I'm getting a new router to replace my old Cisco, i'm seriously thinking about ditching softwarefirewalls, because in 4-5 years of using them i have not had a single outbound connection i didn't know the identity of. What would be my targets, what should a 2005 router in terms of security have? Firewall with SPI would be the starting point i guess, what else should i be looking for? Is there a Rolls Royce among routers or brands i should stay away from. :)

D-Link and Linksys are some of the good and reliable names out there. I use D-Link myself ^_^

Some forums for more information:

http://www.dslreports.com/forum/dlink
http://www.dslreports.com/forum/linksys

-{ Quote: " Is there a Rolls Royce among routers or brands i should stay away from. :)" }-Don,

For wired routers , I really like Zyxel. Incredibly solid. Not one glitch from my Zywall 10W in over a year of service.

If you want wireless as well, Linksys is solid. I run a WRT54GS with Sveasoft firmware for my wireless branch. Again, rock solid and the 3rd party firmware is worth using - as is getting the GS model of this product even if you don't plan to use overdrive. Faster processor and more RAM - at least at the time I purchased (~1 year ago).

Blue

You'll probably want a few things :
-an all in one modem/firewall <less hassle, less cords, less clutter>

-one that autodetects all the settings it needs to work <just add username and password>

-a router with VoIP, seeing as allow for very cheap phone calls (if your isp supports VoIP)

-Some router/firewalls can filter java/activex/cookies (some don't), some have url restrictions (parental control), QoS (bandwith management...useful for VoIP), and if you are using adsl broadband (think it's just dsl in america), make sure it's compatible with any future upgrades to the dsl line (eg if they get DSL2,3,4 etc)

Can't think of too many other things you may want in a router.

I'm using a Billion 7400...I quite like it...but it's an adsl modem/router/firewall, so not sure that it works with dsl.

I have been useing a Linksys for almost two years and it has never even hicuped once. It is a wireless mod. no.BEFW11S4 I run One hard wired (mine) and three wireless off of it with excellent performance. The firewall in it seems to block all unwanted incomeing.

ZyXEL for wired routers. I now am the proud owner too and it's superb stuff!

No less an expert than Steve Gibson recommends Linksys.
Just do a Google search for Linksys on grc.com.

Acadia

Is there such a thing a cable modem w/ built-in hardware firewall? I am on cable, & do not have any networking needs, nor do I want wireless. All I want is a hardware firewall for security's sake. And I don't see why I should spend upwards of $300 USD for a router when I don't need/want anything other than the firewall. I've Googled till my fingers have bled, but haven't been able to find anything to answer this specific question. Any suggestions?

My Linksys Wireless B broadband router has a NAT firewall. Most routers have a NAT firewall, and are pretty cheap. However, they only offer inbound control.

I've Been using my Linksys Router for 2 years without a Glich!!

http://makeashorterlink.com/?V1B3266CB

-{ Quote: "Is there such a thing a cable modem w/ built-in hardware firewall? I am on cable, & do not have any networking needs, nor do I want wireless. All I want is a hardware firewall for security's sake. And I don't see why I should spend upwards of $300 USD for a router when I don't need/want anything other than the firewall. I've Googled till my fingers have bled, but haven't been able to find anything to answer this specific question. Any suggestions?" }-


That is what I am useing is cable internet with a linksys wireless firewall router. about $80.00 at WM you can get a cable wired router from linksys as low as $39.00

I used to use a Linksys wired router(BEFSR41) a couple years ago but had a port on it go bad and also had issues with online gaming and network spikes with some of their firmware versions.

I switched to a Netgear RP614v2 and haven't had a hiccup, in almost 2 years of running it.

-{ Quote: "That is what I am useing is cable internet with a linksys wireless firewall router. about $80.00 at WM you can get a cable wired router from linksys as low as $39.00" }-

Ohhh; I feel really dumb...so, a wireless router can be run hardwired to the cable modem? Guess I'll be shopping tomorrow.....now back to some sites to check out what type of firewall I'll need. Thansk...

-{ Quote: "Is there such a thing a cable modem w/ built-in hardware firewall? I am on cable, & do not have any networking needs, nor do I want wireless. All I want is a hardware firewall for security's sake. And I don't see why I should spend upwards of $300 USD for a router when I don't need/want anything other than the firewall. I've Googled till my fingers have bled, but haven't been able to find anything to answer this specific question. Any suggestions?" }-feverfive,

The first thing to not do is limit your seach. For example, I use a Zyxel 10W as my router. For wireless I could have either installed a Zyxel wireless card or plugged an access point into the switch feeding the router. At the time, the Linksys wireless access point was significantly more expensive than the WRT54GS router, which actually had more flexibility and arguably better performance stats. I purchased the router, disabled DHCP by checking a box in the configuration screens and had myself a wireless access point for $80. At the time I recall the dedicated access point from Linksys was $130..

You don't have any networking needs, but it is the NAT functionality of a router that is used by many of us as a limited hardware firewall. Any standard consumer grade router will do. I'd recommend the Linksys WRT54GS
even if you have firm plans never to use wireless because of the ability to access 3rd party firmware. The cost of these is $70-80, but there are alternate choices at lower cost with equal functionality.

