I have a Linksys DSL router (BEFSR41)and am networking a 2nd computer in my home.
Is this enough security or do I need a
software firewall as well?
I am running Win2K Pro.

thanks
Poe

I feel for you, I've posted the same question and never got a finite succinct answer! So, here's the challenge. If there is anyone out there who has a WORKING KNOWLEDEGE of routers and is prolific enough to convey his/her thoughts please answer these questions.

1.) Do any routers themselves add a layer of security?

2.) If so, do all of them add sucurity or just some?

3.) If just some, which ones?

Thank you.

Sincerely,
Mr. Eternally Greatfull

Last time I'm gonna answer this one for a while.

Routers do NOT inherently add anything but the ability to do WAN protocol routing. They are basically special purpose computers. Now, because they examine each packet for routing info anyways, it make sense to have them do a couple of other things with the packet as well.

One, they replace the hardware address of the computers on the LAN, with the Routers hardware address. This adds some security by obscuring the hardware address of the LAN host. (Remember though, Security by obscurity isn't REALLY security).

Two, they replace the logical address of the computers on the LAN, with the same effects as above (technical differences in implementation, but basically the same in concept).

Three, they can inspect each packet (since they already do anyways) and determine if there's something hinky with it, like it's too large, too small or has some other contrived error.

Three, since they're looking at each packet anyways, you can create a set of rules (a ruleset) that governs what kind of packets are allowed to go where. For instance, you can block all ping type packets either incomming, outgoing, or both. You can also block all externally initiated contact, so that any session must be initiated from the LAN side. Adds a measure of protection though you are of course exposed should you connect to an insecure site that reverse scans you.

True security is defense in depth, and by using multiple functions of the router we end up with an environment where the hardware and logical address of our machine is hidden from the public world, we make sure each packet is okay, we don't allow certain types of connections on certain software ports, and we don't allow any connection that starts form the outside.

That's pretty secure, though if your paranoid then you may want to simply encrypt your harddrive so even if someone sneaks in and steals data...they can't read it.

Regards,
-Bouncer-

some will and oders will not depending the router you have. A protocol like Nat will do the job for a normal home Lan.

So to answer my question, a router allows you to add a rule set which could add security.

Thank you.

Bouncer,
Can you provide a product for encrypting the HD and all the files?
Does this require NTFS to work?

I am interested in what you posted here. This is an option that I have not looked into.
How does it effect your system (If at all).
Looking for an easy solution.

Running Win98, Win2k, and Linux.

Curious...........

Peace
FunK

If I set up a router so it wouldn't respond to requests iniciated from outside, outsiders wouldn't know whether their was a computer on that IP or not would they?

Go here:
http://www.pcdynamics.com/SafeHouse/

The commercial version is about 80 bucks,

But there is a free 40bit encryption version as well. 40bit is not as strong, but honestly, it'd take some serious horsepower a while to break it. It CAN be done, but not *easily* and most crackers/hackers won't spend the time to bother.

Regards,
-Bouncer-


------------------
"Yeah Baby, YEAH!!!"

The trick is to not allow inbound connections, especially on the telnet ports. (Port 23)

On the router, this should be set up on the WAN interface. not the LAN interface. This prevents anyone from telnetting to the router from outside, but still allows you to access via telnet from the inside.

Regards,
-Bouncer-

------------------
"Yeah Baby, YEAH!!!"