hardware firewall

Discussion in 'other firewalls' started by linger, Jan 26, 2008.

Thread Status:
Not open for further replies.
  1. linger

    linger Registered Member

    Joined:
    Jan 17, 2008
    Posts:
    24
    Hi,

    I keep hearing that using a hardware firewall is a very good security investment. But what exactly type of hardware firewall is a good amount of protection (excluding setting up a spare computer as a dedicated firewall to the outside). Is a router with NAT and DHCP what people mean by a router firewall? Also, I see more expensive routers that provide extra features like VPN. Is that really necessary?

    Thanks
     
  2. Eagle Creek

    Eagle Creek Global Moderator

    Joined:
    Jul 27, 2004
    Posts:
    734
    Location:
    The Netherlands
    Hi linger,

    It depends on what you are trying to protect. If it's a company server or a web server that receives a lot of traffic, you need different equipment then when you are trying to protect your computers at home.

    I'm using a Linksys Wireless ADSL-gateway with a build-in firewall and I'm happy with it.

    DHCP is about providing IP addresses to your computers. NAT is about forwarding ports from the internet, to a single computer.
    In my case, my NAT is disabled so all my ports are completely stealth. But if I want to, let's say, run a FTP-server, I could easily open up port 21 and make my PC accessible at port 21.

    Since I know what programs I'm running on my computer, I don't use a software firewall. Although it can give extra protection, I don’t find it necessary so I can use my resources for other things.
    Although most people I would recommend installing a software firewall also.
     
  3. linger

    linger Registered Member

    Joined:
    Jan 17, 2008
    Posts:
    24
    Hi eagle creek,

    I'm sorry, I should have been clearer. I'm just a home user. I'm running a normal router right now (that is, one that doesn't provide features like VPN I've seen on more expensive models).

    Ah ok, I believe I have NAT set up on my computer. I was running a music server on my machine that I could access from work by forwarding the correct port to the music server. It seems if I disable the port forwarding, I cannot access the server from the outside, so I assume my router is blocking all requests then? So, I suppose, my question is: is running my machines behind a 'normal' router provide a good amount of additional protection for a normal home user?
     
  4. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    Yes..by default, all home grade broadband routers and gateway appliaces (combo modem/routers) run NAT. If your computer has a private IP address (such as 192.168.1.100)....you're behind NAT. By default, all 65,000 plus ports are closed...your computer is behind a tall brick wall.
     
  5. Eagle Creek

    Eagle Creek Global Moderator

    Joined:
    Jul 27, 2004
    Posts:
    734
    Location:
    The Netherlands
    Couldn't agree more.
    You can check if your ports are stealth, closed or opened at this site.
    (Proceed -> Test all service ports).

    This will give you a nice indication :).
     
    Last edited: Jan 26, 2008
  6. linger

    linger Registered Member

    Joined:
    Jan 17, 2008
    Posts:
    24
    Hi,

    Thanks for the replies everyone :D
     
  7. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,127
    Location:
    USA
    There are a couple of additional features which your router may support. Go into it's configuration menu with a browser and look at the firewall options. Current generation routers have SPI (stateful packet inspection) implemented. If the router supports SPI make sure it's enabled. Also, you may want to turn OFF UPnP (universal plug & play). See this article to learn about the Flash/UPnP issue.

    http://www.dslreports.com/forum/r19804960-UPnP-strikes-again

    Make sure you're not using the default password for accessing your router's configuration. The default passwords for routers are public! And does your router support wireless access? If so, make sure the wireless security is enabled (by default it's OFF). Hope this helps.
     
  8. linger

    linger Registered Member

    Joined:
    Jan 17, 2008
    Posts:
    24
    Victek123,

    Thanks for the extra info!
     
  9. cortez

    cortez Registered Member

    Joined:
    Nov 19, 2006
    Posts:
    444
    Location:
    Chicago
    This number (64K ports) is shocking to me. I would never have imagined there could be so many openings!!

    I am now elated to have added a hardware router.

    A thick brick wall seems absolutely essential given the amount of ports in existence.
     
  10. Eagle Creek

    Eagle Creek Global Moderator

    Joined:
    Jul 27, 2004
    Posts:
    734
    Location:
    The Netherlands
    Well, yes there are. But usually only the first 1056 ports are used.
    As far as I know, programmers are free to choose any port they like, as long as it isn't being used by any known applications (80: http, 21: FTP, 25: SMTP, 110: POP3, etc..).

    Torrent programs are known for requesting ports in the higher range.
    utorrent, for example, uses port 58595.
     
Loading...
Thread Status:
Not open for further replies.