InterviewSolution
Saved Bookmarks
InterviewSolution
| 1. |
Solve : Can you setup a firewall (Hardware) on a single computer?? |
|
Answer» Quote from: cjones link=topic=75845.msg496285#msg496285 you would need to run a wireless Access Point also.You say "you would need to run a wireless Access Point also" because that router he mentioned is a wired router, right? If he gets a wireless router, then the wireless Access Point is not needed. Why buy two devices when one will suffice? Quote from: soybean on January 31, 2009, 07:27:36 PM You say "you would need to run a wireless Access Point also" because that router he mentioned is a wired router, right? If he gets a wireless router, then the wireless Access Point is not needed. Why buy two devices when one will suffice? because he wanted a hardware firewall + wireless and linksys does not have a combo one as far as i know. another company may but i don't know of one because i use linksys exclusively in home installations (i know there quality and never needed to warranty one out). i've solved a number of network problems by switching out D-Link and Netgear products with Linksys because the others were bad (BTW they were less than a one MONTH - six months old).My point is that the router provides firewall protection. THEREFORE, a separate hardware firewall is, IMO, not necessary. I believe nearly all routers provide firewall From http://www.linksysbycisco.com/US/en/products/WRT54GL: Security Features: # Stateful Packet Inspection (SPI) Firewall, Internet Policy # Wireless Security: Wi-Fi Protected Access™2 (WPA2), WEP, Wireless MAC Filtering And, of course, that can be combined with a software firewall for even better protection. From http://www.firewallguide.com/faq.htm: "What is the difference between a router with firewall features and a hardware firewall? Features and price. Lower cost products provide a DHCP server, PAT/NAT services, 1-8 physical ports to network computers and/or wireless service. NAT hides your computer(s) from the Internet which makes it a simple but effective firewall. Higher cost products, but still under $200, provide additional features like built-in stateful packet inspection (SPI), support for Virtual Private Networking (VPN), Public Key Infrastructure (PKI), content filters, anti-virus protection, and more." Quote from: cjones on February 01, 2009, 01:17:52 AM Hmm, I've been using D-Link routers since Jan 2002, first a DI-604 and now a DI-524 (wireless), and they definitely provide hardware firewall protection. So, again, I don't see the need for two devices. A wireless router should suffice. Ditto.well my experiences with D-Link are different. Stateful Packet Inspection (SPI) Firewalls can be spoofed. where as the model i listed has anti spoofing and other technologies. also, a person should always use a software/personal firewall wether or not he has a hardware one.Quote And, of course, that can be combined with a software firewall for even better protection.Quote from: cjones on January 31, 2009, 06:20:40 PM you may be able to get away with 'do not broadcast' on your network as well. Security through obscurity is buffoonery.Quote from: BC_Programmer on February 01, 2009, 06:15:45 PM Quote from: cjones on January 31, 2009, 06:20:40 PMyou may be able to get away with 'do not broadcast' on your network as well. that's why it's in addition too...if they don't know you're there, they can't break in. i'm sure you're aware that some criminals cruise through areas looking for wireless networks. if your system isn't broadcasting then they won't be able to pick it up.Quote from: cjones on February 01, 2009, 07:34:41 PM Quote from: BC_Programmer on February 01, 2009, 06:15:45 PMQuote from: cjones on January 31, 2009, 06:20:40 PMyou may be able to get away with 'do not broadcast' on your network as well. So when it comes to a firewall, go all out with hardware and software firewalls, but as far as wireless authentication is concerned, leave it completely open? SSID broadcasting is only the easiest way to find an access point. especially in the case of unencrypted wifi, their are tools that can simply analyze airborne traffic and determine SSID names in the area- since each networked device needs to know it. simply using that SSID in a connection request will yield success. EDIT: additionally- with the implementation of WPA or WPA2 it's kind of pointless to hide the SSID.Quote from: BC_Programmer on February 01, 2009, 08:33:37 PM Quote from: cjones on February 01, 2009, 07:34:41 PMQuote from: BC_Programmer on February 01, 2009, 06:15:45 PMQuote from: cjones on January 31, 2009, 06:20:40 PMyou may be able to get away with 'do not broadcast' on your network as well. did you even read my reply #14? apparently NOT. so here it is again Quote from: cjones on January 31, 2009, 06:20:40 PM change the 'network name/SSID' where in here did i ever say to ONLY hide the SSID and put no other security in place? i don't see it. Quote from: BC_Programmer on February 01, 2009, 08:33:37 PM EDIT: additionally- with the implementation of WPA or WPA2 it's kind of pointless to hide the SSID. perhaps but just like a car alarm won't stop a professional thief it usually stops the amatures.Quote from: cjones on February 01, 2009, 11:10:16 PM perhaps but just like a car alarm won't stop a professional thief it usually stops the amatures. Hmmm. Deleted his account. Oh well- I would suspect amateurs would likely be stopped by WPA/WPA2 as well. |
|