Blue

here is an inexpensive one that would work just fine

-{ Quote: "I'm getting a new router to replace my old Cisco, ..." }-
What model of Cisco are you thinking of retiring? Would help to know what features you are accustomed to and assist in suggesting what Rolls Royce router may have your name on it ;)

Regards,

CrazyM

-{ Quote: "What model of Cisco are you thinking of retiring? Would help to know what features you are accustomed to and assist in suggesting what Rolls Royce router may have your name on it ;)

Regards,

CrazyM" }-
Hi CrazyM

It's a very old Cisco 677 (don't laugh ;) )

It seems that everybody are using/suggesting the brands that i have looked at, ZyXel, Linksys & D-Link.

One more thing, i would of course not mind saving a $ or 2, but the most important thing to me is the quality of the router & the firewall in it. If spending $200 instead of $50-60 is going to bring me better performance/quality/security, then so be it.

My needs btw are not great, basicly all i need besides the quality, is a 4-port Switch. :)

I'd also recommend ZyXel- the ZyWall 5 for larger volume throughput or for 'home' use with wireless the P334WT (about 8 Mbps WAN-LAN throughput with firewall on). On the P334WT you can turn off the firewall if you are not opening ports and port 113 is closed all others stealth and the WAN-LAN throughput goes up to about 28Mbps. It's a good workhorse.

If you like to play/tweak the firmware - especially 3rd party firmware, Linksys WRT54GS is a good model to base your purchase around.

Maybe you can take a look here:
http://www.netgear.com/products/details/DG834G.php
I use it without any problem from almost 1 year

My linksys router (cable wireless one) died, could use lan fine, but could'nt connect to the outside world.

I replaced it with a belkin router, which features spi firewall which my linksys did'nt, also its MUCH faster, with 9 months of 24/7 filesharing I never once got a tcpip connections limit reached event in winxp using my linksys router, but the day I started using my belkin router I got these events, I think my belkin router can handle more connections faster than my linksys router.

Also on the speed issue the wireless networking is twice as fast for (re)connecting and signal strength seems about the same, and thats still using my linksys wireless card.

On a side note I've noted you have to be very careful with which model linksys router, even revision you get, as I think mine was one of the no so great versions.

Have used SMC large wireless model.used wired only.(used,all packing and instructions from Garage Sale$10.00) ;D Sold it $40.00 ;D But regret that ???
Netgear(couldn't get it to work) ??? must have/had to have been me. ???
D-Link 6 o something.
Linksys wireless model used wired only.
Linksys 'r41 maybe v2
Linksys 'x41 firewall sticker nomenclature on top of it.
The SMC had logging as default worked flawless always stealth out of the gate no tweaking necessary. ;D
D-Link "seemed" a touch slower ??? when opening up the e-mail.-+?
But was otherwise flawless.
Linksys routers both performed the same here at the time they were experimented with though the 'x41 has more custom settings blocking stuff BUT I didn't use that customizable part of the interface for cookies java etc.
What am I using now?
Linsys 'x41 got it on sale ;D
But like I typed still miss that big 'ole SMC ran fast, flawless, never a hiccup. and was stealth with no "tweak"
I never used it in wireless mode.
Quite sure any of the models suggested will work okay.
Buy with a return option to.

I am sure Linksys is a fine router and would not hesitate to purchase and use it.

However, I have had NetGear for several years with no problems.

Bottom line and to the heart of your question. A good hardware firewall router is very fine idea. Software Firewall a good option but not manditory. The only thing I would question is the need to pay for the software one with a good router. ;)

One final point it never ceases to amaze me that Comcast Tech Support always wants to tell me my router is no good when it's connection gets lost at their end . It is fun sometimes just to call and report the outage just to listen to them go through the motions. Sir your router is fried...oh no sir I was looking at the wrong place you have an outage in your area. ;D ;D ;D I know I drifted a little off topic but I wanted to warn you. And if you own your own router they will be more likely to more quickly say your problem not ours buy another or we will have to send another router. ;D In the mean time you could be down. when you really are just fine.

I am not picking on Tech Support sometimes they are good and get right to the heart of the issue, one time late at night, "sir you are the first to call. Thanks".

Thanks Blue & BigC; I'll take a look at some models based on your recommendations...

-{ Quote: "It's a very old Cisco 677 (don't laugh ;) )" }-
If you were to stick with Cisco you could look at the 800 series, they have a couple of new models (850's and 870's). If you were after something more basic there is the SOHO 90 series (also revamped this year with more memory for the newer versions of IOS). But, as you are probably aware, Cisco will require a SmarNet contract to stay current with IOS.

-{ Quote: "One more thing, i would of course not mind saving a $ or 2, but the most important thing to me is the quality of the router & the firewall in it. If spending $200 instead of $50-60 is going to bring me better performance/quality/security, then so be it." }-
While alot of the home routers tout having a firewall (SPI), good luck trying to find out just exactly what it is they do have. And it is usually not configurable, it's on or off. If you want something with a firewall that can be configured, you will be spending a little more. The one possible exception being the WRT54G which sounds like it is fairly configurable (I have not used one). I belive Netgear has one also, but have not heard much about it.

