Is a firewall needed if you have a router?

[pty]

Sorry if this is a dumb question, but what purpose does a (software-based) firewall (like the one that comes with Windows XP) serve if you're getting your IP address from a router? Thanks..

 

[JackMDS]

Welcome to the Network Forum.

Yes it is needed.

Why? See here: Basic Protection for Broadband Internet Installation.

Currently, as far as my Experience shows (this could be different in the future according to new releases of software and free availability of the current ones).

The Best Free Security suit for Windows might be.

Upgrade your Windows XP to SP2. and then use.

1. Kerio v215.

Kerio is very easy to configure, it is light on resources, and does what need to be done.

Kerio has a newer version of the Firewall; do no get tempted stick with the above it is a better product.

2. AntiVir Personal Edition.

AntiVir has very high rating for detecting Virus, and does better then other Antivirus program blocking Trojans.

3. Microsoft AntiSpyb1

It was judged by many independent reviewers as the best of its kind.

Example: http://www.windowssecrets.com/050127/


:sun:

 

[networkman]

Many home routers like various Linsys and Dlink models do have firewalls builtin, but there are also plenty of other routers that do not; as well, you can also buy dedicated Firewall units - we have one such at work made by WatchGuard. In any event, the Firewalls that are purchased seperately *generally* have much more in the way of configurability and management than boxes with onboard router/switch/firewall etc.
Dedicated Firewalls are typically placed at external entrance to the network.

A software-based firewall like the one in XP, or perhaps ZoneAlarm could help alert you to activities local to your PC such as a virus or spyware program trying to send out info over a particular port. The same firewall could also protect you from a hacking attempt that is inside your network(ie. behind that dedicated firewall box), such as the guy in accounting you managed to piss off last week. j/k But you get the idea, I hope.

 

[imported_Beavis]

Yes you do need a software firewall

I think this router here has a pretty decent firewall bilt in and nas a nat firewall
Tendnet TW100-BRV304

Here's the specs

Detailed Specifications
Model TW100-BRV304
Key Features - Built-in 4-port 10/100Mbps Auto-Sensing Switch
- Built-in 1-port 10/100Mbps Hardware DMZ
- Supports Cable Modem & xDSL Modem (Dynamic/Static IP, PPPoE, PPTP)
- Supports most operating systems, such as Windows 95/98/ME/NT/2000/XP, Unix, and Mac
- Full IPSec VPN support including IKE Key Management, MD5/SHA-1 - Authentication Algorithm and DES/3DES Encryption Algorithm
- Supports up to 70 IPSec Tunnels and 100 (IPSec, L2TP, PPTP) Pass-Through sessions simul-taneously
- Website Access Restriction using URL Keywords (50 entries) and Service Types
- Supports Hardware/Software DMZ and Virtual Servers (Port Forwarding) (including pre-defined) with 60 Firewall Rules (Port Forwarding)
- Supports Static Routing and Dynamic DNS Service
- Supports UPnP (Universal Plug & Play)
- ALGs (Application Level Gateways) and Special Application support for programs which are difficult to use behind a Firewall
- Firewall features Network Address Translation (NAT), and Stateful Packet Inspection (SPI) pro-tects against DoS attacks
- Real-Time e-mail alert and logs when attack/unauthorized Internet activity occurs
- Easy Configuration using Web Browser
- DHCP Server supports up to 253 clients
- Remote Management with HTTP/Web Browser (from LAN, WAN, or both)
- Flash memory for firmware upgrade and save/restore router configuration - 5-Year warranty
Standards IEEE 802.3, IEEE 802.3u
Protocols NAT, PPPoE, NTP, SNMP, SMTP, HTTP, TFTP, DHCP, TCP/IP, PAP, CHAP, RIP1, RIP2, DDNS
Security - NAT firewall, Policy Base Packet Filter, Attack Alert (email) and log, Stateful Packet In-spection firewall for DoS (Denial of Service) attacks
- URL Filter, Access Control by Time and Group, Local Password
- MD5-HMAC/SHA1-HMAC authentication, DES-CBC, 3DES-CBC encryption, Internet Key Exchange, Manual Key Negotiation
Ports Local Port: 4x 10/100Mbps Ethernet port (RJ45), Auto-MDIX
Internet Port: 1x 10/100Mbps Ethernet port (RJ-45)
DMZ Port : 1x 10/100Mbps Ethernet port (RJ-45)
Cabling UTP Category 5 or Better
Topology Star
Data rate 10/100Mbps
LEDs Power, Status, Lnk/Act and 100 (LAN 1~4), WAN, DMZ
Power 12V DC 800~1000mA External Power Adapter
Humidity 0 % ~ 80 % (non-condensing)
Operating Temperature 0° to 40° C (32° to 104° F)
Weight Appr. 590 g ( 20.8 oz.)
Dimensions 170 x 147 x 27 mm (6.7x 5.8 x 1.06 inches)

 

[Tarrant64]

Originally posted by: JackMDS
Welcome to the Network Forum.

Yes it is needed.

Why? See here: Basic Protection for Broadband Internet Installation.

Currently, as far as my Experience shows (this could be different in the future according to new releases of software and free availability of the current ones).

The Best Free Security suit for Windows might be.

Upgrade your Windows XP to SP2. and then use.

1. Kerio v215.

Kerio is very easy to configure, it is light on resources, and does what need to be done.

Kerio has a newer version of the Firewall; do no get tempted stick with the above it is a better product.

2. AntiVir Personal Edition.

AntiVir has very high rating for detecting Virus, and does better then other Antivirus program blocking Trojans.

3. Microsoft AntiSpyb1

It was judged by many independent reviewers as the best of its kind.

Example: http://www.windowssecrets.com/050127/


:sun:

That's probably the best solution for you right there. Very nice post.