Author Topic: Roter Firewall (Read 329 times)

FOGOLD · « **on:** July 21, 2005, 04:05:50 AM »

Just about to move to broadband. Router has NAT and Firewall. I was reading that NAT + good software firewall is adequate for home use. Any opinions? Anyone had trouble with NAT and AH?

Router has to serve work and play machines.

eagl · « **Reply #1 on:** July 21, 2005, 11:16:56 AM »

NAT alone should protect you from almost every external threat, but it won't protect you against something originating from within your home network. A malicious email attachment or web page are examples of threats within your own network. Software firewalls can help, especially if they have alerts that pop up when they detect odd behavior. Microsoft's firewall should tell you whenever a program is trying to use the network so if you see a message regarding a program you didn't specifically authorize, you can work to minimize the damage. Antivirus and anti-spyware programs are also useful as even if they can't always clean out infections, they are usually good at detecting them. The last thing you can do is change your windows and MSIE security settings. Turning off unnecessary services and restricting activex controls (for example) end up being a balancing act between functionality and security. Turning off and disabling features can enhance security but may degrade the usefulness of the computer.

To that end, just turning the computer off and doing something else will provide nearly 100% security

In practice, I've found that a broadband router plus software firewall, antivirus, and anti-spyware, along with "safe computing" practices such as rigorously filtering spam and never opening email attachments without extreme caution, is "good enough".

FOGOLD · « **Reply #2 on:** July 21, 2005, 01:20:24 PM »

Thanks eagl, that sounds fine. The only worry was Skuzzy's comments about NAT not working with AH UDP. Obviously there must be a lot of people who have NAT ebnabled to play Aces High tho!

eagl · « **Reply #3 on:** July 21, 2005, 06:38:16 PM »

AH and AH head to head work great through my d-link router. I've had 3 different ones at home, a 604, 614+, and a new 802.11g router but I forget which model it is. The only problem I've had recently with dlink routers is that I got a new 604 for my grandfather, and it was apparently defective. It would work for about 8 hours and then simply quit responding. I could see the lights on the router blinking but the dsl modem wasn't getting any packets, and the router's configuration pages couldn't be reached. A reboot of the router would "fix" it for another 8 or so hours, but that's obviously unacceptable performance so I returned it. This may be a bios issue but the 604 is a 4 year old design (at least) so there's no way in hell it should crash like that.

I have no data on other brands of routers, other than there are a few people who absolutely despise the d-link routers for some reason

Regardless of what router you get, shop for price and basic features and be careful with the packaging so you can return it if it doesn't work.

Broadband routers with wireless aren't that much more expensive ($70 vs. $40) so consider getting 802.11g in your router, and then just disable it until you need it. That way you don't have to toss out an older router if you ever go wireless.

GunnerCAF · « **Reply #4 on:** July 21, 2005, 10:50:30 PM »

Quote

Originally posted by eagl
... Microsoft's firewall should tell you whenever a program is trying to use the network so if you see a message regarding a program you didn't specifically authorize, you can work to minimize the damage. ...

Not always, I went back to Zone Alarm. You can read about it and test it here:

http://www.grc.com/lt/leaktest.htm

Scroll down near the bottom to find the Win XP info. I loaded Leak Test, and Windows Firewall did not detect it communicating outbound. Zone Alarm will catch it.

Gunner

JB66 · « **Reply #5 on:** July 22, 2005, 07:10:09 AM »

I've got nat enabled on my router and use zone alarms software firewall. And the only problems I've encountered are from malicious web sites that unload active x crap. When I read Skuzzys adviced, I changed my settings and haven't had a problem yet.

The computer shop I work at gets a ton of systems that are hosed by viruses , trojans and spyware. Seems the local cable provider(adelphia) dosen't have or enable nat on their cable modems. They let their customers sit wide open on a broadband network.

FOGOLD · « **Reply #6 on:** July 22, 2005, 10:51:32 AM »

Thanks for all the input guys. We go live 2nd August.