How well does router security hold up?

[GimpyFuzznut]

Now, most routers these days have built in firewalls that block unwanted traffic. I was wondering how well these really do hold up? Granted, I run the latest versions of NIS across all my systems on top of the router... I'm just unsure what kind of security routers provide. I currently have a SMC wireless router (and the wireless network is secure).

I do alot of torrent transfers that require various ports to be open for ideal connections so I suppose I'm making myself vunerable. I was wondering, with the purchase of a new system coming soon, if putting a system outside the router for downloading and potentially risky internet activity would be a smart idea. This outside terminal could also be used as a firewall.

For instance, I would setup a linux system (how I can do that is probably a whole other story) with a firewall system that would be directly connected to the internet. I would use this system for downloads, FTPs, hosting servers etc. I would be smart enough not to store anything personal on this system. The internet connection would forward out the second network card into the router, which would feed into my other "secure" computers. Would setting up a firewall on this "outside" system be overkill - just let the router do the work past this point? More importantly, it probably wouldn't be smart to connect to the "outside" system from my "inside" computers through a workgroup or whatever... would probably just want to FTP into that system for file transfers.

Any suggestions or personal setups that people use? This would probably relieve a lot of port forwarding headaches when hosting servers and dealing with torrents.

 

[n0cmonkey]

I'd drop NIS and go with a kerberos/LDAP type solution, or at least NIS+.

Don't use FTP, use something that doesn't have plaintext passwords on the wire. This is why god gave us SSH.

I'd probably leave the router in place, setup how it is now. Stay on top of your BT client's updates, incase someone comes up with a vulnerability for it.

 

[ivwshane]

I run a clark connect box (clark connect.com) behind a dsl modem and run an ftp and web server all connected to a switch which the clark connect box controls. I've never had any issues in the year I've been running this setup and didn't have any issues in the four years I was running with a linksys router.


Nothing is ever 100% secure unless you aren't connected to the internet at all and even then someone could still break into your house and access your computers So it's a matter of what's secure enough for you and how much money and time do you want to spend?

For me a router provides enough security so that's what I run.

 

[GimpyFuzznut]

That clarkconnect software looks interesting. See, the reason I think it would benefit to have a system outside the router is also to have a lack of security persay. I'm sure things like torrent transfers will work much smoother not being behind a firewall, as well as other server hosting services. So I imagine having a system outside the "security zone" for downloading and porn fetching (whoops!) would be a benefit.

Now...what I wonder, is would it be overkill to use that outside system as a firewall (with that clarkconnect software for instance) and then connect to a router on top of it? Or should I just leave that system on the outside as is and let the router do its secuity work.

 

[n0cmonkey]

Every system should be behind a firewall.

 

[Boscoh]

Originally posted by: n0cmonkey
Every system should be behind a firewall.

Or else you will not have a system for very long, someone else will.

 

[Atheus]

Originally posted by: GimpyFuzznut
That clarkconnect software looks interesting. See, the reason I think it would benefit to have a system outside the router is also to have a lack of security persay. I'm sure things like torrent transfers will work much smoother not being behind a firewall, as well as other server hosting services. So I imagine having a system outside the "security zone" for downloading and porn fetching (whoops!) would be a benefit.

Now...what I wonder, is would it be overkill to use that outside system as a firewall (with that clarkconnect software for instance) and then connect to a router on top of it? Or should I just leave that system on the outside as is and let the router do its secuity work.

You want to forward certain ports (like 6881 tcp) to use p2p, etc... putting the box in front of the firewall would have the same effect on bittorrent, but be less secure. You need a router with a built in switch _or_ a linux firewall (clarkconnect, etc) and a seperate switch. The linux firewall setup would technically be more secure, but only if you know what you're doing... otherwise it could be extraodinarily bad. I suggest you read up on firewalls and security a bit before you go for it.

 

[Night201]

Originally posted by: ivwshane
I run a clark connect box (clark connect.com) behind a dsl modem and run an ftp and web server all connected to a switch which the clark connect box controls. I've never had any issues in the year I've been running this setup and didn't have any issues in the four years I was running with a linksys router.


Nothing is ever 100% secure unless you aren't connected to the internet at all and even then someone could still break into your house and access your computers So it's a matter of what's secure enough for you and how much money and time do you want to spend?

For me a router provides enough security so that's what I run.

I run one as well and have never had any problems as well over the years I've been using it. Check it out. You don't need any major hardware to run it. I used to have it running on a p2-200 back in the day and now it's running on a p2-400 with 512MB RAM.

 

[Tazanator]

well I know that several government agencies bought Imagestream routers (I shipped them when I worked for them about 6 months ago...) when a lot of high ups and secure type places went for it I figured it was good enuff for me.