i have a built-in fire wall would be best too have two?

Question

and will it slow my compter down?

Answer 1

Me!..

Ummm... A little hard to say with any real certainity without more specific information.. However I am going to assume you are a home user with 1 PC using WinXp and on a ADSL broadband conenction to the internet.

To begin with YES it a lot better to implement what is known as a Dual Firewall topology, but not in the sense of installing and running 2 seperate Firewalls on the same system.... - This will as people have aleady commented on, cause severe problems....

Implementing a good secure Dual Firewall can be very expensive and generally only for corperate companies. The use of two firewalls still allows the organization to offer services to Internet users through the use of a DMZ, but provides an added layer of protection. It's very common for security architects to implement this scheme using firewall technology from two different vendors. This provides an added level of security in the event a malicious individual discovers a software-specific exploitable vulnerability.

Higher-end firewalls allow for some variations on these themes as well. While basic firewall models often have a three-interface limit, higher-end firewalls allow a large number of physical and virtual interfaces. For example, the Sidewinder G2 firewall from Secure Computing allows up to 20 physical interfaces.

All a bit confusing DON'T WORRY.... There is a work around for home users with a single PC whilst still implementing a simplestic Dual Firewall Topology.

The Solution: Firsty DON'T use windows firewall - Why? Like MB has said it should be noted that Windows Firewall is not as secure as MS would want you to believe since it does half the job a commercial firewall would do; which is to block both incoming and outgoing traffic. Windows Firewall only blocks or patrols incoming traffic and it can be easily turned off by another application, possibly a worm.

So buy a commerical Firewall like:-
BlackICE - Which was the first mainstream personal firewall software product and remains an all-around top choice. Its high-quality user interface, logging capability, and support for auto-blocking of traffic from specific network addresses are great features for beginners and more advanced networkers alike.

Sygate Personal Firewall - This software offers solid network protection, activity logging, and automatic email notifications and is free for personal use, but the Pro version costs.

ZoneAlarm - Provides a free download. The Pro edition adds email attachment protection similar to that offered by antivirus software, password protection, and ICS/NAT support. Though it can run in Stealth Mode, making your PC literally "invisible" on the Internet, it does not have some of the more advanced personal firewall controls.

Norton Personal Firewall - The software is solid and from a reputable company. But doesn't offer a free trial version and some claim that Norton's graphic interface isn't as easy to use as some other products.

TINY Personal Firewall - A relative newcomer but fast becoming an established technology. It boasts a low memory usage (small "footprint") on installed systems (unlike Norton or ZoneAlarm). It also contains an interesting time-based rule feature, where packet filters can be set to operate only at certain times of day. Interestingly the U.S. Air Force chose this product as standard firewall software for its desktop computers. There is a free personal version for home users.

McAfee Personal Firewall - It is generally sold on a one-year subscription basis rather than on one-time purchase, a feature that may appeal to some, but no free trial exists. McAfee also possesses a comparatively small footprint and a central "Control Panel" style of user interface. Product updates occur "live" over the Internet, but it does not support Windows ICS networks or the IIS Web server (Of which you won't be using so no problems there).

Cost... well by and large they are all roughly the same price...

Secondly - Instead of using a ADSL (i.e Broadband modem) only. Go and purchase a Router which has a ADSL modem built in. That way you'll be able to ulitlise the routers built NAT and firewall feature like SPI (Stateful Packet Inspection).... Whats this all about?

Well basically - This type of firewall provides a high level of security by examining not just the header information but also the contents of each packet up through the application layer. Dynamic "state tables" are used to monitor and maintain information about previous packets for subsequent security decisions. SPI firewalls prevent port scanning by closing off ports until connection to a specific port is requested. This feature provides a solution that is extremely secure for any network with highly sensitive information.

In summary - Using a ADSL Router (e.g. A Belkin ADSL Modem With Built-In 11g Wireless Router Part # F5D7630uk4A) would provide you access to broadband interent with wireless/wired connection, but also the NAT SPI firewall... Then by installing a commercial firewall on your system, you have achived a basic 2 layer (dual) Firewall, which is a lot more secure than using a sinlgle commerical 1. If you use it with a commerical Firewall that has small foot print (i.e. 1 that doen't use to many resoruces) like McAfee or TINY then there would None to hardly any drop in the PC's performance.

You could get away with only using the Router as the Firewall but ensure the Firmware is up to date, and again you are back to a single firewall topolgy.

My advice for about £80 (cost of the Belkin router) and use Tiny Personnel Firewall (which is FREE for home users) you have a basic, but very good Dual Firewall...

Hope this has helped

DM

MCP MCSA MCSE+S BIT

Answer 2

When you say you have a "built-in firewall", do you mean in a router, or the one that's built into Windows?

I have a hardware firewall (built into the router) and I also use a software firewall (Kaspersky). They run together with no apparent problems. Prior to using the Kaspersky firewall, I used to use ZoneAlarm. Again, there were no apparent problems.

As others have already stated, the one bundled with Windows XP is generally deemed a weak one. If that's the one that you're referring to, I would install another one (ZoneAlarm offer a free one, as do other companies) and disable the Windows one.

I suppose that, theoretically, there would be some slowing down of internet operations, but I can't say that I've noticed any.

Answer 3

No!

Having two firewalls will cause you problems. They are likely to conflict with each other.

Windows built in firewall is generally considered to be weak because it only "examines" incoming traffic, not outbound. You might want to consider something like Zonealarm (free) and disable the Windows firewall.

Answer 4

I use two all the time since I don't trust the provided one even though it is the best around.

Think about it?
P.C. or Mac you are working away on Anwers and your manufacturer breaks in to down load software.
He has got through two firewalls and a locked system.
If they can do it so can someone else in the know.

I also use the five year old setting on my Net Barrier.

Answer 5

It would be more of a problem than a benefit. the 2 programs could clash. One good firewall is enough

Answer 6

i would recomend not to.....i am a technician and the problem with 2 is that they just get confused with each other and beleive it or not they can miss some viruses as one thinks the other one will track it vice verser its easier and safer to just have the 1!!!!!

Answer 7

You only need one firewall.

Answer 8

No, they can confict each other causing problems.

Answer 9

They can conflict and cause problems.

Answer 10

how bigs the fire