Is a router the same as a firewall?

  • Thread starter Thread starter ~Aart
  • Start date Start date
A

~Aart

Hi,

I have a WiFi D-Link router, access point, gateway. If I connect to the
internet through the router, do I also have to run firewall software on the
computer, or is the router, all by itself, provided the same level of
protection a firewall does?

TIA

Aart
 
"~Aart" said:
Hi,

I have a WiFi D-Link router, access point, gateway. If I connect to the
internet through the router, do I also have to run firewall software on the
computer, or is the router, all by itself, provided the same level of
protection a firewall does?

TIA

Aart
Click to expand...

Your router performs some, but not all, of the functions of a software
firewall.

Your router blocks all undesired incoming traffic from the Internet,
preventing hackers from seeing your computer and breaking into it
through your Internet connection.

It doesn't block undesired outgoing traffic from your computer to the
Internet, which can be caused by programs installed on your computer
by viruses and malicious web sites. If that type of protection is
important to you, install a software firewall, such as ZoneAlarm, that
has that capability. Note that Windows XP's built-in Internet
Connection Firewall doesn't have that capability, and there's no
reason for you to enable ICF on your computer.
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com
 
Thanks Steve, for the explaination.

If I got it right, the router blocks incoming, and zone alarm blocks
outgoing data.

Is the router and Zone Alarm the same as proxey servers?

Aart
 
"~Aart" said:
Thanks Steve, for the explaination.
Click to expand...

You're welcome.
If I got it right, the router blocks incoming, and zone alarm blocks
outgoing data.
Click to expand...

ZoneAlarm blocks both incoming and outgoing. But there won't be
anything bad coming in, because the router has already taken care of
it.
Is the router and Zone Alarm the same as proxey servers?
Click to expand...

Those are three entirely different things. I recommend looking up
"router", "firewall" and "proxy server" here:

http://whatis.techtarget.com/
Aart
Click to expand...
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com
 
ZoneAlarm blocks both incoming and outgoing. But there won't be
anything bad coming in, because the router has already taken care of
it.
Click to expand...

Remember also that if you have more than one computer on the network
and wish to share resources between them you will have to set
ZoneAlarm to "trust" the other computers within the network otherwise
they will be blocked out too.
 
Thanks again Steve, that's a great site!

From all of this I'm deciding that for a home network
behind a router, the router by itself is good enough security. I'm
concluding this
because if the router keeps out hack attacks, and I routinely
run spybot and adaware, I will have both sides of the interface pretty much
under
control. I don't have to fool with proxy servers because I don't care if
I have to wait a few minutes for a page to load.

If you think I just posted something stupid, please let me know.

Thanks again,

Aart.
 
~Aart said:
Thanks again Steve, that's a great site!

From all of this I'm deciding that for a home network
behind a router, the router by itself is good enough security. I'm
concluding this
because if the router keeps out hack attacks, and I routinely
run spybot and adaware, I will have both sides of the interface pretty much
under
control. I don't have to fool with proxy servers because I don't care if
I have to wait a few minutes for a page to load.
Click to expand...

Are you planning on running ZoneAlarm (or something similar) as well?
My main concern would be if for some odd reason, you're machine is
infected with a trojon/worm, without something like ZoneAlarm (or
specific configuration on the Router perhaps) the worm could propogate
from your machine... If it's a worm that uses port 80, it would
certainly be able to get out (otherwise you'd not be able to browse the
web).
 
Hi B Walker,
I didn't think that could happen because the Router stops things from coming
in. If it can't get in then I don't have to worry about it getting out.
That was my thinking. Was I wrong?
Thanks,
Aart
 
I didn't think that could happen because the Router stops things from coming
in. If it can't get in then I don't have to worry about it getting out.
That was my thinking. Was I wrong?
Thanks,
Aart
Click to expand...

You are not wrong, as such. Worms like Blaster etc should not get on
to your system because the firewall should prevent them from getting
in. However there are other ways for programs to get access to your
system, such as via a virus, or a computer which is already infected
connecting to the internal network.

It also helps keep a good track of spyware which is happily pumping
your information out to some location on the internet. I've got
hardware and software firewalls at home and at work and but my spyware
programs still pick countless suspect files on both machines.
 
You don't want to run two firewalls at the same time, as hardware &
software. That can cause problems.
 
Hi Simon,

You got me thinking again. I never thought about a problem originating by
attaching something to the network on my side of the router. Let's see if I
finally have this straight as to what I should do:

1. Rely on router to keep stuff out that could come in via open ports.

2. Rely on anti-virus software to put the kabosh on nasty-grams coming in
through the mail client, floppies, peer to peer file sharing, etc.

3. Run Zone Alarm to keep ET from phoning home.

Does that pretty much cover it, and keep me out of trouble?

Thanks,

Aart
 
Hi Simon,

You got me thinking again. I never thought about a problem originating by
attaching something to the network on my side of the router. Let's see if I
finally have this straight as to what I should do:

1. Rely on router to keep stuff out that could come in via open ports.

2. Rely on anti-virus software to put the kabosh on nasty-grams coming in
through the mail client, floppies, peer to peer file sharing, etc.

3. Run Zone Alarm to keep ET from phoning home.

Does that pretty much cover it, and keep me out of trouble?
Click to expand...

I would have thought that you would be kept fairly safe with that.
Before I got the router my broadband was via a USB ADSL modem. At
that time the software firewall (in my case ZoneAlarm) recorded probes
and attacks on my computer several times a minute, each minute for all
the time I was online. But even more revealing was the number of
programs on my computer which tried to access the internet. You name,
at some point just about everything tried to ask for Access. I prefer
to be in the position of knowing exactly what comes and goes from my
machine.

It was with this in mind that I decided to continue with ZoneAlarm on
computers behind the router. There is a little bit of configuring to
do to generate a "trusted" network so that each machine allows inbound
connections from the others, but it's so simple to do.

It is true that ZoneAlarm no longer registers inbound attacks but it
frequently asks me if this program or another can access the internet.
It is usually fairly obvious which program is asking (and it's a good
idea to let obvious programs like IE, OE and AV updates outward access
without asking you).

Someone else in this thread said hardware and software firewalls can
conflict. I don't agree, at least not at the basic level. It might
complicate things a little if you want to use VPN, but it can still be
done.
 
I meant running two software firewalls. I set behind a router and use Zone
Alarm Pro with no problems and my antivirus.
 
Back
Top