefits having a seperate PC running as a firewall - unless perhaps if you're using a hardware firewall like those used in large corporations (quite unlikely that you'd be doing this). And no it does NOT mean that you don't need an antivirus - A firewall is not an antivirus program, it won't stop viruses like an antivirus will.

Mike.

Chilling_Silently
14-05-2003, 09:39 AM
Certainly not a NEW PC!

Perhaps if you've got an old 486 lying around...

It all depends really..

Mike
14-05-2003, 09:52 AM
> It all depends really..

On what?

Mike.

-=JM=-
14-05-2003, 07:01 PM
Well the advantages are that you don't have to use a software based firewall on your main computer. Though you might be paranoid and want to use one anyway.

If you've got a spare computer it would be worth IMO. Smoothwall (http://www.smoothwall.org) is the preference from what I hear.

Marshell
14-05-2003, 07:46 PM
It depends on what you use your PC's for, If your runnning a Business using Smoothwall is probably the best option, on the other hand if its just for home use I would sell the older PC and use the money to purchase Zone Alarm Pro Zone labs (http://www.zonelabs.com)

This is still the best PC based Firewall (which is all most home users need) and is very easy to setup and use.

Let us know what you decided

whetu
14-05-2003, 07:47 PM
I believe the old comparison was this:
the difference between a host based (software firewall - NIS/NPF, blackice, kerio... whatever) and an external (hardware - cisco firewall etc, independant - pc used solely for firewall tasks such as a smoothwall box) is like the difference between locking your jewellry box and leaving your front door wide open, and locking your front gate and front door.

The point is that host-based firewalls are far inferior to independant firewalls because they are flawed by design. Some other downpoints about software firewalls are that they take up system resources, they can be intrusive to your internet experience (popping up asking for rules creation etc), and they can mess up local networking (a real pain in the arse to get around) whereas with an independant/external firewall you get the security advantages as well as the solution being basically set and forget.

Personally I'm running a Smoothwall box and on my main rig I have NIS2k2 Pro running, with its firewall feature disabled.. I'm only running it as an adblocker.

I have a lot of experience with Smoothwall so if you do decide to go that route, I'm available to help you out with setup/config/troubleshooting

In saying that however, if you only have one main computer in your house, then just use the one computer with a software firewall of your choice installed.. It's a little different in my flat where I've got a few servers and a network of computers to protect...

Dolby Digital
14-05-2003, 08:12 PM
I have a 486 running Smoothwall which is a firewall/gateway. I use it because I have a network of pc's and the gateway (to the internet) pc runs the firewall software. If you wanted to use your "old" pc as a second machine/games pc, then you would probably use the grunter pc as the gateway and firewall (running Windows).

Mike
14-05-2003, 08:16 PM
>> and use the money to purchase Zone Alarm Pro Zone labs
>>
>> This is still the best PC based Firewall (which is all most home users >> need) and is very easy to setup and use.

<KOFF> It's what???

Mike.

Mike
14-05-2003, 08:19 PM
> The point is that host-based firewalls are far inferior to independant
> firewalls because they are flawed by design.

How so?

Mike.

whetu
14-05-2003, 09:10 PM
hehe you didnt read into the analogy very well... here's a copy and paste from the smoothwall documentation:

Q. What is a firewall?
A. A firewall is simply a system designed to prevent any unauthorised access to (or from) a private network of computer systems. This access control can be implemented by a hardware or software solution, or, as
is often the case, a combination of both. Firewalls are frequently used to prevent access to a private network such as, for example, your company Intranet - from unauthorised Internet users. All information (in the form of network traffic) entering or leaving such a private network passes first through the firewall, which examines the nature of this information, and depending on the rules that are part of the configuration of the firewall, allows this network traffic to either pass
unimpeded, or to block it from going any further. As you might well expect, there are many different methods in which this overall goal can be achieved. SmoothWall has been designed as a packet level filter -
that is, each and every packet of network traffic that passes through a SmoothWall firewall is inspected and is then either permitted to continue onwards, or is denied.

Q. Why do I need a firewall?
A. Well, you don't have to have one. You don't have to have a lock on your front door either. Firewalls offer a level of protection from other would be unauthorised users of your network. There are a lot of people using the Internet these days, and some of them have no qualms about trying to get into your machine. If you don't want them there, you have two choices: a firewall or no connection to the Internet.

Q. How is SmoothWall different from other firewalls?
A. Some firewalls are software firewalls. They reside on the machine that is connected to the Internet, and act as a filter for information going in and out. The major drawback to a software firewall is that they have
already connected to your box. It is like the difference between locking your front door, and locking your jewellery box. (nb. thats where I heard it! I remember now) Both are meant to keep your jewels
safe, but one is obviously more effective. A hardware firewall (like a machine running SmoothWall) is between your network and the Internet.
It forces anyone who wants to break in to have to go through an extra machine. The more work you make them do, the less likely they are going to want to spend the time on you. After all, the person down the street
isn't protected at all. They are an easier target.

Chilling_Silently
15-05-2003, 10:04 AM
Marshall and Whute summed up what I was gonna say..

They've already connected to your PC and so they know its there... if its hidden hehind another layer, then they might not!

For home use.. a software-based one would suffice, but for any business - they should be able to at least afford an ol' 486 from TradeMe to put smoothwall on!