Results 1 to 10 of 10

Thread: Firewall and router

  1. #1
    Junior Member
    Join Date
    Jan 2010
    Posts
    1

    Firewall and router

    I have a simple question. Why should it be necessary to put a firewall protecting a network, if the router is already closing the unnecessary ports?
    Thanks

  2. #2
    Keeping The Balance CybertecOne's Avatar
    Join Date
    Aug 2004
    Location
    Australia
    Posts
    660
    A simple answer in this case - the router IS the firewall.

    The router is a hardware firewall, as opposed to a software firewall (application such as Sygate or Zonealarm).

    I always prefer using a router or hardware firewall, unless a proxy/ISA is ideal (software running on a dedicated server). Such things are used after consideration of the existing/future network.
    "Any intelligent fool can make things bigger and more complex... It takes a touch of genius --- and a lot of courage to move in the opposite direction."
    - Albert Einstein

  3. #3
    Antionline's Security Dude instronics's Avatar
    Join Date
    Dec 2002
    Posts
    901
    Apart from that, a real firewall is SO MUCH MORE than just something that closes ports from the outside. It all comes down to what you want to protect, and how much time/effort your willing to invest. Whilst for a simple home network, a simple router with firewalling functions might suffice, it is far from being a real firewall with tighter security.

    There are many different types of firewalls, that offers different types of security. Dont forget that a large risk in computer security happens also from the inside, and not only from the outside.

    Cheers.
    Ubuntu-: Means in African : "Im too dumb to use Slackware"

  4. #4
    0_o Mastermind keezel's Avatar
    Join Date
    Jun 2003
    Posts
    1,024
    Dont forget that a large risk in computer security happens also from the inside, and not only from the outside.
    I'll echo this. A software firewall will prompt and alert you to unusual/new inbound and outbound traffic. Awareness is key. Some decent routers also maintain logs, but they are harder to read. Software firewalls running on your own computer tend to be much more user friendly.

  5. #5
    @ÞΜĮЙǐЅŦГǻţΩЯ D0pp139an93r's Avatar
    Join Date
    May 2003
    Location
    St. Petersburg, FL
    Posts
    1,705
    Firewall is nothing more than a network traffic light. It allows packets based on simple set of rules, and denies everything else.

    The security of each host is dependant on the configuration of the individual host. My own thoughts on software firewalls and OS configurations are relatively well known and probably outside the scope of this thread, so I'll leave it as it is.

    Software firewalls are useless, especially behind a hardware solution. By the time malicious traffic is outbound, you've already failed.

    The attack vectors that you need to worry about are the ones that come through established connections. Messengers, browsers, and other networked applications.

    By limiting those application's access and permissions within the system, you can create a system that doesn't need the possibly exploitable software nonsense that modern PCs are full of.
    Real security doesn't come with an installer.

  6. #6
    AO Guinness Monster MURACU's Avatar
    Join Date
    Jan 2004
    Location
    paris
    Posts
    1,003
    I would view it like this : A router needs to be configured to block traffic while a firewall needs to be configured to allow traffic. You can configure the router as a firewall but it tends to result in a fairly complicated configuration on the router. Also it can complicate troubleshooting network issues. Of course at the end of the day it will depend on the resources you have a vailable and the size of your network.
    Cheers
    Muracu
    \"America is the only country that went from barbarism to decadence without civilization in between.\"
    \"The reason we are so pleased to find other people\'s secrets is that it distracts public attention from our own.\"
    Oscar Wilde(1854-1900)

  7. #7
    Senior Member
    Join Date
    Nov 2001
    Posts
    127
    Software firewalls are far from useless. A software firewall is important to protect you from what is inside the network. NAT routers only protect you from what's outside. If you have an infected machine on your network or are using wifi hotspots you need a software firewall to protect you from intrusions coming from inside the LAN.
    sandwich.

  8. #8
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hi,

    As said above, but please consider this:

    If you don't have it and things go wrong YOU are fired..............otherwise you did "industry standards"....

    There are some on this site who might advise otherwise, from their self-perceived high and mighty positions....... I have seen them crap out in court.......... probably flipping burgers now

    Sysadmin is basically middle management at best , and most know jack sh1t about management at that, at least the cutthroat nature of some of it

    I can give you some case examples of your question.......... but I will leave them for the moment............

    EDIT:

    I realise that I probably sound somewhat defeatist, but I am a firm believer in "CYA" or "due diligence"............. whatever you like to call it.

    I wouldn't like to explain to a CEO why I had decided against a firewall, when he has probably heard of those, but knows nothing about routers. It is a bit like the arguments for and against AV products.........sure, they may not do much for you, but they are an insurance policy for your job?

    if the router is already closing the unnecessary ports?
    That still leaves you with the issue of what traffic is allowed through the ports you need to keep open?

    OK, some quality routers also act as a hardware firewall as well, and at the risk of sounding pedantic, I would describe them as combo products rather than just a router.

    Some very good points were made about the "enemy within"...............typically your router and hardware firewalls are at the perimeter. You may decide to deploy internal firewalls in certain circumstances...............possibly in a school or college environment?
    Last edited by nihil; January 30th, 2010 at 11:26 AM.

  9. #9
    Keeping The Balance CybertecOne's Avatar
    Join Date
    Aug 2004
    Location
    Australia
    Posts
    660
    To explore yet another view point, a router connects your LAN to the internet. A Firewall has the domain over traffic control.

    Now, in a small SOHO network, a router is needed to connect the network to the internet, and due to the size and nature of the network, a single firewall at the LAN WAN interface is needed - the router would do fine here....

    However, ideally you are wanting to firewall protect every segment of the network that is critical. In a large network, multiple firewalls would be utilised, and some to protect only a single server..... another firewall to protect the workstations (on the same physical or logical network) and yet another firewall to protect the file server, as well as a WAN LAN interface firewall....... and each would be configured uniquely depending on the requirements of communication between each 'firewall protected' segment of the network.

    Ideally....

    Anyway, my point is when exploring the debate from this point of view, a router is needed to translate between the LAN and WAN only, whilst a firewall will do the protecting and traffic flow at various points throughout the network. From this point of view, the router and the firewall roles cannot be interchanged.
    "Any intelligent fool can make things bigger and more complex... It takes a touch of genius --- and a lot of courage to move in the opposite direction."
    - Albert Einstein

  10. #10
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    To quote an very wise ex AOer catch

    "there is no such thing as a hardware firewall"

    in essence because these devices are run by software :biggrin:

    Use both....router to protect from external threats and the computer firewall to protect from internal.

    MLF

Similar Threads

  1. firewall detection and network probing
    By heatwave in forum AntiOnline's General Chit Chat
    Replies: 4
    Last Post: October 12th, 2012, 08:53 AM
  2. Tips
    By XTC46 in forum Site Feedback/Questions/Suggestions
    Replies: 15
    Last Post: August 24th, 2005, 07:52 PM
  3. Looking to protect yourself?
    By mjk in forum Firewall & Honeypot Discussions
    Replies: 6
    Last Post: March 12th, 2004, 05:40 AM
  4. Firewall security flaws by Sharepro
    By Zato in forum Firewall & Honeypot Discussions
    Replies: 2
    Last Post: February 1st, 2004, 01:01 PM
  5. Traceroute: under the hood
    By antihaxor in forum Non-Security Archives
    Replies: 0
    Last Post: January 24th, 2002, 05:42 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •