Security, router vs. software firewall

  • Thread starter Thread starter Michael Dixon
  • Start date Start date
M

Michael Dixon

I have a LinkSys router. I have heard that having a router is effective as
a fire wall and I don't need a software firewall like ZoneAlarm. Is this
true?

michael
 
I have a LinkSys router. I have heard that having a router is effective as
a fire wall and I don't need a software firewall like ZoneAlarm. Is this
true?
Click to expand...

A router provides protection by means of NAT, it's an inbound filter
only and NAT has nothing to do with firewall functions. NAT Routers have
a basic function of not allowing inbound traffic to your network that
was not requested by something inside your network.

A router with NAT does nothing to block outbound traffic from your
network - with the exception that "some" allow outbound port blocking
and some additional features - but this does not make it a firewall.

Personal Firewalls - those firewalls installed on a User computer (the
difference being a firewall installed on a computer not being used by
any user or non-firewall services) are "nice" but are very easy to
subvert by users "allowing" the wrong things, or by making bad
configuration settings. Many people will have no clue if their firewall
is working and there are so many things that can screw it up on a
typical home users system.

With a router and NAT device you have a good first line of defense - it
stops unsolicited inbound traffic. That means all the worms won't reach
your network by default - you would have to invite one in.

The second part is to monitor the LOGS produced by the router - since
you have a Linksys you can use WallWatcher to see IN and OUT bound
traffic in real time - once you learn about what's going OUT and what's
trying to come in you can search GOOGLE to see what's going on.

Next, Antivirus software - GOOD QUALITY is needed.

Then setting all users to run as "User Accounts" and not the default
Administrator level account.

An then there is not using IE or Outlook/Outlook Express - unless you
properly secure them like the latest MS security documents show.

Many more things are possible, but the router with logging enabled and
Wall Watcher will tell you how secure you are and when something goes
wrong too.
 
Hi
Yes I would recommend adding Software Firewall and AntiSpy protection
programs to the mix.
Internet -Basic protection: http://www.ezlan.net/firewall.html
Internet Infestation: http://www.ezlan.net/infestation.html
Basic Steps in cleaning Internet "Junk" - http://www.ezlan.net/clean.html
There are elements of personal preferences in choosing Firewall (I stay away
from ZA; some versions of ZA are major trouble to LAN).
My favorite of the freebees is the Old version of Kerio.
Link to Kerio v215 http://www.kerio.com/new/kpf_download.html
For AntiSpy try the Excellent release of Microsoft
Link to:
http://www.microsoft.com/downloads/details.aspx?FamilyId=321CD7A2-6A57-4C57-
A8BD-DBF62EDA9671&displaylang=en
Jack (MVP-Networking).
 
I have a LinkSys router. I have heard that having a router is effective as
a fire wall and I don't need a software firewall like ZoneAlarm. Is this
true?

michael
Click to expand...

Michael,

A NAT router (aka broadband or residential router) will protect you from most
malicious incoming traffic. If the router has SPI (and not all models do), that
provides actual firewall functionality. A router won't, however, detect or
block outgoing traffic, malicious or otherwise.

A third party software firewall like ZoneAlarm protects you against outgoing
traffic from malware like spyware or worms, if such should become installed on
your computer. A software firewall may also serve as an inner barrier, should
the NAT router ever be compromised.

If you have a wireless router, and you enable its radio function, having a
software firewall installed and running on each computer connected to your LAN
is a good idea to protect you from your wireless neighbors. If you have
multiple computers connected to your LAN, wired or otherwise, a software
firewall is a good idea, in case any one of them becomes infected, the others
are better protected.

IMHO, however, if you allow malicious software like spyware or worm to install
and run on your computer, and depend upon a software firewall to alert you or
filter its outgoing traffic, you are under protected.

A layered protection policy, with regularly updated anti-spyware and anti-virus
protection, is much better than simply relying upon outgoing filtering provided
by ZoneAlarm.
1) AdAware and Spybot S&D are both free anti-spyware products, and both
complement each other. Microsoft AS is currently free, has better detection
rate, but false positive rate also.
2) SpywareBlaster blocks known bad scripts from running.
3) Use an alternate browser, like Mozilla Firefox, as much as possible.
4) When you MUST use IE, block scripting for known bad websites (sourced from
Eric Howes excellent IE-SpyAd).
5) Practice safe hex, enhanced by use of a hosts file to prevent accessing
known bad websites.

AdAware <http://www.lavasoftusa.com/>
Spybot S&D <http://www.safer-networking.org/index.php?page=download>
SpywareBlaster <http://www.javacoolsoftware.com/spywareblaster.html>
IE-SpyAd <https://netfiles.uiuc.edu/ehowes/www/resource.htm#IESPYAD>
HPGuru's Hosts <http://www.dozleng.com/hpguru/>
MVPS Hosts <http://www.mvps.org/winhelp2002/hosts.htm>

--
Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.
My email is AT DOT
actual address pchuck sonic net.
 
An additional software firewall is certainly advisable, for the reasons
specified by the others. I might add that it is becoming more necessary to
have them and to keep them up-to-date all the time, because of the newer
hacking techniques.

Firewalls that don't run on the PC are unable to determine whether a
connection is initiated by a process that is allowed to connect, or one that
is NOT supposed to be allowed to connect. Additionally, current virusses and
malware use techniques to "disguise" themselves as known processes. Only the
newest versions of personal firewalls keep up with these stealth techniques.
 
Firewalls that don't run on the PC are unable to determine whether a
connection is initiated by a process that is allowed to connect, or one that
is NOT supposed to be allowed to connect. Additionally, current virusses and
malware use techniques to "disguise" themselves as known processes. Only the
newest versions of personal firewalls keep up with these stealth techniques.
Click to expand...

As a side note to this - if you are using a router it's nice to block
outbound connections to remote ports
135,136,137,138,139,445,1026,1027,1433,1434

Since there is no reason for the above remote ports, on a secure
machine, to be connected to, you can limit some spread of worms that
way.

Another nice thing, if you have the ability, is to limit outbound port
25 to your ISP's mail server only (or the mail server that you use).
This limits viruses and worms with their own SMTP engines from spreading
easily.
 
Back
Top