Overclock.net › Forums › Software, Programming and Coding › Networking & Security › do I need a stand alone firewall if my anti-virus has one
New Posts  All Forums:Forum Nav:

do I need a stand alone firewall if my anti-virus has one

post #1 of 14
Thread Starter 
title pretty much says it all.
post #2 of 14
i would not worry about it, what AV are you using?
    
CPUMotherboardGraphicsRAM
Intel Corei5 2500k @ 5ghz - 1.52v ASRock Fatal1ty P67 Professional 2x XFX 6970 2GB XFire and 1x Nvidia EVGA GT430 G.Skill Ripjaw 8gb (2x4gb) 1600mhz DDR3 
Hard DriveOptical DriveOSMonitor
Samsung 840 Pro 512GB Lite-On DVD /CD Burner & Lite-On Blu-Ray Windows 7 Home Premium - 64 Bit 27" 3D Samsung S27A950D + 24" Samsung 2493HM 
KeyboardPowerCaseMouse
Ducky 1087 (w/ WASD blank white keycaps) PC Power and Cooling Silencer Mk II 950W Silverstone Raven-02 Razer Mamba 
Mouse PadAudioAudio
Ratpadz GS HiFiMan HE-300 Headphones HiFiMan HE-300 Headphones 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Intel Corei5 2500k @ 5ghz - 1.52v ASRock Fatal1ty P67 Professional 2x XFX 6970 2GB XFire and 1x Nvidia EVGA GT430 G.Skill Ripjaw 8gb (2x4gb) 1600mhz DDR3 
Hard DriveOptical DriveOSMonitor
Samsung 840 Pro 512GB Lite-On DVD /CD Burner & Lite-On Blu-Ray Windows 7 Home Premium - 64 Bit 27" 3D Samsung S27A950D + 24" Samsung 2493HM 
KeyboardPowerCaseMouse
Ducky 1087 (w/ WASD blank white keycaps) PC Power and Cooling Silencer Mk II 950W Silverstone Raven-02 Razer Mamba 
Mouse PadAudioAudio
Ratpadz GS HiFiMan HE-300 Headphones HiFiMan HE-300 Headphones 
  hide details  
Reply
post #3 of 14
Thread Starter 
Well I better be prepared for flaming after this one, but after checking a site that test AV's I'm using the Norton suite v5 which scored the highest compared to any of the other free options for me. I have Comcast which provides a Norton subscription.
post #4 of 14
Quote:
Originally Posted by rocky11111 View Post
Well I better be prepared for flaming after this one, but after checking a site that test AV's I'm using the Norton suite v5 which scored the highest compared to any of the other free options for me. I have Comcast which provides a Norton subscription.

Norton has a good firewall, you should be fine.
First Build :)
(19 items)
 
  
CPUMotherboardGraphicsRAM
Intel 2500K Asus Maximus IV Extreme-Z EVGA GTX 580 Mushkin Blackline 
Hard DriveHard DriveOptical DriveCooling
Samsung Spinpoint F3 Lacie  Lite-On iHAS424-98 Corsair H100 
OSMonitorMonitorMonitor
Windows 7 Home Premium 64 Bit BenQ 2420T Samsung Syncmaster 19in 910T Samsung Syncmaster 19in 910T 
KeyboardPowerCaseMouse
Corsair K60 Corsair AX850 Cooler Master HAF X Logitech G500 
Mouse PadAudioAudio
XTRAC PADS Ripper Creative X-Fi Titanium HD  Sennheiser PC360 
  hide details  
Reply
First Build :)
(19 items)
 
  
CPUMotherboardGraphicsRAM
Intel 2500K Asus Maximus IV Extreme-Z EVGA GTX 580 Mushkin Blackline 
Hard DriveHard DriveOptical DriveCooling
Samsung Spinpoint F3 Lacie  Lite-On iHAS424-98 Corsair H100 
OSMonitorMonitorMonitor
Windows 7 Home Premium 64 Bit BenQ 2420T Samsung Syncmaster 19in 910T Samsung Syncmaster 19in 910T 
KeyboardPowerCaseMouse
Corsair K60 Corsair AX850 Cooler Master HAF X Logitech G500 
Mouse PadAudioAudio
XTRAC PADS Ripper Creative X-Fi Titanium HD  Sennheiser PC360 
  hide details  
Reply
post #5 of 14
Thread Starter 
Alright, thank you.
post #6 of 14
firewall is as only as good as its security policy
post #7 of 14
Thread Starter 
Quote:
Originally Posted by Spooony View Post
firewall is as only as good as its security policy
What do you mean by that exactly? Just wondering as I don't quite understand if your getting at anything... or just making a statement. XD
post #8 of 14
Quote:
Originally Posted by rocky11111 View Post
What do you mean by that exactly? Just wondering as I don't quite understand if your getting at anything... or just making a statement. XD
paid or free or one with 20million features no difference. what makes a firewall secure is what the user decide to let thru and not.
post #9 of 14
Thread Starter 
Quote:
Originally Posted by Spooony View Post
paid or free or one with 20million features no difference. what makes a firewall secure is what the user decide to let thru and not.

