Hardware Firewalls
Routers as firewalls?
Routers assign a unique internal address to each connected unit. All external Internet traffic is handled using the router's single IP address. Routers use address translation to route Internet traffic to and from individual units. The outside world cannot mount a simple direct attack on PCs behind the router, but it is possible to bypass plain address translation.
In effect, routers naturally block unsolicited imput from the Internet, so they are a firewall of sorts. Newer routers add state-inspection firewalls that block unauthorized data transfers at the packet level, so they are even more effective. I am using WRT54GL routers -- which have state-inspection firewalls. [Linksys]
"Stateful Packet Inspection" (SPI) means to examine the content of packets -- not just packet addresses and ports -- and block packet transfers that are not in response to requests. In summary, you'll get the best protection from a router that includes a "State Inspection Firewall".
Why have a hardware firewall?
Hardware firewalls, or routers that incorporate SPI, are more robust and effective than any software firewall on a PC. There are several ways you might want to use a good router with "state inspection".
- Connect a router between your internet connection and your computer or network. It's simple and not too expensive. However, if you have more than one computer on a network, and one computer is infected by malware, your network will allow it easily spread it to all of the others in this simple setup.
- That vulnerability prompts the most common firewall configuration: a hardware firewall facing the raw Internet, plus software firewalls on each computer.
- The software firewalls prevent malware on one infected computer from attacking the other computers on the local network, and they add a second line of defense. It's a belt and suspenders solution, but that's more secure. :-)
- If you have just one computer to connect, cascading hardware and software firewalls may seem like overkill. However, you gain the benefit of "layered" protection.
Even if you're behind properly configured firewalls, the wrong move on your part can still compromise your PC. Open the wrong attachment, or view a rogue or compromised webpage without anti-malware and the proper patches, and you're sure to pick up a nasty infection.
These days, malicious or "specially-crafted" webpages include anything from personal comments on an article, to a personal page on a service like MySpace, to an booby-trapped advertisement. "But," you may say, "I never go to risky sites." That's no longer very relevant. :-) Anything, including government and major business sites, can bite.
More on the Web
Steve Gibson's explanation of how to use a NAT Router as a firewall.
"Keep Hackers Out", at PC Magazine, is a comprehensive yet easy to read article about intrusion and firewalls. Look for the "Print" logo there if you want to read the article all in one piece.
Links to more firewall information on the Web.
- • attack vectors
- deception the #1 threat
- phishing #1 deception
- poisoned websites
- poisoned email
- email attachments
- downloads
- spam (scams and phishing)
- hackers and worms
- popup warnings
- • malicious content
- spyware
- viruses and worms
- trojans
- • backup is security job one
- • develop your "web smarts"
- don't get hooked
- guard against spyware
- be careful with email
- fear attachments
- surf safely
- • tighten security settings
- windows
- browsers
- email clients
- • defense tools and software
- firewalls
- hardware firewalls
- anti-virus
- anti-spyware/-malware
- all-purpose security suites
- • patch and upgrade software
- • bonus: double your security
- • test your protection
- • protect your privacy
- • WiFi security