Router and NAT/firewall question

Do the current Dlink or Linksys wireless .11b routers offer any kind of
decent firewall protection (like the wired ones do) or is it strictly
routing capabilities?
Thanks.


--
---
N.

"Sylvestre" <(E-Mail Removed)> wrote in message
news:3zX0b.6194$(E-Mail Removed)
>
> Do the current Dlink or Linksys wireless .11b routers offer any kind
> of decent firewall protection (like the wired ones do) or is it
> strictly routing capabilities?

Define "decent".

Consumer routers usually offer Network Address Translation (NAT) and
Stateful Packet Inspection (SPI) which function as a light firewall
sufficient for most home networks.

However, software firewalls (like ZoneAlarm) that run on the client PCs will
offer a bit more functionality for little or no additional cost (but some
added complexity).

--
John T
http://tknowlogy.com/tknoFlyer
__________

John T wrote:
> "Sylvestre" <(E-Mail Removed)> wrote in message
> news:3zX0b.6194$(E-Mail Removed)
>
>>Do the current Dlink or Linksys wireless .11b routers offer any kind
>>of decent firewall protection (like the wired ones do) or is it
>>strictly routing capabilities?
>
>
> Define "decent".
>
> Consumer routers usually offer Network Address Translation (NAT) and
> Stateful Packet Inspection (SPI) which function as a light firewall
> sufficient for most home networks.
>
> However, software firewalls (like ZoneAlarm) that run on the client PCs will
> offer a bit more functionality for little or no additional cost (but some
> added complexity).
>

Look at Netgears FWAG114 -- VPN, NAT, SPI Wireless a/b/g ....

well, I run kerio as a software firewall anyway but I liked the old hardware
firewall linksys had on their wired routers. I was wondering if the new
wireless ones have the same functionality.

--
---
N.
"John T" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) ws.com...
> "Sylvestre" <(E-Mail Removed)> wrote in message
> news:3zX0b.6194$(E-Mail Removed)
> >
> > Do the current Dlink or Linksys wireless .11b routers offer any kind
> > of decent firewall protection (like the wired ones do) or is it
> > strictly routing capabilities?
>
> Define "decent".
>
> Consumer routers usually offer Network Address Translation (NAT) and
> Stateful Packet Inspection (SPI) which function as a light firewall
> sufficient for most home networks.
>
> However, software firewalls (like ZoneAlarm) that run on the client PCs
will
> offer a bit more functionality for little or no additional cost (but some
> added complexity).
>
> --
> John T
> http://tknowlogy.com/tknoFlyer
> __________
>
>
>

"Sylvestre" <(E-Mail Removed)> wrote in news:3zX0b.6194$q9.354947
@read1.cgocable.net:

> Do the current Dlink or Linksys wireless .11b routers offer any kind of
> decent firewall protection (like the wired ones do) or is it strictly
> routing capabilities?
> Thanks.
>
>

If the routers of this class had true FW capabilities, they would be able
to stop both inbound and outbound traffic by default. That have NAT and
maybe SPI -- FW like capabilities.

http://www.homenethelp.com/web/explain/about-NAT.asp
http://security.ziffdavis.com/print_...a=38771,00.asp
http://www.firewall-software.com/fir...rewall_do.html

Just because the routers in this class have the word FW in the title and
and maybe using VPN and SPI, does not indicate that these routers have
true FW capabilities. They have FW like capabilities and protect well,
but they can be defeated by a determined attacker.

The BEFW11S4 router if you read the datasheet at the www.linksys.com
doesn't even state that it has SPI, with SPI being the only part in the
firmware for this class of router that has any FW like capabilities.

Duane

"martyn" <(E-Mail Removed)> wrote in news:bi518l$r95$1
@hercules.btinternet.com:

> As long as you *can* block everything in and out if you
> want to would seem to be more important than the initial settings.

I'll have to agree with you on this as I adjust my views on this.

Yes many view these NAT routers as FW(s), but they are far from it.
However, they are good in stopping the casual attacks. But if someone
really wants to come at one, they can be defeated. I have seen a couple of
attacks come past the router to the machine on SQL Server like a hot knife
through butter. The host based FW on the machine stopped it.

Duane

--
The protection of the machine is a process and not a given!