Spi Firewall

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Author Message
llmercll
DD-WRT Novice


Joined: 24 Nov 2008
Posts: 6

PostPosted: Mon Nov 24, 2008 8:49    Post subject: Spi Firewall Reply with quote
I was wondering how powerful the dd-wrt firewall is.

is it strong enough to serve as my main firewall or should i also install a third party firewall? like nod32 or kaspersky?
Sponsor
ad5mb
DD-WRT User


Joined: 12 Oct 2008
Posts: 386

PostPosted: Mon Nov 24, 2008 12:11    Post subject: Reply with quote
the SPI firewall protects your NETWORK

the PC firewall protects your COMPUTER

SPI firewall won't let intruders in. It lets in what you invite in by clicking links.

PC firewall prevents malicious activity by those you invited in. Hopefully. With luck.
llmercll
DD-WRT Novice


Joined: 24 Nov 2008
Posts: 6

PostPosted: Mon Nov 24, 2008 14:18    Post subject: Reply with quote
ad5mb wrote:
the SPI firewall protects your NETWORK

the PC firewall protects your COMPUTER

SPI firewall won't let intruders in. It lets in what you invite in by clicking links.

PC firewall prevents malicious activity by those you invited in. Hopefully. With luck.


So the spi firewall only protects me from hackers or something? that i would have no control of otherwise


I wouldn't "invite" anyone i didn't know into my computer so i guess im alright with only the spi firewall then?
Kingdomcome
DD-WRT User


Joined: 24 Dec 2006
Posts: 134

PostPosted: Mon Nov 24, 2008 15:20    Post subject: Reply with quote
The SPI firewall will keep hackers who are randomly trying IPs out. But keep in mind, when you go to a web page, any web page, you have invited them in. Thats where the firewall on your PC takes over.
_________________
DummyPLUG
DD-WRT User


Joined: 09 Jun 2006
Posts: 146

PostPosted: Mon Nov 24, 2008 15:22    Post subject: Reply with quote
Hardware Firewall

A good hardware firewall will have both NAT and SPI. NAT is Network Address Translation. SPI is Stateful Packet Inspection. NAT changes the IP Address of your computer from a public one to a private one. NAT will also hide the “ports” your computer uses to communicate over the Internet. This takes your computer out of the public view and makes it harder for hackers to find your computer. SPI inspects each bit of information that your computer receives from the Internet to insure that it is addressed to your computer. Hackers and Worms will send out general broadcasts and see if they can get someone to respond. Once they respond, the hacker or Worm will know how to reach your computer. Nat and SPI protect you from these types of attacks. It is very important for someone with an always-on (DSL or Cable) connection to have one of these.

Software Firewall

Software firewalls have improved over time to become almost as good as a hardware firewall. A software firewall does not usually have a NAT interface. However, a good software firewall will have SPI and will hide your ports from the Internet. To do this it will also prevent you from sharing files and printers on your network. If you have two or more computers and share files between them, it is hard to setup a software firewall, not only protect you from the Internet, but to allow you to share files and printers. Windows XP® does have a software firewall included. Windows XP® software firewall does not have SPI, but can be configured easily for file and print sharing. I should also mention that setting up gaming with a firewall is not always easy. You do have to open ports that will remain open after you have finished gaming. This does leave you open for hackers.
mac913
DD-WRT Guru


Joined: 02 May 2008
Posts: 693
Location: Canada

PostPosted: Mon Nov 24, 2008 16:54    Post subject: Reply with quote
Good post PLUG. I would add that anyone needing to leave ports open for special services should use VPN connections to protect their network from hackers.
_________________
Wired GigaBit Backbone
Linksys E3000 K2.6 KONG-VPN 22200++ Gateway
Linksys E2000 (OC 500Mhz) K2.6 KONG-VPN 21661 VPN-Gateway
Linksys E2000 (OC 500Mhz) K2.6 KONG-VPN 20575 NG-Mixed AP + VAPs
llmercll
DD-WRT Novice


Joined: 24 Nov 2008
Posts: 6

PostPosted: Tue Nov 25, 2008 3:52    Post subject: Reply with quote
DummyPLUG wrote:
Hardware Firewall

A good hardware firewall will have both NAT and SPI. NAT is Network Address Translation. SPI is Stateful Packet Inspection. NAT changes the IP Address of your computer from a public one to a private one. NAT will also hide the “ports” your computer uses to communicate over the Internet. This takes your computer out of the public view and makes it harder for hackers to find your computer. SPI inspects each bit of information that your computer receives from the Internet to insure that it is addressed to your computer. Hackers and Worms will send out general broadcasts and see if they can get someone to respond. Once they respond, the hacker or Worm will know how to reach your computer. Nat and SPI protect you from these types of attacks. It is very important for someone with an always-on (DSL or Cable) connection to have one of these.

Software Firewall

Software firewalls have improved over time to become almost as good as a hardware firewall. A software firewall does not usually have a NAT interface. However, a good software firewall will have SPI and will hide your ports from the Internet. To do this it will also prevent you from sharing files and printers on your network. If you have two or more computers and share files between them, it is hard to setup a software firewall, not only protect you from the Internet, but to allow you to share files and printers. Windows XP® does have a software firewall included. Windows XP® software firewall does not have SPI, but can be configured easily for file and print sharing. I should also mention that setting up gaming with a firewall is not always easy. You do have to open ports that will remain open after you have finished gaming. This does leave you open for hackers.


thanks for the info!! I don't think dd-wrt has nat though, i only see spi...

does this mean i should get a pc firewall? you seem to know your stuff, what do you recommend?

id really like to to avoid isntalling another firewall, but it leaves me significantly more vulnerable...
llmercll
DD-WRT Novice


Joined: 24 Nov 2008
Posts: 6

PostPosted: Thu Nov 27, 2008 15:27    Post subject: Reply with quote
i just found a tab in my ui, it says NAT/QoS, does that mean my router has NAT fireall as well as spi firewall? i am using the newest ddwrt

In other words im golden? no need for software?
soulstace
DD-WRT Guru


Joined: 04 Aug 2007
Posts: 6427

PostPosted: Fri Nov 28, 2008 2:57    Post subject: Reply with quote
By default, DD-WRT will do NAT between WAN and LAN.

NAT is not really a firewall, or shall I say firewall is not the intended purpose of NAT. Security is just an inherent side effect of the technology.

If your PC gets infected, hardware firewall probably won't do any good. Software firewall is more useful for blocking outbound traffic, which dd-wrt does NOT do by default.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum