Bj, normally I find myself agreeing with you comments but not in this case. A router is not a firewall. A router has routing tables to manage where packets are sent. These are dynamic tables (one used to have to enter IP addresses manually) but such tables in no way constitute a firewall. The intelligence that allows routers to dynamically manage addresses also allows additional features to be added. One of these is NAT (Network Address Translation) which acts something like a proxy server. The NAT connects private addresses (usually the reserved 192.168.xxx.xxx range) to the internet through a public IP (usually assigned by your ISP). That's all it does. It "hides" your network but not very effectively. It is most emphatically not a firewall.
Linksys, D-Link, and Netgear (popular home routers) also include some elementary firewall features in their routers. Some of these features will drop packets with the private address which originate outside the network (such addresses are forged since they should be dropped by public routers by default). Other features allow for the creation of a DMZ to manage a public web server. And some even allow stateful inspections of packets (which determines that your network initiated the session not the other way around). These are sometimes running by default and sometimes have to initiated by you, the end user. And even with all these features added, an application firewall like Zone Alarm or Tiny is advisable on all machines, especially any servers, in your home network. It is possible to forge packets to fake a session by an application. This kind of software firewall is designed to prevent that forgery by being sure that you initiated the application session. It also watches that things like Trojans don't communicate out to their masters. These firewalls protect an individual machine while router based firewalls protect the network. And none of this has anything at all to do with email security. That's a separate but related need. The best advice is protection in depth and there is no such thing as too much depth. drew -----Original Message----- From: PlainWeb Design [mailto:[EMAIL PROTECTED] Sent: Saturday, March 01, 2003 5:58 PM To: [EMAIL PROTECTED] Subject: [wdvltalk] Re: How Firewall? --- Zhao <[EMAIL PROTECTED]> wrote: > > For a small home network, what firewall is > suitable to use? You don't need to run a firewall on the PCs to protect them if you are connecting to the Internet through a router like the Linksys. That acts as a physical firewall between your network and the internet. There are more expensive routers that have their own firewall software if you need to do very complicated stuff like having certain ports blocked and others open, or running a public Web server from your network. If you are going to avoid using a router and just do connection sharing from one of the PCs, then you need a good software firewall like ZoneAlarm which is free and also very good. Bj ===== Sunshine Graphics / PlainWeb Design Website Design, Programming and Hosting http://www.sungraph.co.uk http://www.plainweb.co.uk __________________________________________________ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com ____ * The WDVL Discussion List from WDVL.COM * ____ To Join wdvltalk, Send An Email To: mailto:[EMAIL PROTECTED] Send Your Posts To: [EMAIL PROTECTED] To change subscription settings to the wdvltalk digest version: http://wdvl.internet.com/WDVL/Forum/#sub ________________ http://www.wdvl.com _______________________ You are currently subscribed to wdvltalk as: [EMAIL PROTECTED] To unsubscribe send a blank email to %%email.unsub%% ____ � The WDVL Discussion List from WDVL.COM � ____ To Join wdvltalk, Send An Email To: mailto:[EMAIL PROTECTED] Send Your Posts To: [EMAIL PROTECTED] To change subscription settings to the wdvltalk digest version: http://wdvl.internet.com/WDVL/Forum/#sub ________________ http://www.wdvl.com _______________________ You are currently subscribed to wdvltalk as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED]
