How Do Routers Work?

[Caveman]

Based on what I've read over the past few years, almost all computer experts advise a "hardware" firewall whether one is using dial-up, cable or DSL...

QUESTIONS:

How does a router actually do the job of keeping my computer "more safe"...???

What is the router doing to "filter" the I/O transmission lines?

I'd like to be able to understand the "mechanism" that makes this "magic box" almost a necessity for a home user...

 

[polm]

A router's primary function has nothing at all to do with security. It is a function of IP networking that requires a device that can move packets from one subnet to another.

 

[spidey07]

router = device that routes IP packets from one IP network to another.

Firewall = filtering device that has the ability to drop packets based on source/destination IP address and layer 4 port. Also denies inbound connections that are not part of an already established connection. Usually has ability to look deeper into the IP packet (called deep packet inspection) and permit applications that negotiate IP/Port information in layer7 like FTP, Oracle, Netmeeting.

NAT = network address translation. Translates one IP address to another.
PAT = port address translation. Normally translates many IP addresses to one or a pool of addresses. In doing so it has to change the source layer 4 port.

SOHO "router" is a combination of PAT and router.

it is in no way shape or form a firewall

So SOHO routers keep other Internet IPs from connecting to your "inside" computers directly unless you specifically tell it to perform a NAT translation from the "outside" address to an "inside" address. With Internet IPs having no way to directly make a connection to inside computers it defends against most attempts and worms/virus from spreading to your machine.

that does NOT mean your machine is safe. For example browsing a web page your "inside" computer makes a connection to an "outside" address. No problems here. The web server you browse is infected with a worm/virus...you now probably have the worm/virus.

This is because you initiated the connection. Other worms/virus/backdoors work this way as well connecting to ICQ channels, even running on HTTP awaiting commands, all kinds of stuff.

So what all this means is a SOHO "router" is good protection and in many ways prevents others from making a direct connection to your computers. It does not eliminate the ability of worms/viruses from infecting your computer. This is where AV software, personal firewalls, always up to date patching come in.

 

[Caveman]

So... If I understand this right, I'm not as safe as I assumed... Because I probably only have SOHO router, I only have PAT protection...

In theory then, as long as I don't browse sites that I think are questionable, I should be "safe" (as long as they're not infected)? Assumption is that "big name sites" like Google or Yahoo don't get infected...

So, how much does a "real" firewall cost?

 

[JackMDS]

Router is much recommended for Broadband Internet. However the Router?s NAT Firewall protects you only from a fraction of the ?Junk? that might get to your hard drive.

Basic Protection should consist of.

Router's NAT Firewall.

Software Firewall

AntiVirus Progarm.

AntiSpy Program.

Link to: Basic Protection for Broadband Internet Installation.

Link to: Freeware Security suit for Internet Connection Protection.

Given the fact the a Wired Router can be found as low as $10, and that a good Security Suit (like the example in the above link) can be found free there is No reason Not to be secure.

You can hear stories that security slow down the connection might port can not open problems etc.

Many of these claims are result of: Ignorance, or and UnOptimized system, or and ?Vivid? imagination, in most cases (including gaming) it doe not functionally affect the system.

And if the need occurs it takes few seconds to temporally disable any of these for the duration of the need and re-enable when done.

:sun:

 

[spidey07]

Originally posted by: Caveman
So... If I understand this right, I'm not as safe as I assumed... Because I probably only have SOHO router, I only have PAT protection...

In theory then, as long as I don't browse sites that I think are questionable, I should be "safe" (as long as they're not infected)? Assumption is that "big name sites" like Google or Yahoo don't get infected...

So, how much does a "real" firewall cost?

That is correct. "real" firewalls are somewhat free if you want to mess with a linx box or cost a few hundred bucks.

Jack is dead on with his post. With those four things listed the likelyhood of getting hacked or releasing information without you knowing it is very small.

 

[ScottMac]

The new ISR routers from Cisco (with the right flavor of IOS) can do deep real-time inspection, inbound and outbound, and block "bad" traffic (as defined in a signature file).

So, even if you connect to some evil site or software, the router can block it (Caveats: you have to keep the sig file up-to-date, it can't block what it doesn't know about).

Pretty slick stuff, and no apparent / significant bottlenecks or latency hits.

Alas, they're more than a few hundred dollars.

FWIW

Scott

 

[spidey07]

Originally posted by: ScottMac
The new ISR routers from Cisco (with the right flavor of IOS) can do deep real-time inspection, inbound and outbound, and block "bad" traffic (as defined in a signature file).

So, even if you connect to some evil site or software, the router can block it (Caveats: you have to keep the sig file up-to-date, it can't block what it doesn't know about).

Pretty slick stuff, and no apparent / significant bottlenecks or latency hits.

Alas, they're more than a few hundred dollars.

FWIW

Scott

yep. Awesome product line actually. Performance wise you can throw whatever you want to at it and they'll still handle it.

The 2600/3600 series was getting long in the tooth.