If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Firewall Router
Hi all
I read Dapper Dan's bout with Router Firewall in this Forum. Since I've used this Forum for many years....here goes. Since free firewalls are becoming a thing of the past unless you go for those with 3 or 6 months 'trial' periods which you cant get rid of when the time is off, I asked for a ROUTER for my 80th bithday in october. I was thinking, why pay 39$ (can) every year, when I can buy a router for 59$. I don't pretend to understand the full saga that Dan had, but I'd like to have your opinion about using a router for a firewall. Or I'm I on the wrong track. -- cogito ergo sum |
#2
|
|||
|
|||
Firewall Router
PAT (Paul) wrote:
Hi all I read Dapper Dan's bout with Router Firewall in this Forum. Since I've used this Forum for many years....here goes. Since free firewalls are becoming a thing of the past unless you go for those with 3 or 6 months 'trial' periods which you cant get rid of when the time is off, I asked for a ROUTER for my 80th bithday in october. I was thinking, why pay 39$ (can) every year, when I can buy a router for 59$. I don't pretend to understand the full saga that Dan had, but I'd like to have your opinion about using a router for a firewall. Or I'm I on the wrong track. No, it's a good idea to have both with Windows. Most routers don't come with the firewall enabled so you will have to go into the router to enable it. See the written material that comes with it to know how. If you're using XP, no need to buy a software one, use the one that comes with XP. Another advantage to a router is that you can connect more than one machine to the same Internet connection. M |
#3
|
|||
|
|||
Firewall Router
From: "PAT (Paul)"
| Hi all | I read Dapper Dan's bout with Router Firewall in this Forum. Since I've used | this Forum for many years....here goes. Since free firewalls are becoming a | thing of the past unless you go for those with 3 or 6 months 'trial' periods | which you cant get rid of when the time is off, I asked for a ROUTER for my | 80th bithday in october. I was thinking, why pay 39$ (can) every year, when | I can buy a router for 59$. I don't pretend to understand the full saga | that Dan had, but I'd like to have your opinion about using a router for a | firewall. | Or I'm I on the wrong track. | -- | cogito ergo sum First you have to understand that regular routers are NOT FireWalls. The perform Network Address Translation (NAT) to go between the pulic WAN IP address and a LAN of private IP addreses. It is in the NAT process that it acts as a simplistic FireWall. However you can obtain a Router with a full FireWall implementation. That is it doesn't just perform simple port blocking , port forwarding, NAT , etc. it has a well of capabilities that make a true FireWall. Then there are complete standalone FireWall appliances. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp |
#4
|
|||
|
|||
Firewall Router
Hi
How are you connecting at the moment? - USB modem? If so, then you'll find that using a router will make life simpler, and (probably) faster as well, since you will be able to uninstall all the rubbish that your ISP insisted you install along with the drivers and connectoids for the modem. DO NOT install any of the software that comes with the router - it's almost always totally unnecessary. David is right, in that the NAT function of the router is not a true firewall - but in many ways it's actually better, as it requires (almost) no setup (except in specific situations, like remote assistance/desktop - which may be already enabled on many 'retail' routers) - many of the quicker-spreading viruses of the past 10 years wouldn't have got a foothold if the world had been using routers rather than USB modems/dialup. I routinely recommend to my clients that they uninstall/disable third-party firewalls in XP/Vista and just use the built-in versions as backup and to reduce the chances of drive-by (literally!) hacking from wireless connections. Points to bear in mind when initially setting up your router (NOT a complete list!) If you don't need wireless connectivity, either don't get a wireless router, or disable the wireless options. Initial setup is always best done using the wired connection. Use the built-in HTML (web access) pages to manage the router, and change the admin password to one of your own. Update the firmware as soon as possible after the install - there are usually fairly simple instructions for that on the router - especially if using Vista, as some routers aren't fully vista-capable out of the box (less so once updated). If you do need wireless capability, make sure that you change the SSID, use at least WPA protocol to connect, and use a nice long passphrase that you can remember. Don't try and get fancy with the control aspects of the router - it's all too easy to forget that you've switched something off, and spend hours hunting for software problems on a (new/guest) computer, when all it needs is a couple of click on the router control panel (BTDT)! It's worth enabling UPnP on the router (and in Windows) - this gives automated control for certain operations/programs (such as torrent downloaders) so that you don't have to configure exceptions to the router configuration. If you do this, then it may become more important to have a two-way firewall on your PC, since there's otherwise no flags telling you what program is using UPnP to configure the router. (I suspect that David would disable UPnP everywhere - but IMHO, that's unnecessary) -- Noel Paton CrashFixPC Nil Carborundum Illegitemi www.crashfixpc.co.uk "PAT (Paul)" wrote in message ... Hi all I read Dapper Dan's bout with Router Firewall in this Forum. Since I've used this Forum for many years....here goes. Since free firewalls are becoming a thing of the past unless you go for those with 3 or 6 months 'trial' periods which you cant get rid of when the time is off, I asked for a ROUTER for my 80th bithday in october. I was thinking, why pay 39$ (can) every year, when I can buy a router for 59$. I don't pretend to understand the full saga that Dan had, but I'd like to have your opinion about using a router for a firewall. Or I'm I on the wrong track. -- cogito ergo sum |
#5
|
|||
|
|||
Firewall Router
From: "Noel Paton"
| Hi | How are you connecting at the moment? - USB modem? | If so, then you'll find that using a router will make life simpler, and | (probably) faster as well, since you will be able to uninstall all the | rubbish that your ISP insisted you install along with the drivers and | connectoids for the modem. | DO NOT install any of the software that comes with the router - it's almost | always totally unnecessary. | David is right, in that the NAT function of the router is not a true | firewall - but in many ways it's actually better, as it requires (almost) no | setup (except in specific situations, like remote assistance/desktop - which | may be already enabled on many 'retail' routers) - many of the | quicker-spreading viruses of the past 10 years wouldn't have got a foothold | if the world had been using routers rather than USB modems/dialup. | I routinely recommend to my clients that they uninstall/disable third-party | firewalls in XP/Vista and just use the built-in versions as backup and to | reduce the chances of drive-by (literally!) hacking from wireless | connections. | Points to bear in mind when initially setting up your router (NOT a complete | list!) | If you don't need wireless connectivity, either don't get a wireless router, | or disable the wireless options. | Initial setup is always best done using the wired connection. | Use the built-in HTML (web access) pages to manage the router, and change | the admin password to one of your own. | Update the firmware as soon as possible after the install - there are | usually fairly simple instructions for that on the router - especially if | using Vista, as some routers aren't fully vista-capable out of the box (less | so once updated). | If you do need wireless capability, make sure that you change the SSID, use | at least WPA protocol to connect, and use a nice long passphrase that you | can remember. | Don't try and get fancy with the control aspects of the router - it's all | too easy to forget that you've switched something off, and spend hours | hunting for software problems on a (new/guest) computer, when all it needs | is a couple of click on the router control panel (BTDT)! | It's worth enabling UPnP on the router (and in Windows) - this gives | automated control for certain operations/programs (such as torrent | downloaders) so that you don't have to configure exceptions to the router | configuration. If you do this, then it may become more important to have a | two-way firewall on your PC, since there's otherwise no flags telling you | what program is using UPnP to configure the router. (I suspect that David | would disable UPnP everywhere - but IMHO, that's unnecessary) | -- | Noel Paton | CrashFixPC Nope, uPnP is fine with me :-) However there are a few things I would do... Turn off remote management (management from the WAN side) Disable ICMP replies (turn off ping replies) Change the default password (thwart DNSChanger trojans) Specifically block TCP/UDP port 135 ~ 139 and 445 -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp |
#6
|
|||
|
|||
Firewall Router
David H. Lipman wrote:
From: "Noel Paton" Hi How are you connecting at the moment? - USB modem? If so, then you'll find that using a router will make life simpler, and (probably) faster as well, since you will be able to uninstall all the rubbish that your ISP insisted you install along with the drivers and connectoids for the modem. DO NOT install any of the software that comes with the router - it's almost always totally unnecessary. David is right, in that the NAT function of the router is not a true firewall - but in many ways it's actually better, as it requires (almost) no setup (except in specific situations, like remote assistance/desktop - which may be already enabled on many 'retail' routers) - many of the quicker-spreading viruses of the past 10 years wouldn't have got a foothold if the world had been using routers rather than USB modems/dialup. I routinely recommend to my clients that they uninstall/disable third-party firewalls in XP/Vista and just use the built-in versions as backup and to reduce the chances of drive-by (literally!) hacking from wireless connections. Points to bear in mind when initially setting up your router (NOT a complete list!) If you don't need wireless connectivity, either don't get a wireless router, or disable the wireless