Security Levels of Routers

[fastone]

I found this from the domain unixgeeks.org

"From a security standpoint, the most secure firewall is a standard
proxying firewall, where all traffic is inspected on an application layer.
However, that isn't always the most practical solution. A strictly proxy
environment is slow and difficult to maintain. Proxies have to be written
for new applications as they come out. An adaptive proxy, using a
combination of proxying and packet filtering, is far more likely to be
encountered."

It spoke of "standard proxy" as the most secure and "adaptive proxy" as a reasonable tradeoff for speed.

Can I get either of these with common routers?

I noticed that there are huge differences in the price of routers. What would be the steps in the "security range" of routers that are commonly available?

And what step would you advise a person to reach for "very strong" security?

 

[g-paw]

I currently have a ZyXEL x-550 and it comes with a firewall but you still need a software firewall like ZoneAlarm, there is a free version. The are 3 wireless security modes, WEP, WPA Personal, and WPA Enterprise. However, what level of security you can use will depend on your wireless card, i.e., you can't set the router to a higher level of security than your wireless card can handle. Suggest you check out the ZyXEL x-550 on line manual for more info. Any new router will have these security settings and the on-line manual for what ever router you are considering should explain the security. The X-550 is really easy to set up with good explanations and instructions

 

[riser]

He's referring to actual intelligent routers like a Cisco or the other major brand of which I can't think of the name.

With a Cisco router you manually enter in your ranges of what you want, what you don't want, where to send what, etc. You hand pick what you want. It is tedious for the first setup, time consuming, and out of the knowledge level of most people. You generally need to explicit training to get Cisco equipment to work. Even using the GUI is not as good as command lines.

The other brand uses a GUI and seems to be fairly easy to configure and comes recommended. You're paying the price because you have a whole new system checking everything. Your standad NAT router will cost $50-$150.
Your intelligent true router will be in the high hundreds, most likely thousands.

Your Linksys Router with 4 port switch actually isn't even in a true router but that's the name used to reference it.

 

[g-paw]

He's referring to actual intelligent routers like a Cisco or the other major brand of which I can't think of the name.

With a Cisco router you manually enter in your ranges of what you want, what you don't want, where to send what, etc. You hand pick what you want. It is tedious for the first setup, time consuming, and out of the knowledge level of most people. You generally need to explicit training to get Cisco equipment to work. Even using the GUI is not as good as command lines.

The other brand uses a GUI and seems to be fairly easy to configure and comes recommended. You're paying the price because you have a whole new system checking everything. Your standad NAT router will cost $50-$150.
Your intelligent true router will be in the high hundreds, most likely thousands.

Your Linksys Router with 4 port switch actually isn't even in a true router but that's the name used to reference it.

Didn't realize he was asking about a business rather than a home router, which it sounds like you're describing. Appreciate the clarification

 

[El0him]

Of course the best firewalls would be one that is of handling all seven layers but you have to keep in mind the performance of any device that does deep inspection. A device has to work a lot harder if it has to look into layer 7 than a firewall that only needs to look at layer 4. All business class routers, e.g. Netscreen, Pix, checkpoint, etc are all capable of deep inspection, but when your firewalls pass traffic at 800000 packets/second, you don't want to look further than layer 4.

 

[riser]

Checkpoint.. yeah that's the other company that generally comes highly recommended and uses a full GUI.
I was thinking HotPoint.. haha GE's cheap brand of appliances. haha

 

[trick97]

I currently have a ZyXEL x-550 and it comes with a firewall but you still need a software firewall like ZoneAlarm, there is a free version.

Interesting - i was always told that if you have a NAT enabled Router then you dont actually need a software firewall....

Am i wrong?

 

[riser]

Yes and No.

NAT hides your IP private IP address behind a Public IP address allowing one Public IP address to allow multiple private IP addresses.

It acts as a firewall but its not a true firewall. If you have only a NAT Router, you'll want to run a software Firewall. Routers today tend to be NAT and Firewalled together.

The downside of a software firewall is that if it gets hit.. your computer is already taking attacks - while they might not penetrate the firewall, it'll bog your computer down.

 

[El0him]

This device has basic firewall functions, like filtering based on IP address and perhaps ports and it claims to be a stateful packet inspection device, but that doesn't really mean much for these home devices.

As riser stated, NAT is not firewall. NAT is network address translations and it gives the capability of a router to translate or map private IP addresses to public IP addresses in a one-to-one nat or a port in the case of a NAT overload or PAT (port address translation).

It would be a very good idea to have a host based firewall as well because the host based firewall will also do application monitoring

Interesting - i was always told that if you have a NAT enabled Router then you dont actually need a software firewall....

Am i wrong?