DSL / Cable / Routers / Firewalls

I switching to DSL. I need protection. I want to make it as simple as possible.

Is all I need to do is buy a router/Firewall and install the thing?

Is a software firewall just as good?

Please, PLEASE keep your advice simple. I asked my buddy and in 30 seconds he had me rewiring the house to install a Linux Box Upstream!

Routers with some sort of firewall are always a good idea as a first layer of protection. As a benefit if your DSL ISP uses win POET as mine does, it will handle that aspect for you as well so you don't have to worry about logging in and out. However the router/firewalls only help block things getting into your computer from the outside, they don't stop worms or trojans that may already be inside your computer from accessing the outside world. I use Norton Internet Security along with a hardware router/firewall and feel very secure. If you were only going to do one that I would suggest a softwall firewall program such as Zone Alarm or Norton Internet Security.

As a side note I also use Adsubract Pro and find it to be the best ad blocker available but a lot of software firewalls also have some sort of ad blocking ability.

P.S. When first getting DSL, my friend also wanted me to convert my second computer on the home network to a dedicated Linux firewall/email server. When I asked him if he was willing to regularly maintain the thing as it is out of my league, he backed right off.

I have USB DSL box (Speed Stream) so I don't have a router to hide behind. I use a program named "Black Ice" as a software firewall. Seems to work very well.

Originally posted by geepondy:
When I asked him if he was willing to regularly maintain the thing as it is out of my league, he backed right off.

Click to expand...

<font size="2" face="Verdana, Arial">The amazing thing about a Linux firewall is
that it does not require regular maintenance.
It just runs and runs.

About the only maintenance you might want to
do is add new sites to the blackhole list but
that isn't mandatory.

It still requires a whole extra machine though (assuming you are not using Linux already and don't want to move to it), with 2 network cards, and some willingness to learn enough about Linux to work with it.

The simplest and cheapest solution is a small broadband router with firewall functionality built in. Most of the more common brand name ones have sufficient firewall capability to keep out that which you want kept out.

Of course, anti-virus software is still required to keep out those email based viruses..

Graham

I like SMC routers. Only "issue" with ours is that the built in print server slows down our injket (SOHO Model--fast/faster than a laser jet!) down...so that it in fact is NOT as last as a laser jet

Originally posted by Saaby:
I like SMC routers.

Click to expand...

<font size="2" face="Verdana, Arial">SMC . . . The inventors of the ARCNET! I remember when all that SMC sold were ARCnet cards. Then I upgraded to Thomas Conrad!

Does anyone even make ARCnet cards anymore?

geepody writes:

When first getting DSL, my friend also wanted me to convert my second computer on the home network to a dedicated Linux firewall/email server.

If you decide to do this, try changing the protocols between your gateway [firewall/mail server] and your other machine from TCP/IP to IPX/SPX. It will make your workstation very difficult to access from outside your little network.

Dan

Originally posted by Graham.:

The simplest and cheapest solution is a small broadband router with firewall functionality built in. Most of the more common brand name ones have sufficient firewall capability to keep out that which you want kept out.
Graham

Click to expand...

<font size="2" face="Verdana, Arial">Hey Graham (or anybody else), you seem to be pretty knowledgeable on this subject matter. My router (SMC Barricade) only has NAT protection. But I see router/firewalls now for a hundred bucks or so that offer much more firewall capability such as stateful packet inspection and other features. Are these features desirable/necessary, enough so I should consider upgrading my current router?

Unless you're running some kind of server or something, a NAT based router/firewall should be more than enough for casual internet use. As you said in your original post, this combined with good anti-virus software will cover you pretty well.

A firewall in its most basic form does two things:

1. Accepts or denies connections based on the source (a particular domain or IP address or network)

2. Accepts or denies connections based on the destination (a particular IP address, TCP/UDP port, or network)

Most NAT devices I've seen do a bit of both - they are generally set to deny new connections from the WAN interface (the internet side), and can be set to deny access to specific TCP/UDP ports.

Graham

Back when I could afford a cable modem (before children), I used a Linsys firewall/router, ZoneAlarm (which is *FREE*), and anti-virus software.

I would suspect that ANY hacker would have a hard time getting through this combination. About the only way to attack a setup like this is to have the owner of the computer visit a malicions web site. But even then, if you are keeping up with your patches (or run Linux ), then you should me mostly safe.

If I may make a suggestion, you can have your cake and eat it too. You can buy a Dlink 604 for about $50 and it will surprise you. It's a router that has quite a few bells and whistles. It has a fairly beefy firewall that has stateful packet inspection capabilities. It can filter ip, mac addresses, it has url blocking, domain blocking, activity logging (for attempted attacks) with e-mail capability and wan side ping blocking among other things. Speed wise this is where you can have your cake and eat it too... it's fast, very fast. One reviewer http://www.smallnetbuilder.com/Reviews-10-ProdID-DI604.php listed this router as the fastest consumer level router he's seen. It might be a good idea to take a look at a few reviews on the di-604 it has seemed to upset the router world with it's price/feature knockout punch. Did I mention that it's the router I personaly have? and it's an upgrade from the $299 linksys router I bought a couple of years ago. Lol ya, a $50 dollar router is a vast upgrade.... go figure. Good luck.

DLINK 840 here - works well - has a 4 port switch as well

To consider would be one of the newer one-in-all devices where the DSL modem is built in too to prevent all the cable hassle

Klaus