Do I need a router as a firewall for a single computer?

A

Astroman

Gawd
Joined
Jun 14, 2003
Messages
684
Hey folks. I was just reading through that thread that made the front page, and had some thoughts regarding security.

I have been using this computer on this cable connection for over a year now, and until now felt like I was pretty secure, though not 100%.

I connect my computer to the internet using a motorola SURFboard cable modem, through the USB port. I used to use the ethernet cable to my MOBO but the Cat-5 port on the modem was fried during a thunderstorm. Thankfully the USB still worked so I didn't have to buy a new one.

Anyhow, back on subject. I run AVG and keep it updated. I also run Spybot and Adaware frequently. I don't do any P2P sharing, and am very careful about opening attachment, even from friends.

However, I was reading something about how your IP can be scanned and open ports found and used to exploit IE or whatnot.

Mention of a firewall, something I don't use, and don't know much about, kind of got me thinking. Recently I started experiencing a lot of lag in AAO, the game I mostly play. Yeah, its probably server lag, because sometimes I seem to get a good server that is lag free, but the possibility of something accessing my machine that I'm unaware of is in the back of my mind now.

The main question I have is this. Do I really need a router even though I'm only connecting 1 computer to the connection? Should I enable the WinXP firewall, or is that generally useless?

Is my cable modem in itself a firewall, and if so, how do I access it to set it up?

Thanks for the help, sorry to sound so noobish, but I'm just concerned and like to do my part to keep the web cleaner, even if it means just ONE single computer that isn't contributing to the mess.

Maybe a FAQ should be posted at the top of this forum for users like me who know a lot about stuff but not enough about this subject?

Thanks!
 
you should always run a puter based firewall, no matter what your network setup is
try something like kerio personal firewall, a more flexible than the XP built in one
 
I was kind of wondering the same thing after reading the big thread. I use the SP2 firewall as my only defense along with Norton AV 2005, Spybot, and Adaware. Should I get rid of the MS firewall and go with Zonealarm? or is the MS one good enough? Is a hardware Firewall router necessary? I just have a cable modem now.
 
I disagree with SC on this one. I think a hardware solution is a requisite for any always-on connection and put much less emphasis on software firewalling. Point #1 is that a malicious program can't turn off a hardware firewall. Most of the rest is personal opinion -- the main advantage of software firewalls seems to be monitoring for outbound connections from viruses and such. However, I think protection is better served in that regard via good antivirus.

For general use, I think the XP firewall is good enough -- that's what I use on my notebook's wireless connection.
 
Would you say adding a router is ok for a newbie though? Im fairly tech savvy, but ive not done networking and really know nothing about routers. I do recall reading that not set up properly, a router may as well not be there. How hard are they to configure?
 
lomn75 said:
I disagree with SC on this one. I think a hardware solution is a requisite for any always-on connection and put much less emphasis on software firewalling. Point #1 is that a malicious program can't turn off a hardware firewall. Most of the rest is personal opinion -- the main advantage of software firewalls seems to be monitoring for outbound connections from viruses and such. However, I think protection is better served in that regard via good antivirus.

For general use, I think the XP firewall is good enough -- that's what I use on my notebook's wireless connection.
Click to expand...
I'd second that.

The fact that you run AVS, as well as SpyBot and AdAware are both good signs.

Unfortunately the Motorola SURFBoard doesn't have a built in firewall. If you are with a cable company, don't they own the modem? So shouldn't they replace it for you if it is broken? They (cable company) might have a "home networking option" available that will give you something like this. Even if you do decide to go with a router to get a hardware firewall, you are going to have to get your cable modem replaced - (IIRC) they need an incoming cat 5 cable (WAN) from the cable modem to the router, NOT a USB hookup.

Alternate solution - take old computer parts, and build a Linux based firewall, plug the cable modem into that machine (make sure that it can handle USB connected cable modem first), and hae output go to an ethernet card. then use a crossover cable between your machine, and the Linux router.

Good luck :)
 
Summoner said:
Would you say adding a router is ok for a newbie though? Im fairly tech savvy, but ive not done networking and really know nothing about routers. I do recall reading that not set up properly, a router may as well not be there. How hard are they to configure?
Click to expand...
You're correct in that it's invisible to the end user. It's a nearly plug-and-forget setup. The manual should be pretty straightforward, but here's the gist:

(1) plug stuff in
(2) make sure your computer is set to DHCP (almost certainly the case, and you should know if not)
(3) change the router password
(4) make sure the router's external interface is set to DHCP (unless your computer wasn't, in which case mirror those settings)
(5) Presto!
 
Thanks for all the advice so far.

Yes, I'm with Cox cable in the Las Vegas Valley. No, I do not lease the modem. That is an extra $10 per month. I own my own modem and save the monthly fee. That said, the modem replacement is my responsibility.