options. Initial setup is always best done using the wired connection. Use the built-in HTML (web access) pages to manage the router, and change the admin password to one of your own. Update the firmware as soon as possible after the install - there are usually fairly simple instructions for that on the router - especially if using Vista, as some routers aren't fully vista-capable out of the box (less so once updated). If you do need wireless capability, make sure that you change the SSID, use at least WPA protocol to connect, and use a nice long passphrase that you can remember. Don't try and get fancy with the control aspects of the router - it's all too easy to forget that you've switched something off, and spend hours hunting for software problems on a (new/guest) computer, when all it needs is a couple of click on the router control panel (BTDT)! It's worth enabling UPnP on the router (and in Windows) - this gives automated control for certain operations/programs (such as torrent downloaders) so that you don't have to configure exceptions to the router configuration. If you do this, then it may become more important to have a two-way firewall on your PC, since there's otherwise no flags telling you what program is using UPnP to configure the router. (I suspect that David would disable UPnP everywhere - but IMHO, that's unnecessary) -- Noel Paton CrashFixPC Nope, uPnP is fine with me :-) However there are a few things I would do... Turn off remote management (management from the WAN side) Disable ICMP replies (turn off ping replies) Change the default password (thwart DNSChanger trojans) Specifically block TCP/UDP port 135 ~ 139 and 445 If we're talking XP here, Windows Worms Door Cleaner (No, OK, Yes - iirc): http://www.firewallleaktester.com/wwdc.htm And I do not get the widespread recommendation not to run a 3rd party firewall. In XP, Kerio 2.1.5 does not interfere with either the Windows Firewall or routers and why on earth anyone would *not* want something alerting one to malware trying to phone home (or without a 3rd party firewall, *actually* phoning home) I do not understand for one moment. Quite regardless that its a gamble that one's precautions stop *everything* untoward being installed; and that there is plenty of freeware that installs adware/spyware if we run Setup without paying close enough attention: almost all malware today is specifically intended to phone home. A firewall that does not notify on outgoing attempts is IMO a scandal. (Kerio 2.1.5 is not entirely secure on it's own, what with being so old and not having been patched - and I would no longer recommend it for anything other than XP, or for XP with Windows Firewall turned off and/or without a hardware firewall). Shane |
#7
|
|||
|
|||
Firewall Router
Noel, thanks for response. To anwer your query: using XP SP3. ADSL Modem
medium speed, P4 2.26 KHz, 512 KB RAM (will increase to another 1 MB ASAP), 2 HD 40 GB and 80 GB. Using only one machine, but may connect my old Win Me for my grandchilden visit. As for installing software from the Firewall, gee I'm still disconnecting some crap that came with the XP: Norton, etc. Also there is a file called Prefetch, can it be disconnected? . As for Kerio 2.l.5 Shane is right cant be used, but I did for years on Win Me but hast been updated since Oct.06 and now its V. 4.x from Sunbelt and 3 months trial. Same for most of the free ones. Guess its a Router including the built-in firewall, or just a stand alone 3rd party firewall. Cheers to all. l -- cogito ergo sum "Noel Paton" wrote: Hi How are you connecting at the moment? - USB modem? If so, then you'll find that using a router will make life simpler, and (probably) faster as well, since you will be able to uninstall all the rubbish that your ISP insisted you install along with the drivers and connectoids for the modem. DO NOT install any of the software that comes with the router - it's almost always totally unnecessary. David is right, in that the NAT function of the router is not a true firewall - but in many ways it's actually better, as it requires (almost) no setup (except in specific situations, like remote assistance/desktop - which may be already enabled on many 'retail' routers) - many of the quicker-spreading viruses of the past 10 years wouldn't have got a foothold if the world had been using routers rather than USB modems/dialup. I routinely recommend to my clients that they uninstall/disable third-party firewalls in XP/Vista and just use the built-in versions as backup and to reduce the chances of drive-by (literally!) hacking from wireless connections. Points to bear in mind when initially setting up your router (NOT a complete list!) If you don't need wireless connectivity, either don't get a wireless router, or disable the wireless options. Initial setup is always best done using the wired connection. Use the built-in HTML (web access) pages to manage the router, and change the admin password to one of your own. Update the firmware as soon as possible after the install - there are usually fairly simple instructions for that on the router - especially if using Vista, as some routers aren't fully vista-capable out of the box (less so once updated). If you do need wireless capability, make sure that you change the SSID, use at least WPA protocol to connect, and use a nice long