I’ve long held that most people need to seriously think, if only for a couple of minutes, about one of their most basic internet security issues (beyond simply not being stupid *heh*): their firewalls. Yes, plural. Most people access the internet via a Windows computer*, and most people simply use a built-in Windows firewall at its default setting. Some unwittingly purchase (or have purchased for them) a router that has firewall capabilities as well.
But.
Most Windows users are still using the less-than-capable Windows XP software firewall, and I’ve found that many folks who have a router with NAT or even SPI capabilities either don’t have those capabilities fully enabled or, even worse, still have the factory default password unchanged.
Bad.
If you or someone you know is still using WinXP’s software firewall,please change that to a more capable software firewall solution. The free Comodo Firewall is pretty good. If you have Win7 installed, the choice is not as clearcut. More on that later.
NAT (Network Address Translation) and SPI (Stateful Packet Inspection) firewalls built into most modern routers are easy-peasy to enable, and using them/not using them is a no-brainer. Even folks who only have one computer connecting to a broadband connection should have a NAT/SPI firewall-capable router installed between them and the internet.
Now, Win7 and firewalls. I’m certainly not averse to upgrading to a more robust firewall than the one included in Win7, but Steve Gibson’s Shields Up! utility says that combined with a NAT/SPI hardware firewall, it’s pretty darned good:
Of course, Gibson’s utility only tests the first 1056 ports, but he gives his reasoning for that, and it seems to make some sense, at least. Still, no previous Windows firewall/router firewall combo in the past has achieved he result noted above before now, so one might be relatively safe with a Win7 firewall/NAT/SPI firewall combo.
I will say that every computer I’ve had running Linux or BSD (usually just using the default firewall rules found in most distros) has returned a “stealth” notice from Gibson’s site. Heck almost all hardware routers use some ‘nix variant as their operating systems, anyway.