Cable Forum - View Single Post

iron25 · 08-03-2005, 23:23

No you don't need one as long as your router is using nat, however, most people will tell you to install a software firewall as well because it will give you added security so that you can identify anything coming in and going out.

I have a windows 2000 box sitting behind a router without a firewall running and it is on for around 18 hours a day and it has yet to be compromised.

Some useful info from the web:

Security: Basic NAT is not a real firewall?
Basic NAT devices are not real firewalls, but they are usually considered ÃƒÆ’Ã†â€™Ãƒâ€šÃ‚Â¢ÃƒÆ’Ã‚Â¢ÃƒÂ¢Ã¢â€šÂ¬Ã…Â¡Ãƒâ€šÃ‚Â¬ ÃƒÆ’Ã¢â‚¬Â¹Ãƒâ€¦Ã¢â‚¬Å“good enoughÃƒÆ’Ã†â€™Ãƒâ€šÃ‚Â¢ÃƒÆ’Ã‚Â¢ÃƒÂ¢Ã¢â€šÂ¬Ã…Â¡Ãƒâ €šÃ‚Â¬ÃƒÆ’Ã‚Â¢ÃƒÂ¢Ã¢â€šÂ¬Ã…Â¾Ãƒâ€šÃ‚Â¢ for most home networks. By not forwarding requests or probes that originate from the internet to your LAN, a NAT device blocks most mischief. A simple NAT device can not keep hackers from running DOS (Denial Of Service) attacks on you, but individuals rarely get attacked like that. It will keep out people looking for file shares, rogue mail servers and web servers, and most port based exploits. Most also protect against SMURF and WinNuke atatcks. With a NAT device and a good anti-virus program, you should be safe from the most common kinds of internet attacks.

Stateful packet inspection (SPI)
Some NAT routers have an advanced form of firewall built in that does 'stateful packet inspection'. This allows the NAT devices to filter out specific kinds of data on your router like SYN flood attacks, IP Spoofing, Teardrop attacks and others. SPI is a general term that can describe a router that filters more kinds of attacks than basic NAT by closely examining packet data structures. Of course, each manufacturer will implement different kinds of SPI so not all SPI routers are equal. Routers with SPI can often log attacks.

08-03-2005, 23:23	#8
iron25 Inactive Join Date: Aug 2003 Location: nowhere Posts: 718	Re: I have a router....firewall needed? No you don't need one as long as your router is using nat, however, most people will tell you to install a software firewall as well because it will give you added security so that you can identify anything coming in and going out. I have a windows 2000 box sitting behind a router without a firewall running and it is on for around 18 hours a day and it has yet to be compromised. Some useful info from the web: Security: Basic NAT is not a real firewall? Basic NAT devices are not real firewalls, but they are usually considered ÃƒÆ’Ã†â€™Ãƒâ€šÃ‚Â¢ÃƒÆ’Ã‚Â¢ÃƒÂ¢Ã¢â€šÂ¬Ã…Â¡Ãƒâ€šÃ‚Â¬ ÃƒÆ’Ã¢â‚¬Â¹Ãƒâ€¦Ã¢â‚¬Å“good enoughÃƒÆ’Ã†â€™Ãƒâ€šÃ‚Â¢ÃƒÆ’Ã‚Â¢ÃƒÂ¢Ã¢â€šÂ¬Ã…Â¡Ãƒâ €šÃ‚Â¬ÃƒÆ’Ã‚Â¢ÃƒÂ¢Ã¢â€šÂ¬Ã…Â¾Ãƒâ€šÃ‚Â¢ for most home networks. By not forwarding requests or probes that originate from the internet to your LAN, a NAT device blocks most mischief. A simple NAT device can not keep hackers from running DOS (Denial Of Service) attacks on you, but individuals rarely get attacked like that. It will keep out people looking for file shares, rogue mail servers and web servers, and most port based exploits. Most also protect against SMURF and WinNuke atatcks. With a NAT device and a good anti-virus program, you should be safe from the most common kinds of internet attacks. Stateful packet inspection (SPI) Some NAT routers have an advanced form of firewall built in that does 'stateful packet inspection'. This allows the NAT devices to filter out specific kinds of data on your router like SYN flood attacks, IP Spoofing, Teardrop attacks and others. SPI is a general term that can describe a router that filters more kinds of attacks than basic NAT by closely examining packet data structures. Of course, each manufacturer will implement different kinds of SPI so not all SPI routers are equal. Routers with SPI can often log attacks.