-{ Quote: "My needs btw are not great, basicly all i need besides the quality, is a 4-port Switch. :)" }-
If all you need is a basic NAT box, there are plenty to choose from. If you want the additonal quality and firewall, of those mentioned so far, the Zyxel or continue with Cisco. There are others out there with similar features as these, just no sure on the pricing.

Regards,

CrazyM

I've been a big fan of 2Wire Products since it came out. I've used both a software and hardware firewall.

http://2wire.com/?p=8

You could always build a box with ~200Mhz, 16-64Mg Ram, 2 NIC's, various other older components and use a switch/hub and install something free like Coyote Linux (www.coyotelinux.com) or Smoothwall - another small free Linux OS (www.smoothwall.org) on it. They both use ipchains SPI, can be used as a router, use a web interface, and both provide an equal if not better hardware firewall than Linksys, Dlink, Netgear ,etc. I currently use Coyote (have only got Smoothwall up and running to see what it's like) and I absolutely love it. It is easier to set up and configure than any (hardware)firewall/router I've played with and there are numerous add-on packages that allow things such as a transparent proxy, ftp, Dynamic DNS, traffic monitor, etc. My favorite option on it is its QoS. I can have P2P on full up/down on my 1500/1000 DSL and make or receive calls on my VOIP service, and browse with low latency, and it all works smoothly. QoS is an add'l puchase plug-in for Smoothwall. I have heard of IT Admins using it for their gateway for hundreds of users so it's quite robust.

It's free and really not that difficult if you have the necessary hardware already and switch, and you might learn something by building it. In no way am I endorsing linux or think it's the greatest (it's seeing it's own share of vulnerabilities the more it's used and it's still not beginner friendly), it's just that building my Coyote box was one my more fun computer projects that worked really well.

My box uses an AMD 350 running at 300 with passive cooling, 64 megs of ram which is overkill, 10 Mb NIC for internet, 100 Mb NIC for lan, and run it from a 16 MB compact flash HD. It was designed to run from floppy but Coyote forum contributors have created a way that it can run from a HD. A compact flash HD just makes it more reliable and cuts power consumption so it can have long uptimes. It only uses a disk to boot initially and then runs from a RAM drive. It is connected to my Actiontec from Qwest (which incidentally runs from a poorly written embedded linux) running in transparent bridge mode and so my Coyote box gets the WAN IP. All my internal machines have a soft firewall for app control and I feel pretty secure when I do a fresh OS install and haven't installed a firewall on it yet, or uninstalled one to test another without disconnecting the internet.

If you do consider this option, don't use anything under 200Mhz and use at least 32 megs of RAM despite what the min reqs say. Anything less could deteriorate it's performance. Also, don't be alarmed because the project has been stopped by the original developer recently. He still has it available for download on his site and forum members are continuing its development under a new name which will make it better because it is open source.

I apologize in advance for this post being a little long. I just want Don to be informed of another great option.

-{ Quote: "No less an expert than Steve Gibson recommends Linksys.
Just do a Google search for Linksys on grc.com.

Acadia" }-
;D

Yah you're right, it's I think one of the best router. ;)

Hi Don

If you aren't using wireless you can stop reading, but if you are you might want to rethink not using a software firewall on the pc. In a wireless setup the router if a good one, will indeed protect you from inbound from the internet. But unless you are 100% sure, that no one can indadvertently connect to your wireless network you still need the software filewall. Someone connects an infected computer to your network for even a brief period, and they are between your computer and router, in which case the router does nothing to protect you. For this you need a software firewall on the pc.

Look at all the major corporations that still get hit. The have the exterior of the network protected to the hilt, but some connects an infected laptop and it's all over.

Pete

I use Zyxel Prestige 662 HW (802.11g Wireless ADSL 2+ 4-port Security Gateway) http://www.zyxel.com/product/model.php?indexcate=1085728827&indexcate1=1021877946&indexFlagvalue=1021873638 . A really good choice. a little bit expensive but big benefits.

Sincerly,
Cadoul from France

Thank you to everyone who participated in this thread! :)

I have more or less decided to buy a ZyXel from the prestige series, it seems to be a good choice, both in terms of price and security and it also already has support for the much higher speeds being offered in the not too distant future, although i'm pretty happy with my 4mb connection. :)

How complete is this protection set up?

Antivirus: nod32
Firewall: none
Router: Linksys WRT54G with WPA2 encryption
Additional: Process Guard

Thanks,

Kryspy

-{ Quote: "Thank you to everyone who participated in this thread! :)

I have more or less decided to buy a ZyXel from the prestige series, it seems to be a good choice, both in terms of price and security and it also already has support for the much higher speeds being offered in the not too distant future, although i'm pretty happy with my 4mb connection. :)" }-
Very good choise. Personally I've a ZyXEL Prestige 623, with a 8 port switch behind it.