I was thinking about this today, as there are so many viruses about atm.

Is it worth me adding a Router with Firewall to my Network?

Current setup:

Three machines, all running XP Pro, ADSL external ethernet modem, Belkin 4 port hub.

I'm not sure if XP's firewall is enabled, it's not accessible on this machine, it's probably configurable on one of the other machines that XP has dubbed the 'main' one and I'm too lazy to walk in the other room and check right now

Regardless of whether XP's firewall is enabled or not, only viruses I've ever suffered have been through me stupidly opening dodgy e-mails or viewing even more dodgy websites :eek3:

And those I pick up on line are usually Trojans that Spybot and AdAware usually deal with.

I have AVG AV installed on two machines and that checks e-mail, Trend's PC-Cillin on the other machine, and my ISP claims to check all e-mails for viruses at source.

I've had loads of iffy e-mails lately, I haven't opened a one, just delete them. I use MailWasher-free to check all e-mails while they're still on the sender's server which enables me to block them.

So, the question is, is it worth buying a hardware router/modem or even getting one of those modem/router/firewall all-in-one 4 port jobbies?

I've been using this current setup for a year now and like I mentioned, only virus I picked up was my own fault for opening an infected e-mail.

Is it worth the expense? Or am I OK?

Oh, and in the next few weeks I'll be adding another machine, a Win98/Linux box, for old Games that only run in Win98 but mostly to have a serious stab at Linux, not sure what distro I'll be using yet, but I'll probably start with Mandrake 10 when it's released in full shortly. And a slap on the wrist for those who the words 'serious' and 'Mandrake' don't go together :D I've tried Mandrake 9.1, ran it a couple of months, and I felt almost comfortable with it, so I figure it will do to start with.

Firewalls won't ever stop a virus.

Firewalls won't ever stop a virus.

Uh-huh. I see. So the answer's no then?

Yeah, firewalls stop remote exploits. Win XP's firewall is okay, but not the best. It's enough to keep away most script kiddies.

Viruses don't "attack" computers from the outside, they are installed by the user.

If you have multiple machines, it sounds like you are already using NAT - which is one of the primary goals of using a router - it provides only one IP address for the world to see...

I say yes. Firewalls can help stop all kinds of things, if properly configured. Not viruses, as Thrax says, but hacker intrusions, sypware, adware, trojans, etc, can all be stopped by firewalls. Plus a good firewall / router has logging tools, access rules, etc. which is handy if you want to monitor or restrict internet usage of children, employees, etc.

Preventing hacker intrusions are the main reason to use a firewall. All it takes is to have some unsuspecting user to accidentally enable their Windows sharing protocols without activating a password for access, and your nieghbours have easy access to your hard drive. And anyone else who looks hard enough can find it as well. I've seen it done several times to users who didn't think they needed a firewall.

The big problem last summer (http://www.short-media.com/forum/showthread.php?t=2370) with random reboots caused by RPC (Remote Procedure Calls) did not affect anyone who was using a Firewall, because the RPC protocol was blocked by the firewall. Who knows what will be this summer's smash-hit exploit? These days, firewall protection (either software or hardware) is an absolute must for anyone using the internet, especially high-speed. It is as important as virus protection, in my opinion.

Dexter...

Primesuspect, dexter - thanks for replies, guess I've been lucky so far then.

My daughter always manages to pick up a load of stuff when using them MSN chat rooms, but AdAware & Spybot manage to get rid of them.

I suppose a firewall makes sense.

Anybody have any suggestions for a good one? I need to connect four computers and an ethernet modem. I definitely won't be adding any more computers, just the four.

I've been looking into this. Thrax is right. A firewall won't stop a virus, only AV software will do that. That, and your own caution.

A firewall, on the other hand, will stop people probing you and gives you a choice of who to let in and who to let out. To a degree.

It has been an education.

Still undecided, but I probably will go for this. Again, suggestions?

I have used a Linksys BEFSR41 (http://www.linksys.com/products/product.asp?grid=34&scid=29&prid=561) for about five years now and never had a problem with it. My dad has a GigaFast EE400-R (http://www.gigafast.com/products/Routers/EE400-R/EE400-R.htm) which works fine, though it has a nasty habit of making you reboot every computer after it loses power. This may be due to a setting which I have not discovered yet. Both have a built-in 4-port switch and can handle NAT for up to 253 computers (with an add-on switch or hub).

The Linksys also comes in an 8-port version.

They run about $50 right now, but my dad got his for $8 (not a typo!) after a couple of rebates.