To be frank, I don't care about features. I'm clueless as to what a good "feature" in a firewall would be anyways, things build a reputation, or people create an opinion and that was what I wanted to know.
post #10 of 14
Quote:
Originally Posted by rocky11111 View Post
To be frank, I don't care about features. I'm clueless as to what a good "feature" in a firewall would be anyways, things build a reputation, or people create an opinion and that was what I wanted to know.
It is still govern by a rule set which you decide if its safe or not. Some have better reputation out of the box than other but it doesn't make em better.
You question was already answered just for interest sake setting it. You can test your firewall here
Shields UP!
PCFlank
Sygate Online Scan
HackerWhacker

for svchost
C:\\WINDOWS\\System32\\Svchost.exe
Allow access for DNS and DHCP protocols in order to connect to the Internet (required).
Allow access for NTP (to time.windows.com, time.nist.gov) for clock synchronisation (optional);
Allow access for HTTP, HTTPS (to *.microsoft.com) to access online Windows Help (optional).
Block access if any is requested for the RPC protocol to any address (a good indication of a compromised system) and for SSDP/UPnP (Universal Plug and Play) unless you are sure that you need it.
Block access for any other incoming traffic (known as Server access in ZoneAlarm or Sygate) - this is to prevent Windows Messenger spam which targets svchost.

Do not allow any network access to files named svchost.exe in other folders - they are likely to be malware

Dhcp client
Service Name: Dhcp
Process Name: svchost.exe -k netsvcs
Microsoft Service Description: Manages network configuration by registering and updating IP addresses and DNS names
(This is how your computer gets a Dynamic IP address so you can connect to the internet. If Internet Connection Sharing is enabled, you need DHCP Client. Also required for most DSL/Cable connections.)

UDP Ports 67:68

Allow UDP Local port 68 Remote port 67

DNS Client
Service Name: DNS
Process Name: svchost.exe -k NetworkService
Microsoft Service Description: Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
(With this service enabled, svchost will perform all the DNS lookups, if disabled, then any program that requires this service will perform this itself.)

UDP Port 53

Allow UDP Remote port 53

Windows Time Service
Service Name: W32Time
Process Name: svchost.exe -k Netsvcs
Microsoft Service Description: Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
(If you like to synchronize your PC clock to a time server, this is one way to go)

UDP Port 123

Allow UDP Remote port 123 (time.windows.com)

Help and Support Service
Service Name: helpsvc
Process Name: svchost.exe
Microsoft Service Description: Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
(some like this service, and its ability to connect out to microsoft for help, but please note, this does not need to connect to the internet to work correctly, and is optional)

TCP outbound, Ports 80:443

Allow TCP (outbound connection): Local ports 1024-4999: Remote Ports 80:443


Remote Procedure Call (RPC) Locator Service
Service Name: RpcLocator
Process Name: locator.exe
Microsoft Service Description: Manages the RPC name service database.
(When searching for RPC Services on the network a Windows RPC client will connect to the domain controller over TCP port 139/445 (the SMB ports) and search for services/servers through the "locator" named pipe. The need for this on an home PC I have yet to find, as mentioned, best to block this.)

SSDP Discovery Service (UPnP)
Service Name: SSDPSRV
Process Name: svchost.exe -k LocalService
Microsoft Service Description: Enables discovery of UPnP devices on your home network.
(This is NOT the Plug`n`play as you may at first think, this is used for finding external devices. Example is a Router which can be UPnP, applications can, by using UPnP open inbound ports (port forward), this was possibly a good idea for ease of use, but can also be used by Trojans etc)

[Signs of SSDP/UPnP activity: svchost will attempt to send UDP out to remote IP 239.255.255.250 remote port 1900 and will attempt to listen on local port 1900 (as well as listen on localhost(127.0.0.1:1900))]

HTTP (HyperText Transfer Protocol)
This is the basic connection made by your browser (http(remote port 80)) when connecting to the internet. There is some confusion at times due to the way the PC uses Local posts, as the PC will use local ports somewhere between 1024-5000 when connecting out, so a typical firewall rule for HTTP could be:-

Allow outbound TCP local ports 1024-5000 remote port 80

HTTPS
This is basically the same as HTTP but uses encryption on connection, and connects to remote port 443.
Once again the local ports used can be between 1024-5000, so a typical firewall rule for HTTPS could be:-

Allow outbound TCP local ports 1024-5000 remote port 443

FTP (File Transfer Protocol)
This is a commonly used protocol for exchanging files over any network, to connect out this protocol will connect to remote port 21

Allow outbound TCP local ports 1024-5000 remote port 21

FTP uses 2 ways of connection, one known as "Active FTP" and one as "Passive FTP", I will not go into a full explanation of this at this time, I just feel that "a need to know" that when connecting via FTP other remote ports can be asked for, with the dreaded popup from the firewall, or if the firewall as a "block all rule" at the end of the ruleset, a "The connection was reset" page..
So at this time I will just say, that, when an FTP connection is made, some firewalls will allow these other ports to be used, but some will require an extra rule for the "Passive" connection

Possible extra rule:
Allow outbound TCP local ports 1024-65535 remote ports 1024-65535

POP3 (Post Office Protocol 3)
This is the most recent version of a standard protocol for receiving e-mail. POP3 is a client/server protocol in which e-mail is received and held for you by your Internet server. Periodically, you (or your client e-mail receiver) check your mail-box on the server and download any mail, probably using POP3. This standard protocol is built into most popular e-mail products, such as Eudora and Outlook Express.

Allow outbound TCP local ports 1024-5000 remote port 110

MAP (Interactive Mail Access Protocol)
This is another way that e-mails are collected, but as more advanced options for access/retrieval.
(a more detailed explanation will be given later)

Allow outbound TCP local ports 1024-5000 remote port 143

SMTP (Simple Mail Transfer Protocol)
This is a protocol for sending e-mail messages between servers. Most e-mail systems that send mail over the Internet use SMTP to send messages from one server to another; the messages can then be retrieved with an e-mail client using either POP or IMAP. In addition, SMTP is generally used to send messages from a mail client to a mail server. This is why you need to specify both the POP or IMAP server and the SMTP server when you configure your e-mail application.

Some basic stuff to help you
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › do I need a stand alone firewall if my anti-virus has one