do i need a router?

Discussion in 'other firewalls' started by iceni60, Dec 31, 2004.

Thread Status:
Not open for further replies.
  1. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    hi, im on a standalone computer and i have kerio 2.1.5. i always hear paople saying that a router is necessary, but do i need one on a standalone computer? thanks. :)
     
  2. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    No, it is not necessary. Some users with standalone systems will use a router as an additional and first layer to deal with unsolicited inbound traffic. Routers also have the advantage of being independent of your system/OS. So a nice to have, but not a must.

    Regards,

    CrazyM
     
  3. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    thank you, CrazyM :) . i think that's the first time i've heard someone say that it's not necessary. i've just recently started to learn about networks, and it's the subject i like best :cool: . can i go off topic for a second, and ask you one question? can you think of a good book, or site, i can get/goto which will help me learn about networks.? thanks :)
     
  4. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    oh, there's one more thing, can i use something like snort on my computer? i'd like to use it more as a way to learning then as security. would i need a router then? thanks. :)
     
  5. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
  6. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    thanks, NIck. i'll have alook now :) .

    nydr, if i ever need any forensics done i'll know who to call ;) fantastic post, mate.
     
  7. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    Nick, have you ever downloaded the PDF from the first link you gave? i know you wouldnt give a bad link, i just want to make sure as you didnt mention a download. thanks. :)
     
  8. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,722
    Location:
    Texas
  9. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    thanks, Ron. i'll bookmark it, it looks like there'll be different things to read weekly/monthly there too. i havent totally ruled out a router, if i can find out more about snort, and if i end uprunning it, i might be needing one.o_O

    i just started the PDF download and it looks like it is installed with the windows installer. mine stopped working about 3 weeks ago, and i dont think it will install :'( i did start a thread about it. i'll go back to it and see if anyone can come up with anything. thanks. :)
     
  10. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Should have mentioned it was a PDF download. I have the whole thing saved in HTML format somewhere. I'll see if I can find it.

    Nick
     
  11. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    thanks, Nick. i'll go and see if the installer can be fixed before i do anything else.
     
  12. QBgreen

    QBgreen Registered Member

    Joined:
    Jan 1, 2005
    Posts:
    627
    Location:
    Queens County, NY
    No one that isn't networking "needs" a router, but layering your system security is sensible. A decent router with NAT and even some with true firewalls can be had for a reasonable price. I use a D-Link DI-604 along with ZAP, NOD32, and BOClean. I keep F-Prot for Win as a backup A/V scanner, and The Cleaner as an on demand anti-trojan. I also run Spybot S&D as well as Ad-Aware. Total cost: under $100. Feeling good about my security: Priceless!
     
  13. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    Same here! Sorry for going off topic but I've been foaming at the mouth at those Maxtor One-Touches too. First real review I've read on it though. Sorry did not mean to but in :ninja:

    Thanks Nick I downloaded the IBM RedBook PDF for more advanced learning later. :D
     
  14. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    Don't forget: a router is needed only to route network traffic and it can do some basic network filtering, like allowing and blocking certain kinds of network traffic.
    The main security function that most routers provide too is the NAT (Network Address Translation) function. It creates a local network who's structure is not visible to the outside world. In fact, it is not a security feature at all, but it delivers a large amount of security, because an invisible system cannot easily be attacked from the outside.

    Installing just a router is not enough: you have to make sure that it is configured correctly. A lot of broadband modems come with the firewall part disabled.

    And please be aware that in router there is no intelligence: all incoming must be seen as hostile, while it does allow al outgoing traffis. So, there's no protection against compromised systems on your lan.
    Also be aware that real logging analysis can be a problem.

    Lesson: you want a personal firewall that can control outgoing traffic on all the computers on your local network too.

    Do you need a router? No, like CrazyM said. But you'll want one if you have more than one computer on your local network, and you let it serve the internal IP-addresses using the dhcp-server function of the router.
     
  15. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    Hello QB,
    Welcome to the Wilders. Nice set up. I couldn't agree more. Some very good choices imho. ;)
     
  16. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    thanks for all the answers. QBgreen said something about a NAT. and Meneer added abit. but, am i right in thinking that i wouldnt have any use for one at all? they are for a LAN so all the computers can use the same address when useing the WAN? the router would then resolve the addresses for any internal and external requests so a LAN can connect to the WAN and vice versa. one thing a router would be good for is to protect against worms and in particular against port scanning - that i think would be the only plus point i can think of, because it sits out on the network and is separate from your computer any attack can not by-pass it. and it is a more solid defence against any outside attack. thanks :)
     
  17. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    I went through this whole router thing myself a few weeks ago, I even trialled one, but in the end I decided against its use.

    Part of the reason is that I am on a standalone machine with a USB connection. That means I am not online until I connect up, even though I am on Broadband, and I can disconnect and work offline any time I choose.

    With a router I had to use Ethernet connections, which meant I was permanently online from the moment I booted up. This is obviously less safe, even with the hardwire FW.

    So unless you require to be always online, a properly configured software FW, keeping you fully stealthed, is really good enough - unless you want to be on a network, which is a different matter!
     
  18. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    I think that you are right. The whole point of network security is to only allow the communication that you want. If you don't want any incoming traffic: close the gates. A hardware box would be just fine. If you need more control and more advanced options (say a vpn, of website hosting) trouble could arise. This will take you quote some effort studying the manuals and FAQ's.
    But in the simple setup, a hardware box is a great asset. Saves a lot of headaches.
    I'm using a linux system as firewall/router combo. But my main motivation for using such a system is not the firewall/router part, I hardly ever touch those functions of the system, they just work out of the box.
     
  19. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    thanks for your help, meneer :cool:
     
  20. Jazzie1

    Jazzie1 Registered Member

    Joined:
    Dec 5, 2003
    Posts:
    174
    Hi iceni60!

    If you are interested in using Snort in conjunction with a fw (workstation based) then have a look at Snortsam: www.snortsam.net

    There is a version of Snortsam for 8Signs and CHX-I FW... I currently use CHX-I and Snortsam+Snort on a stand alone system due to having a dedicated game/file server... If you just have a stand alone workstation, then having snort is not necessary..

    I have a 'How to' doc for 8Signs here:
    http://www.fluxgfx.com/ssc/showthread.php?goto=newpost&t=29

    Take care
    Jazzie
     
  21. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    thanks, Jazzie1. i have just been told about Samhain i'm going to give that ago. thanks for your post too, if i understood correctly, i would have to change firewall to use your suggestions?
     
  22. Jazzie1

    Jazzie1 Registered Member

    Joined:
    Dec 5, 2003
    Posts:
    174
    In order to use Snortsam to autoblock, (send command line commands) to your fw, it would have to be incorporated into Snortsam as a plug-in. Unfortunately, there are only a few Win32 based firewalls that use command line arguements. 8signs and CHX-I are two of them. However, you can use Snort on any fw. If you want an easy to use, all-in-one platform there is a tool called IDS Center: http://www.engagesecurity.com/downloads/#idscenter

    Other tutorials are at the famous: www. winsnort.com
    They have just updated all thier guides for Windows to compliment Snort 2.3

    Take care and good luck

    CU
    Jazzie
     
  23. dong

    dong Guest

    sorry if this post is out of the topic.
    Anyone can suggest the best security/stable/fast router for home users. We use dlink router; it works ok but its revisions of firmwares have been really lousy time by time. Everytime a revision came out, gave it a try, bewared problems with the router then.
    thankx in adv.
     
Loading...
Thread Status:
Not open for further replies.