On Sun, Feb 24, 2008 at 06:31:08AM -0500, Haines Brown wrote: > I hope I may be allowed to expand a bit on the OP's question. > > What are the advantages of a hardware firewall over a firewall built > into a router? > > Can one use both, or should the firewall in a router be disabled if there > is a hardware firewall? > > If the OP finds that he has a firewall in his router, would there be any > reason for him to install a software firewall such as shorewall? >
I suppose one answer would be to consider if that router box is based on a unix-like OS; it may even be based on Linux. Look at the number of linux kernel updates there have been since Etch came out that addressed a remote exploit. When last was the kernel on that router updated? You may want some configuration that you can't do with the router's firewall software. Can you do bandwith limiting based on protocol (traffic shaping) from the router's config? This can be handy so that downloads don't prevent snappy web browsing. How do you know if the router's firewall has be breached? Are you able to run intrustion detection on the box from your network? I'd only disable the router's firewall if I needed a port open that it wouldn't let me open. Even if it is imperfect, it still represents a first line of defense that an attacker has to get past before they can start to work on your own firewall box. Doug. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
