1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Firewalls and routers, huh?

Discussion in 'Virus & Other Malware Removal' started by onlykims, Sep 15, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. onlykims

    onlykims Thread Starter

    Joined:
    Aug 14, 2003
    Messages:
    104
    I am a little embarrassed to admit this, but I seem to have a fundamental flaw in my thought processes. I don't see the need for a firewall, or purpose, if you are behind a router, but I believe that thought to be incorrect at the same time. I'm really hoping that some kind, knowledgeable soul will inform me what exactly a firewall does that a router does not. I'm currently studying networking and security so it's just a little important that I have a good grasp of this. :) I really appreciate the help and apologize if this post should have been placed elsewhere (I did look). This site is terrific and I wouldn't want to...well, you know. :)
    Kim
     
  2. doggard

    doggard

    Joined:
    Oct 18, 2002
    Messages:
    730
    At a very basic level routers do what they are designed to do they pass packets of data up and down stream from A to Z without restriction whilst a firewall censors what data goes in,what data comes out and which ports are used.

    So one would be an open house and the other house would have locks on the inside and outside of the front door.
     
  3. onlykims

    onlykims Thread Starter

    Joined:
    Aug 14, 2003
    Messages:
    104
    Ah, and this "inspection" of the packets obviously comes in varying degrees depending on product, correct? Pardon the ignorance on the topic, I'm just starting to look at the securities. It would appear that I've been a sitting duck..... :(
    Kim
     
  4. doggard

    doggard

    Joined:
    Oct 18, 2002
    Messages:
    730
    Its like having a doorman if you not dressed right your not coming in ;)
    How Routers Work
    How Firewalls Work

    You can have hardware or software firewalls the former being better as they are on dedicated pieces of hardware and less open to compromise.Examples are:

    Software firewall
    Zonealarm
    Sygate


    Hardware firewalls
    Clark connect
    Smoothwall

    The later two are freeware downloads which you can install on an old PC like a 486 and use on your home network.
     
  5. onlykims

    onlykims Thread Starter

    Joined:
    Aug 14, 2003
    Messages:
    104
    Thank you so much for the links. :) Does Sygate play nicer than ZA (which refuses to run on my machine)? If routers don't protect "well enough", why do tests (ShieldsUp) continually come back "stealth"? I always 'thought' that meant you were "safe"?
     
  6. doggard

    doggard

    Joined:
    Oct 18, 2002
    Messages:
    730
    Your probably behind a NAT [Network Address Translation ] which provides some form of protection but not from packets going out.
    Outpost and Sygate both offer freeware versions for home use if Zonealarm is unsuitable for your system.BTW some peeps have found an older version of Zonealarm seems to work better for them than the newer edition.
     
  7. winchester73

    winchester73

    Joined:
    Aug 18, 2003
    Messages:
    2,438
    My two cents ... ;)

    I have a Linksys 4 port router, with the built-in NAT firewall ... the built-in NAT does nothing regarding outbound traffic ...

    I run ZoneAlarm Pro on one box, and Sygate Personal on the other two. The ZA box is the one that I use for sensitive information, hence the "higher" level of protection.

    IMO, a software firewall MUST be used if there is no NAT Router installed on the ADSL or Cable Modem connection, and also if you are behind a wireless NAT/router.

    The basic task of a NAT router is to block incoming connection attempts. Putting it as your interface to the Internet will protect you from simple incoming connection attempts (and also unsolicited UDP).

    Behind a NAT router you should see NO incoming connections, unsolicited or not, unless you start opening ports.

    On a residential ADSL or cable modem, the use of a simple NAT router is probably sufficient, especially if you practice other safe computing habits. I would think as a minimum that a NAT router should be installed on any ADSL or Cable Modem connection.

    If your NAT router is completely stealthed, you don't open up any ports to be visible to the Internet, and your IP address assignment is dynamic (and will change when you power cycle the modem), I would think you are OK.

    However, routers are vulnerable to very clever crackers ... that's why a software firewall is used. A firewall goes beyond the simple inspection of individual packets, and actually monitors, records, and tracks each individual TCP connection (or attempted connection) to verify its validity. The software firewall is not susceptible to some of the sophisticated SYN floods, FIN probes, fragment attacks, and other tricks that can be thrown at the simple NAT router.

    All my PCs plugged into the LAN side of the router are on a local private network. The IP addresses of these are set using DHCP on the router. The router is a NAT router that converts between the private internal addresses and the WAN IP address on the modem side which is on the real Internet.

    For some relatively unbiased advice: http://www.wilders.org/firewalls.htm

    Simple way to test the need for a firewall ...

    Go to http://grc.com/ and run "shields up". Click through the first page and on the next page scroll down to "shields up" on the left side. Click it and run "full service port scan". When finished it will give you an option at the bottom for a summary. A pass = all stealth, no open ports, and no ping replies !
     
  8. K-Man

    K-Man

    Joined:
    Sep 11, 2004
    Messages:
    404
    Thought I'd jump in on this one, as I am considering my options for firewall protection myself. I'm considering the "Alpha Shield" hardware firewall, for $99, but I'm not sure I want to spend that kind of cash if I'm going to need $50+ software firewall anyway.

    What's the best combination here?

    Thanks!
     
  9. hewee

    hewee

    Joined:
    Oct 26, 2001
    Messages:
    57,793
    K-Man

    You want the software firewall also like winchester73 said above.

    I have a router and use Zone Alarm Pro and it does a great job.
    Then also have spyblaster and spyguard that help keep things from getting on the PC too.

    Now Alpha Shield does sound like like a nice firewall. Just all it doesover what a router does I am not the one to ask.
     
  10. K-Man

    K-Man

    Joined:
    Sep 11, 2004
    Messages:
    404
    I guess you really can't have TOO much protection, huh?

    I'm with onlykims on this one: I don't know all the differences exactly either. I just know I want my system to be as secure as possible. Don't have any super-critical data on it... just don't want to have it messed up, since I use it for my art and design work, which is my livlihood these days!

    Thanks to onlykims for starting this thread so I didn't need to!
     
  11. hewee

    hewee

    Joined:
    Oct 26, 2001
    Messages:
    57,793
  12. K-Man

    K-Man

    Joined:
    Sep 11, 2004
    Messages:
    404
    Do I even need a router, unless I have multiple computers?
     
  13. hewee

    hewee

    Joined:
    Oct 26, 2001
    Messages:
    57,793
    No you will not need a router unless you have multiple computers. The Alpha Shield seems to do the same thing as a router and then maybe more but like I said I don't know.
    But it only lets you hook up one PC. Plus I would think your still want a software firewall because that gives you control over what comes in and what goes out. I can control what programs do what and if anything new got on my PC and wanted out it has to ask me.
     
  14. K-Man

    K-Man

    Joined:
    Sep 11, 2004
    Messages:
    404
    Any of this helping, onlykims? :eek:
     
  15. Tarheel63

    Tarheel63

    Joined:
    Sep 6, 2004
    Messages:
    5
    Without a software firewall, you could be infected with a trojan that could be sending all of your personal or financial information to a hacker.
    A software firewall, set up correctly will ask for permission before
    it would allow the trojan net access. If you deny the unknown process
    access it cant communicate with the hacker. A software firewall
    working with a router is a second line of defense for inbound packets. If
    someone gets past your router, they still have your software firewall to contend with.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/274381

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice