Computer questions and solutions....thereof...

[jonnythan]

I went to a computer store today and asked about a router. He said if my computer is connected directly to the modem, I don't need a router.

In my opinion, as a network security professional, having a router on a broadband connection is an absolute necessity, no questions asked.

It's a critical piece of security hardware.

[blues2cruise]

OK. Once I get the speed thing sorted out, I will install a router to the system.

Are they all created equal?

[jonnythan]

OK. Once I get the speed thing sorted out, I will install a router to the system.

Are they all created equal?

For your purposes, pretty much. Try not to buy a wireless one if you don't plan on using a wireless laptop or desktop.. and if you do buy a wireless one, disable the wireless. You won't have to spend too much.

[blues2cruise]

Thanks. I won't be going wireless. I won't be getting a laptop. I can be away from the internet and not go through withdrawal..unlike some people I know....
They can't exist without being connected somehow.

I must go and call the Telus tech back. The hour is almost up.

[ofblong]

Well, the problem to me sounds more like the ISP is causing the issue. Blues' line is straight through the telephone lines. She's not wireless, so unless someone physically tapped her line, can they piggyback her connection???

Most people don't hook their cable or DSL modem directly to their computer, nor should they.

If blues made the sensible choice to install a router in between her modem and her computer, chances are very high that said router is a router with wireless networking built in (it's virtually impossible to buy a router without wireless capabilities these days). These wireless routers have insecure wireless networks set up by default. It is trivial for a neighbor to connect a laptop or desktop with a wireless card to this network and then use its internet connection for... whatever.

This happens all the time. If I "open" my wireless network, I'll see other people using it within an hour.

you need to take a walk around walmart. they have like 4 or 5 wired only routers. With that said I have one person around me that has an "open" connection . It is very easy to find a wired only router as EVERYONE still sells them especially since wireless is so insecure even if you do password and encrypt it. Anyone with any sense can just as easily connect straight to the cable modem/dsl without any problems as well just have to have the right software. I myself wouldnt recommend it because that software is a big memory hog and a router with built in firewall, yes you can still find routers without firewalls though rare, is the best way to go. Either way you shouldnt be saying no one should connect directly to their cable modem/dsl modem etc etc as sometimes there is a need for that.

[Nibblet99]

I went to a computer store today and asked about a router. He said if my computer is connected directly to the modem, I don't need a router.

In my opinion, as a network security professional, having a router on a broadband connection is an absolute necessity, no questions asked.

It's a critical piece of security hardware.

I'm asking them... why? - Feel free to be as technical as you like, my networking infrastructure knowledge is ok

[ofblong]

I went to a computer store today and asked about a router. He said if my computer is connected directly to the modem, I don't need a router.

In my opinion, as a network security professional, having a router on a broadband connection is an absolute necessity, no questions asked.

It's a critical piece of security hardware.

I'm asking them... why? - Feel free to be as technical as you like, my networking infrastructure knowledge is ok

its only necessary for those who dont know what they are doing because your avg person does not know how to properly shield their computer from the internet. If it wasnt for me my neighbor would have more problems with their computer than they do and they dont have a router. They asked me to look at their computer one day and they had over 300 different spyware/adware programs on their computer along with about 40 or 50 virus's because they didnt properly shield their computer form the internet. The easiest way to do that is with a router because it takes all the computer power needed to run the programs that you would have to install on your computer and puts that onto your router. Basically a router will make your computer run faster in a sense that you wont have to have a bunch of memory hog programs running on your computer but instead are running on your router.

A router is better able to handle the firewall/ port blocking and routing of internet traffic better than your computer can because thats what its designed to do. Most routers that come with a firewall (good luck finding one that doesnt have a firewall installed nowdays) already block just about everything that should be blocked and then some. For examply my router I had to actually enable some ports and settings for me to be able to stream videos/movies from my computer to my xbox360 and Dlink MediaLounge because the router came preconfigured to automatically deny access to those ports/settings. Plus they, in a way, basically mask you from the internet. Meaning to your avg hacker you would be blind to them aka they wouldnt even know your on the internet because of the router.

[Nibblet99]

I went to a computer store today and asked about a router. He said if my computer is connected directly to the modem, I don't need a router.

In my opinion, as a network security professional, having a router on a broadband connection is an absolute necessity, no questions asked.

It's a critical piece of security hardware.

I'm asking them... why? - Feel free to be as technical as you like, my networking infrastructure knowledge is ok

its only necessary for those who dont know what they are doing because your avg person does not know how to properly shield their computer from the internet. If it wasnt for me my neighbor would have more problems with their computer than they do and they dont have a router. They asked me to look at their computer one day and they had over 300 different spyware/adware programs on their computer along with about 40 or 50 virus's because they didnt properly shield their computer form the internet. The easiest way to do that is with a router because it takes all the computer power needed to run the programs that you would have to install on your computer and puts that onto your router. Basically a router will make your computer run faster in a sense that you wont have to have a bunch of memory hog programs running on your computer but instead are running on your router.

A router is better able to handle the firewall/ port blocking and routing of internet traffic better than your computer can because thats what its designed to do. Most routers that come with a firewall (good luck finding one that doesnt have a firewall installed nowdays) already block just about everything that should be blocked and then some. For examply my router I had to actually enable some ports and settings for me to be able to stream videos/movies from my computer to my xbox360 and Dlink MediaLounge because the router came preconfigured to automatically deny access to those ports/settings. Plus they, in a way, basically mask you from the internet. Meaning to your avg hacker you would be blind to them aka they wouldnt even know your on the internet because of the router.

Firewalls don't protect you from adware/spyware, or most viruses (with the exception being ones that contain their own transfer client like blaster did) I would agree that they are generally configured with NAT which is a bit stricter than the Windows built in Firewall, but having McAfee installed, I'm not sure its much better than that.

The only major benefit is as you say the segregation into a wan and lan, which until people start learning to change the defaults on their router will never have a major impact, and besides if you can get through a firewall, you can get past this.

The downside is when people use VPN connections on routers with built in dns caching, unless you have reconfigured it to distribute internet based dns server settings, rather than the local cache, you start getting problems accessing your local intranet via dns name resolution

I'm still unconvinced just putting a box in for the sake of it is any better than installing Norton or McAfee

[blues2cruise]

Does having a router mean that a person does not need Ad-Aware, Spybot S&D, Norton, et al?

When you refer to those things being big memory hogs are you referring to the RAM? or the space on the hard drive?
My system has 173% resources free still, even with those programs installed.

Ya know what's great about a thread like this....I'm learning stuff.

[jonnythan]

A router does its job by shielding your computer from the internet. It physically disconnects your computer from the outside world.

You can, for the most part, get a similar effect by running a "personal firewall" like ZoneAlarm on your computer. These programs run on your computer as close to the network interface as possible and screen every tiny bit of data going into or out of your computer to make sure it's legitimate. They do have drawbacks, however. They do make your computer slower because they're analyzing every network packet. They can be annoying because they often ask you questions many users won't know how to answer. But the biggest thing is that, with just a personal firewall, anyone on the internet still has direct access to your computer. You hope that this firewall program will be sufficient to keep those people out, but.. the thing is running on your computer, and these people can still interface directly with your computer. They can probe your ports, poke your firewall to see if they can find any holes, etc.

When you install a router, people cannot interface directly with your computer because there is a literal physical disconnect. No one on the internet can directly interface with your computer *period*. They can only interface with the router itself. This simple fact means that installing a router is a huge boost to the security of your system.

There is one area where personal software firewalls do have a leg up on routers, though: personal firewalls inspect the data *leaving* your computer and can alert you if a program on your computer is trying to access the internet. Usually this is legitimate (Internet Explorer, for example, obviously will be sending internet requests), but sometimes you can have spyware or bots communicating with their masters or home servers without your knowledge. A personal firewall would catch this before they actually got any information out.

Of course, IMO, regular spyware and virus scans will catch the same programs though, so it's not something I generally worry about.

If you have a router installed, there is less need for a software firewall, but I recommend leaving the Windows Firewall enabled anyway.

You still need to perform regular virus and spyware scans, because spyware and viruses generally get installed through malicious web pages or direct user action, not through hacking from the internet.

I also suggest to people that they disable all of the "real time protection" aspects of their "protection" programs such as Norton Antivirus and Ad-Aware and so forth. These programs are of very limited use and *greatly* slow down systems. Norton's "real time scanner" scans every single file your computer accesses every single time you access it. Opening Word, for example, accesses hundreds of files on your hard drive, and Norton stops and scans every one. It can double application load times and make your hard drive thrash twice as much as normal.