There are CAT-5 to USB adapters, I suppose you should be able to get an adapter to do the opposite.

Anyhow, I DO have an old P1 233 with MMX laying around, but I don't think its worth the hassle to put it all back together and have a whole (old POS) computer powered up all the time just for firewall protection. I'd rather buy a router.

I'll start by enabling my WinXP firewall, but I'd still like to hear more input on external hardware firewalls.

Many thanks!
 
Astroman said:
I'd still like to hear more input on external hardware firewalls.
Click to expand...
You can search and find lots of debates on Linksys, DLink, and Netgear routers. Those seem to be the most recommended, and there are people with outstanding experiences as well as horror stories for each. The horror stories seem to be pretty rare, though. Any of them should be more than fine. I personally use Linksys hardware for network stuff.

I do not think it's worth paying the extra $$$ for the deluxe routers that offer their own VPN services and such. It's just as easy to forward a port (which would have to be open either way) and run the VPN server internally.

I would recommend getting a box that also has an integrated switch (most of them do) just in case.
 
lomn75 said:
You're correct in that it's invisible to the end user. It's a nearly plug-and-forget setup. The manual should be pretty straightforward, but here's the gist:

(1) plug stuff in
(2) make sure your computer is set to DHCP (almost certainly the case, and you should know if not)
(3) change the router password
(4) make sure the router's external interface is set to DHCP (unless your computer wasn't, in which case mirror those settings)
(5) Presto!
Click to expand...

Thanks, i might look into getting one then. Should i bother with ZA if i get one?
 
Summoner said:
Thanks, i might look into getting one then. Should i bother with ZA if i get one?
Click to expand...
If you really want the extra outbound connection monitoring I mentioned above. Otherwise, it's wholly redundant.

//edit: That "wholly redundant" assumes you trust your LAN. If you're in, say, an apartment, and your roommate is a spyware-infested moron, run a software firewall, too.
 
lomn75 said:
You can search and find lots of debates on Linksys, DLink, and Netgear routers. Those seem to be the most recommended, and there are people with outstanding experiences as well as horror stories for each. The horror stories seem to be pretty rare, though. Any of them should be more than fine. I personally use Linksys hardware for network stuff.

I do not think it's worth paying the extra $$$ for the deluxe routers that offer their own VPN services and such. It's just as easy to forward a port (which would have to be open either way) and run the VPN server internally.

I would recommend getting a box that also has an integrated switch (most of them do) just in case.
Click to expand...
I suggested setting up the Linux box because it would be educational, and cheap, but the down side is having a crappy machine alway plugged in and running (agreed).

Its a shame you weren't looking a couple of weeks ago - I picked up a nice simple Netgear RP614 for about $6.00 after shipping & handling via Outpost.com and a rebate offer they had until end of September. This is becoming a second router for me - the office area will have this one, and I am relocating the Wif router (Dlink 614+) down stairs where we mainly use WiFi, and sit it behind the ReplayTV and Xbox (and network both of them into the LAN).

There are cheap deals out there - Outpost and NetGear seem to have them at the moment. Keep your eyes open in the [H]ot|Deals section for a heads up - or wait for the Black Friday sales after Thanksgiving.
 
Astroman said:
However, I was reading something about how your IP can be scanned and open ports found and used to exploit IE or whatnot.

Thanks!
Click to expand...

I would definately recommend a router. I prefer Linksys stuff.

Without a router you are wide open for people to port scan you, which is very easy to do. I use Superscan 4. Anybody without a router pops up as an IP address with available open ports. Lets people right into your computer.
 
Thanks for all the input. I think I'll go ahead and pick up a router. I will probably be picking up a notebook for my wife and as a travel companion... That said, i may as well pick up an 802.11g wireless job..

Thanks again.
 
use that old box and put smoothwall on it

smoothwall.org

It will be free and they work great.

QJ
 
lomn75 said:
I disagree with SC on this one. I think a hardware solution is a requisite for any always-on connection and put much less emphasis on software firewalling. Point #1 is that a malicious program can't turn off a hardware firewall. Most of the rest is personal opinion -- the main advantage of software firewalls seems to be monitoring for outbound connections from viruses and such. However, I think protection is better served in that regard via good antivirus.

For general use, I think the XP firewall is good enough -- that's what I use on my notebook's wireless connection.
Click to expand...

i wasn't saying that a software only solution is good enough, that no matter what (hardware or not) you should have software firewall in ADDITION too

secondly, even hardware solutions can be hacked. Can you say default passwords often still work even when changed?!

the best defense is multipler layers. hide as much info as possible from the outside. dont just deny packets, drop em. block ALL ports and only open up what youre SURE you need, and most importantly, assume nothing (like hardware cant be hacked)
 
You must log in or register to reply here.
Back
Top