passphrase that you can remember. Don't try and get fancy with the control aspects of the router - it's all too easy to forget that you've switched something off, and spend hours hunting for software problems on a (new/guest) computer, when all it needs is a couple of click on the router control panel (BTDT)! It's worth enabling UPnP on the router (and in Windows) - this gives automated control for certain operations/programs (such as torrent downloaders) so that you don't have to configure exceptions to the router configuration. If you do this, then it may become more important to have a two-way firewall on your PC, since there's otherwise no flags telling you what program is using UPnP to configure the router. (I suspect that David would disable UPnP everywhere - but IMHO, that's unnecessary) -- Noel Paton CrashFixPC Nil Carborundum Illegitemi www.crashfixpc.co.uk |
#8
|
|||
|
|||
Firewall Router
Thanks......I think. The world of routers is as foreign to me as Wales
(G). I will get in touch with you to set up my D-Link wireless one. But the mere thought of that is daunting, as one would say in the UK. And FWIW, if you connect up a 3rd party firewall and/or a router, they automatically turn the XP firewall off. Had that *argument* with one of my genealogy forum geeks and he didn't know that either. But when I had ZAPro on here (ptui!!) along with the router, I went to GRC and tested them out together, 2 together and just the XP one. And guess what??? XP and ZA were better. So I just run with the XP firewall and stay away from pron sites, lol. XX Figgs "Noel Paton" wrote in message ... Hi How are you connecting at the moment? - USB modem? If so, then you'll find that using a router will make life simpler, and (probably) faster as well, since you will be able to uninstall all the rubbish that your ISP insisted you install along with the drivers and connectoids for the modem. DO NOT install any of the software that comes with the router - it's almost always totally unnecessary. David is right, in that the NAT function of the router is not a true firewall - but in many ways it's actually better, as it requires (almost) no setup (except in specific situations, like remote assistance/desktop - which may be already enabled on many 'retail' routers) - many of the quicker-spreading viruses of the past 10 years wouldn't have got a foothold if the world had been using routers rather than USB modems/dialup. I routinely recommend to my clients that they uninstall/disable third-party firewalls in XP/Vista and just use the built-in versions as backup and to reduce the chances of drive-by (literally!) hacking from wireless connections. Points to bear in mind when initially setting up your router (NOT a complete list!) If you don't need wireless connectivity, either don't get a wireless router, or disable the wireless options. Initial setup is always best done using the wired connection. Use the built-in HTML (web access) pages to manage the router, and change the admin password to one of your own. Update the firmware as soon as possible after the install - there are usually fairly simple instructions for that on the router - especially if using Vista, as some routers aren't fully vista-capable out of the box (less so once updated). If you do need wireless capability, make sure that you change the SSID, use at least WPA protocol to connect, and use a nice long passphrase that you can remember. Don't try and get fancy with the control aspects of the router - it's all too easy to forget that you've switched something off, and spend hours hunting for software problems on a (new/guest) computer, when all it needs is a couple of click on the router control panel (BTDT)! It's worth enabling UPnP on the router (and in Windows) - this gives automated control for certain operations/programs (such as torrent downloaders) so that you don't have to configure exceptions to the router configuration. If you do this, then it may become more important to have a two-way firewall on your PC, since there's otherwise no flags telling you what program is using UPnP to configure the router. (I suspect that David would disable UPnP everywhere - but IMHO, that's unnecessary) -- Noel Paton CrashFixPC Nil Carborundum Illegitemi www.crashfixpc.co.uk "PAT (Paul)" wrote in message ... Hi all I read Dapper Dan's bout with Router Firewall in this Forum. Since I've used this Forum for many years....here goes. Since free firewalls are becoming a thing of the past unless you go for those with 3 or 6 months 'trial' periods which you cant get rid of when the time is off, I asked for a ROUTER for my 80th bithday in october. I was thinking, why pay 39$ (can) every year, when I can buy a router for 59$. I don't pretend to understand the full saga that Dan had, but I'd like to have your opinion about using a router for a firewall. Or I'm I on the wrong track. -- cogito ergo sum |
#9
|
|||
|
|||
Firewall Router
Heather