The Linksys that prof linked is great, I have had one at my office for 2+ years now, and have installed them for a few clients, great routers, lots of features, no problems.

At home I am using an SMC Wireless Barricade. I don't have any wireless NIC's yet, but the router was such a great deal I couldn't pass it up. It has 4 wired ports and wireless on top of that. If you just want wired ports, this model (http://www.smc.com/index.cfm?sec=Products&pg=Product-Details&prod=256&site=c) is basically the same as mine except without wireless capability.

Netgear (http://www.netgear.com/products/prod_details.php?prodID=131&view=) also makes some nice routers, easy to use and I have not heard of many problems using them.

I have had problems with several D-Link routers, they seem to have high fail rates, so I do not recommend them.

Dexter...

I've checked out the Linskys, seems ideal, £41.00 in the UK, that's not so bad, think I'll go for it.

Thanks all, for your help and suggestions, I'll let you know how I get on with it.

For software firewalls, give Tiny Personal a try. It's hard to set-up (as the most effective apps usually are,) but it's worth it.

I have had problems with several D-Link routers, they seem to have high fail rates, so I do not recommend them.

I've owned two routers, both D-Link DI 604 models. The first one dropped two ports after one year of use. The second one has been working flawlessly for nearly two years.

I

I've owned two routers, both D-Link DI 604 models. The first one dropped two ports after one year of use. The second one has been working flawlessly for nearly two years.

Yes, we were using DI-604's for some of our clients. I have had to replace 3 over 3 years, which is far too high in my opinion. The next one that fails is getting replaced by a Linksys.

We also found as well that one of the cable internet providers in our area did not recommend D-Link's on their system, as they had too many customer complaints with them, so we used all Linksys on the accounts with that provider, and never had a problem.

The price of a D-Link DI 604 and a Linksys BEFRSR41 were identical a couple of years ago. Then the 604's plummeted in price, while the Linksys stayed the same. Since the 2 models are pretty comparable in feature sets, that has to indicate that you and I are not the only ones who have had problems with them. As I said, I never recommend D-Link to anyone because because of that, and I recommend to anyone to pay a bit more for a Linksys, because they seem to be so stable that they are worth it.

Having said that, I have used dozens of D-Link ethernet cards and have NEVER had a problem with one of those. I'd recommend their NIC's in a second, but not their routers. Funny, huh?

Dexter...

Hey FBS,
I've got a 4 year old version of this:
http://www.smc.com/index.cfm?sec=Products&pg=Product-Details&prod=67&site=c

and it's never even hiccuped. It even has a built in print server so all the machines can use, for example, an expensive laser printer or photo printer without one of the computers acting as the server. Does NAT so that you're kind of hidden behind it on the web. I also have a switch on it so a total of 8 computers running through it. I just "daisey chain" the switches and off I go!! Even got a wireless access point on it with no probs either!!

Good Luck and good to see ya again!

Flint :wave:

Well that was easy :)

Got the Linskys BEFSR41, powered down all 3 machines; connected all cables; switched everything on; everything just worked.

Presumably as my ISP settings were saved in ADSL Modem? No setting up to do at all. In fact, it's just the same as it was before. How do I know what this thing's doing, hehe :D

If your going to have linux on one box it makes sense to just use it as your firewall. My network is setup like inet --> eth0 --> server --> eth1 --> 8 port 10/100 switch --> computers

Is there really any point in a Firewall if you are using NAT anyway, as you need to forward any particular ports to that machine manually in the first place, meaning the ports and such that the firewall would be watching wouldn't be opened in the first place, making it next to useless.

I couldn't recommend D-Link after the issues they have put certain users through. Putting corrupted firmwares on their site, making firmwares that hardlock routers randomly, and just generally crap software all round.

...How do I know what this thing's doing, hehe :D
If you haven't already done so, go to http://192.168.1.1/ and it will show you the setup screen.

You can test the firewall effectiveness here (https://grc.com/x/ne.dll?bh0bkyd2). :wave:

profdlp: Thanks for that. Yes, I decided to rtfm and done just that. Saved settings, then had to power off/power on adsl modem and reboot all three machines. Seems to be working fine, I can still play COD online without having to set anything up, so I'm happy :)

I presume your link is 'Shields Up' I haven't tried it yet. But I will. Thanks.

Just tried Shields Up. My security is better than it was. Port 80 is open, seems to be the only prob. I seem to remember that's quite common.

How do I block that then?

I have had good luck with this router http://www.linksys.com/products/product.asp?grid=34&scid=29&prid=561 .

