Firewalls and routers, huh?

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

onlykims

Thread Starter
Joined
Aug 14, 2003
Messages
104
I am a little embarrassed to admit this, but I seem to have a fundamental flaw in my thought processes. I don't see the need for a firewall, or purpose, if you are behind a router, but I believe that thought to be incorrect at the same time. I'm really hoping that some kind, knowledgeable soul will inform me what exactly a firewall does that a router does not. I'm currently studying networking and security so it's just a little important that I have a good grasp of this. :) I really appreciate the help and apologize if this post should have been placed elsewhere (I did look). This site is terrific and I wouldn't want to...well, you know. :)
Kim
 
Joined
Oct 18, 2002
Messages
730
At a very basic level routers do what they are designed to do they pass packets of data up and down stream from A to Z without restriction whilst a firewall censors what data goes in,what data comes out and which ports are used.

So one would be an open house and the other house would have locks on the inside and outside of the front door.
 

onlykims

Thread Starter
Joined
Aug 14, 2003
Messages
104
Ah, and this "inspection" of the packets obviously comes in varying degrees depending on product, correct? Pardon the ignorance on the topic, I'm just starting to look at the securities. It would appear that I've been a sitting duck..... :(
Kim
 
Joined
Oct 18, 2002
Messages
730
Its like having a doorman if you not dressed right your not coming in ;)
How Routers Work
How Firewalls Work

You can have hardware or software firewalls the former being better as they are on dedicated pieces of hardware and less open to compromise.Examples are:

Software firewall
Zonealarm
Sygate


Hardware firewalls
Clark connect
Smoothwall

The later two are freeware downloads which you can install on an old PC like a 486 and use on your home network.
 

onlykims

Thread Starter
Joined
Aug 14, 2003
Messages
104
Thank you so much for the links. :) Does Sygate play nicer than ZA (which refuses to run on my machine)? If routers don't protect "well enough", why do tests (ShieldsUp) continually come back "stealth"? I always 'thought' that meant you were "safe"?
 
Joined
Oct 18, 2002
Messages
730
Your probably behind a NAT [Network Address Translation ] which provides some form of protection but not from packets going out.
Outpost and Sygate both offer freeware versions for home use if Zonealarm is unsuitable for your system.BTW some peeps have found an older version of Zonealarm seems to work better for them than the newer edition.
 
Joined
Aug 18, 2003
Messages
2,438
My two cents ... ;)

I have a Linksys 4 port router, with the built-in NAT firewall ... the built-in NAT does nothing regarding outbound traffic ...

I run ZoneAlarm Pro on one box, and Sygate Personal on the other two. The ZA box is the one that I use for sensitive information, hence the "higher" level of protection.

IMO, a software firewall MUST be used if there is no NAT Router installed on the ADSL or Cable Modem connection, and also if you are behind a wireless NAT/router.

The basic task of a NAT router is to block incoming connection attempts. Putting it as your interface to the Internet will protect you from simple incoming connection attempts (and also unsolicited UDP).

Behind a NAT router you should see NO incoming connections, unsolicited or not, unless you start opening ports.

On a residential ADSL or cable modem, the use of a simple NAT router is probably sufficient, especially if you practice other safe computing habits. I would think as a minimum that a NAT router should be installed on any ADSL or Cable Modem connection.

If your NAT router is completely stealthed, you don't open up any ports to be visible to the Internet, and your IP address assignment is dynamic (and will change when you power cycle the modem), I would think you are OK.

However, routers are vulnerable to very clever crackers ... that's why a software firewall is used. A firewall goes beyond the simple inspection of individual packets, and actually monitors, records, and tracks each individual TCP connection (or attempted connection) to verify its validity. The software firewall is not susceptible to some of the sophisticated SYN floods, FIN probes, fragment attacks, and other tricks that can be thrown at the simple NAT router.

All my PCs plugged into the LAN side of the router are on a local private network. The IP addresses of these are set using DHCP on the router. The router is a NAT router that converts between the private internal addresses and the WAN IP address on the modem side which is on the real Internet.

For some relatively unbiased advice: http://www.wilders.org/firewalls.htm

Simple way to test the need for a firewall ...

Go to http://grc.com/ and run "shields up". Click through the first page and on the next page scroll down to "shields up" on the left side. Click it and run "full service port scan". When finished it will give you an option at the bottom for a summary. A pass = all stealth, no open ports, and no ping replies !
 
Joined
Sep 11, 2004
Messages
404
Thought I'd jump in on this one, as I am considering my options for firewall protection myself. I'm considering the "Alpha Shield" hardware firewall, for $99, but I'm not sure I want to spend that kind of cash if I'm going to need $50+ software firewall anyway.

What's the best combination here?

Thanks!
 
Joined
Oct 26, 2001
Messages
57,793
K-Man

You want the software firewall also like winchester73 said above.

I have a router and use Zone Alarm Pro and it does a great job.
Then also have spyblaster and spyguard that help keep things from getting on the PC too.

Now Alpha Shield does sound like like a nice firewall. Just all it doesover what a router does I am not the one to ask.
 
Joined
Sep 11, 2004
Messages
404
I guess you really can't have TOO much protection, huh?

I'm with onlykims on this one: I don't know all the differences exactly either. I just know I want my system to be as secure as possible. Don't have any super-critical data on it... just don't want to have it messed up, since I use it for my art and design work, which is my livlihood these days!

Thanks to onlykims for starting this thread so I didn't need to!
 
Joined
Oct 26, 2001
Messages
57,793
No you will not need a router unless you have multiple computers. The Alpha Shield seems to do the same thing as a router and then maybe more but like I said I don't know.
But it only lets you hook up one PC. Plus I would think your still want a software firewall because that gives you control over what comes in and what goes out. I can control what programs do what and if anything new got on my PC and wanted out it has to ask me.
 
Joined
Sep 6, 2004
Messages
5
Without a software firewall, you could be infected with a trojan that could be sending all of your personal or financial information to a hacker.
A software firewall, set up correctly will ask for permission before
it would allow the trojan net access. If you deny the unknown process
access it cant communicate with the hacker. A software firewall
working with a router is a second line of defense for inbound packets. If
someone gets past your router, they still have your software firewall to contend with.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top