Nice of you to reply. When I said: . 'Guess its a Router including the built-in firewall, or just a stand alone 3rd party firewall' I meant the firewall within the router. Hope your venture with your router will be successful. Paul -- cogito ergo sum "Heather" wrote: Thanks......I think. The world of routers is as foreign to me as Wales (G). I will get in touch with you to set up my D-Link wireless one. But the mere thought of that is daunting, as one would say in the UK. And FWIW, if you connect up a 3rd party firewall and/or a router, they automatically turn the XP firewall off. Had that *argument* with one of my genealogy forum geeks and he didn't know that either. But when I had ZAPro on here (ptui!!) along with the router, I went to GRC and tested them out together, 2 together and just the XP one. And guess what??? XP and ZA were better. So I just run with the XP firewall and stay away from pron sites, lol. XX Figgs "Noel Paton" wrote in message ... Hi How are you connecting at the moment? - USB modem? If so, then you'll find that using a router will make life simpler, and (probably) faster as well, since you will be able to uninstall all the rubbish that your ISP insisted you install along with the drivers and connectoids for the modem. DO NOT install any of the software that comes with the router - it's almost always totally unnecessary. David is right, in that the NAT function of the router is not a true firewall - but in many ways it's actually better, as it requires (almost) no setup (except in specific situations, like remote assistance/desktop - which may be already enabled on many 'retail' routers) - many of the quicker-spreading viruses of the past 10 years wouldn't have got a foothold if the world had been using routers rather than USB modems/dialup. I routinely recommend to my clients that they uninstall/disable third-party firewalls in XP/Vista and just use the built-in versions as backup and to reduce the chances of drive-by (literally!) hacking from wireless connections. Points to bear in mind when initially setting up your router (NOT a complete list!) If you don't need wireless connectivity, either don't get a wireless router, or disable the wireless options. Initial setup is always best done using the wired connection. Use the built-in HTML (web access) pages to manage the router, and change the admin password to one of your own. Update the firmware as soon as possible after the install - there are usually fairly simple instructions for that on the router - especially if using Vista, as some routers aren't fully vista-capable out of the box (less so once updated). If you do need wireless capability, make sure that you change the SSID, use at least WPA protocol to connect, and use a nice long passphrase that you can remember. Don't try and get fancy with the control aspects of the router - it's all too easy to forget that you've switched something off, and spend hours hunting for software problems on a (new/guest) computer, when all it needs is a couple of click on the router control panel (BTDT)! It's worth enabling UPnP on the router (and in Windows) - this gives automated control for certain operations/programs (such as torrent downloaders) so that you don't have to configure exceptions to the router configuration. If you do this, then it may become more important to have a two-way firewall on your PC, since there's otherwise no flags telling you what program is using UPnP to configure the router. (I suspect that David would disable UPnP everywhere - but IMHO, that's unnecessary) -- Noel Paton CrashFixPC Nil Carborundum Illegitemi www.crashfixpc.co.uk "PAT (Paul)" wrote in message ... Hi all I read Dapper Dan's bout with Router Firewall in this Forum. Since I've used this Forum for many years....here goes. Since free firewalls are becoming a thing of the past unless you go for those with 3 or 6 months 'trial' periods which you cant get rid of when the time is off, I asked for a ROUTER for my 80th bithday in october. I was thinking, why pay 39$ (can) every year, when I can buy a router for 59$. I don't pretend to understand the full saga that Dan had, but I'd like to have your opinion about using a router for a firewall. Or I'm I on the wrong track. -- cogito ergo sum |
#10
|
|||
|
|||
Firewall Router
And FWIW, if you connect up a 3rd party firewall and/or a router, they automatically turn the XP firewall off. Modern ones do. Kerio 2.1.5 doesn't. I don't know about the other old ones, as I don't consider any of them unobtrusive enough or light on resources to run alongside other firewalls and/or solely for monitoring outbound traffic. I've been running it continuously since before XP, on XP since '02, and with a router w. firewall for the last 2 years. The only point of running Windows Firewall in conjunction with a hardware firewall is in the situation along the lines of: your router calls it a day so you reconnect your old USB modem. If you've been running with no software firewall for months, or even years, odds are you'll forget to turn it back on, so - if it doesn't interfere with anything - leave it enabled. But neither let you know what's trying to get out. Shane |
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Router Firewall | Dapper Dan | General | 25 | April 1st 09 06:21 PM |
firewall/router question | richard | General | 15 | October 10th 08 01:18 PM |
ZoneAlarm missing Firewall Zones tab for subnet. New NAT router won't show Entire Network. | Networking | 5 | July 5th 04 09:48 AM | |
ZoneAlarm missing Firewall Zones tab for subnet. New NAT router won't show Entire Network. | Networking | 5 | July 5th 04 09:48 AM | |
d-link router/zonealarm firewall | Donna | General | 1 | June 10th 04 04:40 AM |