Firewalls and routers, huh?

[onlykims]

I am a little embarrassed to admit this, but I seem to have a fundamental flaw in my thought processes. I don't see the need for a firewall, or purpose, if you are behind a router, but I believe that thought to be incorrect at the same time. I'm really hoping that some kind, knowledgeable soul will inform me what exactly a firewall does that a router does not. I'm currently studying networking and security so it's just a little important that I have a good grasp of this. I really appreciate the help and apologize if this post should have been placed elsewhere (I did look). This site is terrific and I wouldn't want to...well, you know.
Kim

 

[doggard]

At a very basic level routers do what they are designed to do they pass packets of data up and down stream from A to Z without restriction whilst a firewall censors what data goes in,what data comes out and which ports are used.

So one would be an open house and the other house would have locks on the inside and outside of the front door.

 

[onlykims]

Ah, and this "inspection" of the packets obviously comes in varying degrees depending on product, correct? Pardon the ignorance on the topic, I'm just starting to look at the securities. It would appear that I've been a sitting duck.....
Kim

 

[doggard]

Its like having a doorman if you not dressed right your not coming in
How Routers Work
How Firewalls Work

You can have hardware or software firewalls the former being better as they are on dedicated pieces of hardware and less open to compromise.Examples are:

Software firewall
Zonealarm
Sygate


Hardware firewalls
Clark connect
Smoothwall

The later two are freeware downloads which you can install on an old PC like a 486 and use on your home network.

 

[onlykims]

Thank you so much for the links. Does Sygate play nicer than ZA (which refuses to run on my machine)? If routers don't protect "well enough", why do tests (ShieldsUp) continually come back "stealth"? I always 'thought' that meant you were "safe"?

 

[doggard]

Your probably behind a NAT [Network Address Translation ] which provides some form of protection but not from packets going out.
Outpost and Sygate both offer freeware versions for home use if Zonealarm is unsuitable for your system.BTW some peeps have found an older version of Zonealarm seems to work better for them than the newer edition.

 

[winchester73]

My two cents ...

I have a Linksys 4 port router, with the built-in NAT firewall ... the built-in NAT does nothing regarding outbound traffic ...

I run ZoneAlarm Pro on one box, and Sygate Personal on the other two. The ZA box is the one that I use for sensitive information, hence the "higher" level of protection.

IMO, a software firewall MUST be used if there is no NAT Router installed on the ADSL or Cable Modem connection, and also if you are behind a wireless NAT/router.

The basic task of a NAT router is to block incoming connection attempts. Putting it as your interface to the Internet will protect you from simple incoming connection attempts (and also unsolicited UDP).

Behind a NAT router you should see NO incoming connections, unsolicited or not, unless you start opening ports.

On a residential ADSL or cable modem, the use of a simple NAT router is probably sufficient, especially if you practice other safe computing habits. I would think as a minimum that a NAT router should be installed on any ADSL or Cable Modem connection.

If your NAT router is completely stealthed, you don't open up any ports to be visible to the Internet, and your IP address assignment is dynamic (and will change when you power cycle the modem), I would think you are OK.

However, routers are vulnerable to very clever crackers ... that's why a software firewall is used. A firewall goes beyond the simple inspection of individual packets, and actually monitors, records, and tracks each individual TCP connection (or attempted connection) to verify its validity. The software firewall is not susceptible to some of the sophisticated SYN floods, FIN probes, fragment attacks, and other tricks that can be thrown at the simple NAT router.

All my PCs plugged into the LAN side of the router are on a local private network. The IP addresses of these are set using DHCP on the router. The router is a NAT router that converts between the private internal addresses and the WAN IP address on the modem side which is on the real Internet.

For some relatively unbiased advice: http://www.wilders.org/firewalls.htm

Simple way to test the need for a firewall ...

Go to http://grc.com/ and run "shields up". Click through the first page and on the next page scroll down to "shields up" on the left side. Click it and run "full service port scan". When finished it will give you an option at the bottom for a summary. A pass = all stealth, no open ports, and no ping replies !

 

[K-Man]

Thought I'd jump in on this one, as I am considering my options for firewall protection myself. I'm considering the "Alpha Shield" hardware firewall, for $99, but I'm not sure I want to spend that kind of cash if I'm going to need $50+ software firewall anyway.

What's the best combination here?

Thanks!

 

[hewee]

K-Man

You want the software firewall also like winchester73 said above.

I have a router and use Zone Alarm Pro and it does a great job.
Then also have spyblaster and spyguard that help keep things from getting on the PC too.

Now Alpha Shield does sound like like a nice firewall. Just all it doesover what a router does I am not the one to ask.

 

[K-Man]

I guess you really can't have TOO much protection, huh?

I'm with onlykims on this one: I don't know all the differences exactly either. I just know I want my system to be as secure as possible. Don't have any super-critical data on it... just don't want to have it messed up, since I use it for my art and design work, which is my livlihood these days!

Thanks to onlykims for starting this thread so I didn't need to!

 

[hewee]

Hang on and wait and maybe someone can give you more info. I went to the site http://www.alphashield.com/products.htm and it seems it may be great to add it between the router and modem.

 

[K-Man]

Do I even need a router, unless I have multiple computers?

 

[hewee]

No you will not need a router unless you have multiple computers. The Alpha Shield seems to do the same thing as a router and then maybe more but like I said I don't know.
But it only lets you hook up one PC. Plus I would think your still want a software firewall because that gives you control over what comes in and what goes out. I can control what programs do what and if anything new got on my PC and wanted out it has to ask me.

 

[K-Man]

Any of this helping, onlykims?

 

[Tarheel63]

Without a software firewall, you could be infected with a trojan that could be sending all of your personal or financial information to a hacker.
A software firewall, set up correctly will ask for permission before
it would allow the trojan net access. If you deny the unknown process
access it cant communicate with the hacker. A software firewall
working with a router is a second line of defense for inbound packets. If
someone gets past your router, they still have your software firewall to contend with.