Using a software firewall and hardware firewall in tandem, Part 3

• by Dennis Faas on 20030128 @ 12:32AM EST | google it | send to friends
• Filed under Security | (related terms: pc, router, internet connection, hardware firewall desktop, protected)

Last week's question was about using a hardware and software firewall in tandem, and whether or not a [Laptop] PC would be protected through a firewall if it was daisy-chained to another [Desktop] PC which used a software firewall.

Yes -- this is a very technical question, but certainly very worth-while to know the answer to. Here is what the connection might look like if it was daisy chained:

Internet connection -> Router, 1 port [hardware firewall] -> Desktop PC [software firewall] -> Laptop [no firewall: is it protected from the Desktop PC's software firewall?]

This type of daisy-chained connection varies from a more common setup, where all PCs are connected to a Router and operate their own software firewalls:

Internet connection -> Router, 2+ ports [hardware firewall] -> Desktop PC [+software firewall] AND Laptop PC [+software firewall]

I didn't know the answer to this, so I asked Gazette Readers to send me their thoughts. The consensus from readers is that all PCs must use a software firewall. Bill V. summed it up very nicely:

" Firewall software only protects the OS it is installed in. An ethernet card draws from the external server [TCP/IP] independently, whether on not through a hub or router. "

And, Matthew T. had some very good points:

" I would suggest that in either of the configurations described in the newsletter, a software firewall on both his PC and his Laptop should be used. There are a number of reasons as to why I have come to this conclusion:

1. If he receives a virus onto his laptop or PC which propagates through network shares (or other LAN measures), a software firewall should provide some protection against it. ZoneAlarm is a very good free personal firewall that asks you if you would like to allow or deny ANY traffic that flows in and out of your computer.
    
2. Like you mentioned in your newsletter it would add an extra layer of protection against a badly configured router. Again, in either of these configurations described above a software firewall would be a good idea. If a hacker manages to penetrate your router, he or she then has to get past you software firewall before they can access your PC or Laptop.
    
3. Most personal software firewalls are free! You really have no excuses not to use one! "

Those were some good points made.

Trojans and Viruses can propagate on any PC regardless of Internet connection. If a software firewall like ZoneAlarm isn't telling you what programs are attempting to access the network, then there is no way of truly knowing if you are protected.