...Port 80 is open, seems to be the only prob. I seem to remember that's quite common.

How do I block that then?
Here's what Gibson has to say (http://grc.com/port_80.htm).

port 80 and 8080 are both for web servers. if your not running a web server it should be closed.

Moved to our new security forum :)

Moved to our new security forum :)
Sweet! It's a shame it has to be that way, but this forum is likely to see plenty of traffic.

Short-Media comes through yet again. :thumbsup:

I'm curous which ports people have open.

I'm curous which ports people have open.

:D :D :D
Same router FBS has:

:D :D :D
Same router FBS has:

My screen looks like that too. Gotta love that site though i'm using norton av and firewall. Are there any advandages of running hardware compaired to software other than freeing up ram. Have no network but i've been wondering about this.

mine looks slightly different got a some ports closed

Standard NAT to a server in the DMS. But what makes me wonder is a few ports just before the end that are for some reason stealthed. Any idea what they may be or why they are stealthed?

Standard NAT to a server in the DMS. But what makes me wonder is a few ports just before the end that are for some reason stealthed. Any idea what they may be or why they are stealthed?
If you click on them Shields UP will tell you. :thumbup

...Are there any advandages of running hardware compaired to software other than freeing up ram. Have no network but i've been wondering about this.
In this thread (http://www.short-media.com/forum/showthread.php?t=12039) you'll read about a trojan which disables many AV programs.

As a general rule of thumb it is much easier to disable software than it is to bypass a hardware firewall.

More here from Norton. (http://securityresponse.symantec.com/avcenter/venc/data/avkiller.trojan.html)

If you click on them Shields UP will tell you. :thumbup

Actually it doesn't. It only identifies the first of the 4. I also want to know why they are stealthed.

Actually it doesn't. It only identifies the first of the 4. I also want to know why they are stealthed.
:scratch: They all work for me...



Port 996 Name: vsinet
Port 997 Name: maitrd
Port 998 Name: busboy
Port 999 Name: puprouter

As to why they are stealthed on your system when none of the others are, I have no idea. :confused2

Wierd, the first one showed up as vsinet, but the others just said their number. Oh well.

Ah, I feel better. All ports were green, save one, which was blue.

I'm already a big fan of the new Security forums! Bravo!

In this thread (http://www.short-media.com/forum/showthread.php?t=12039) you'll read about a trojan which disables many AV programs.

As a general rule of thumb it is much easier to disable software than it is to bypass a hardware firewall.

More here from Norton. (http://securityresponse.symantec.com/avcenter/venc/data/avkiller.trojan.html)

Thanks prof. Looks like i should add one to my purchase list.

I'm already a big fan of the new Security forums! Bravo!
Yeah this forum is nice and unfortunantly very needed.

Another good app to have in your arsenal is Active Ports. (http://download.com.com/3000-2085-10121832.html?tag=lst-0-1)


Active Ports - easy to use tool for Windows NT/2000/XP that enables you to monitor all open TCP/IP and UDP ports on the local computer. Active Ports maps ports to the owning application so you can watch which process has opened which port. It also displays a local and remote IP address for each connection and allows you to terminate the owning process. Active Ports can help you to detect trojans and other malicious programs


And the price is right too: free :thumbsup:

Dexter...

Another good app to have in your arsenal is Active Ports. (http://download.com.com/3000-2085-10121832.html?tag=lst-0-1)...
Dexter, that is a great program. Thanks! :canflag:

My brother have a DI-604 which he recommended but seing as dlink might not be a good chose i'm going for the sMC that fudgam recommended. Nice price and features. What i need to know is. Can i connect it even though my internet comes trough the phoneline to an usbmodem and not to a nic. I'll check the manual.

Edit
The manual says i need an adapter but i can't find one. And it was flintstone that recommended the router not fudgam.

Ok adapter found. LevelOne USB-0100TX Adapter USB-FastEthernet. Should i get one or consider switching isp and then modem which i've been thinking about anyway.

The answer is hell no. No way i'm paying $36,4 for an adapter. This will mean that i won't be able to use the firewall for a while but that's ok.

Edit
Oops wrote hxxx yes when it was supposed to be no.

:confused: You geeks have me in a quandry now. I know I want an 8 port wired router,with vpn,print sharing,and firewall.

I have a netgear in the box, no print serving or vpn.

Then I read about a smoothwall server. I'm :confused: , here's what I'd like:
Print server on each of 2 floors,can do without vpn, have a bunch of old 'puters.

My first post,EASY NOW BIG BOYS! (thanks).