Router Firewall security

Posted on 2005-03-10
Medium Priority
Last Modified: 2013-11-29
I have just bought a Linksys WRT54G router. I have networked my laptop (XP) and my PC (98) through the router but am a little confused about firewall security. I had to open up a hole in the XP firewall on my laptop in order to enable the network. I wasn't  not sure how vulnerable that left me to outside threats so I started thinking of putting ZoneAlarm on my laptop (It's already on my PC) as it is more powerful and configurable than the XP firewall. In researching this, I kept seeing posts on various sites by people  saying that they didn't have to worry about firewalls as they had routers! I can see no reference to firewall functionality in my Router documentation and have not had to configure anything (The router just plugged in and worked).

Do I have firewall in my router or what? I don't mind installing zonealarm but want to know if it's necessary.


Question by:JohnSaint
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 32

Expert Comment

ID: 13512651
Hi JohnSaint,

The router you use, uses Network Adress Translation (NAT) so the internal IP is extremely hard to find for any external source. Which effectively gives you a terrific hardware firewall.
99% of the treats come from virusses trying to exploid a hole in the security of windows, but the first thing the virus hit's when trying to access your network is the router which can't be caught by those virusses to spread it onto your network (as those virusses are mostly written for windows OSes)

That you had to open a port in your software firewall to allow networking is normal, no network can function without being able to make a connection.

You're as safe as you can get behind you router, further security isn't really needed, especially not for home-use.
Things you might want to check:
- See if any external access is allowed on your router (the configuration screen should only be accessible from the inside of the network)
- See if you have any "port-forwarding" setup, if you don't, you won't be extra vulnerable.
- Check if your router includes a firewall to protect you from some kind of other things like a syn-flood (sorry, I never used Linksys, so I can't tell you if this is possible)


LVL 41

Assisted Solution

stevenlewis earned 200 total points
ID: 13512865
I suggest zone alarm, but for a different reason
the router firewall will trigger when an internal client requests it to, but with ZA, you can also control outbound requests
I use both, my router firewall, and zone alarm
LVL 12

Assisted Solution

GinEric earned 200 total points
ID: 13514003
Have you read this as well, in the Security Experts posts:

A router is not a firewall, it is a router.

Use a software firewall, even a server, but there is no way a router can catch a virus.  That's not it's job.  It can filter some things, but it can't detect an actual virus unless it wastes all of its routing time using software itself to check all the virus signatures.

Zone Alarm is okay.  I found Guardian to be better.


Email virsuses go right through the router, unscathed.  You're putting too much trust in a device that was not meant to be an anti-virus and that's what you're trying to use it as.

To quote you and your manual "I can see no reference to firewall functionality in my Router documentation"

That's because it isn't there, again, a router is not a firewall.

You need a real Firewall program and a good Anti-virus program, on each machine.

NAT won't stop a virus anymore than it can stop your Internet connection, and you have to be Internet connected, even if behind a router with NAT, to send and receive on the Internet.

Most viruses come in emails, not directly from network traffic.
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 27

Assisted Solution

pseudocyber earned 400 total points
ID: 13516010
Actually, Firewalls aren't really anti-virus either.  Firewalls examine source, destination, and port.  Then they make decisions about wether or not to pass traffic based on rules they have in them.  While technology is progressing, and Firewalls are becoming more application aware, at their fundamental level, they're not really anti-virus either.

Author Comment

ID: 13516948
I was just pondering that, Psuedocyber. Thanks for confirming.
So, in summary...
I have anti-virus software on both machines.
I am hiding behind a router.
Do I need s/w firewalls on each machine?
I run ZoneAlarm on old pentium III and it doesn't seem too intrusive but I do like idea of using the minimum amount of components necessary.
That said, if there is a single valid reason for having firewalls on both machines, I would not hesitat to install. StevenLewis (above) gives a reason but I don't fully understand it.
I am happy to dish out more points (dummy question?) for more clarification. This is all good stuff for a network newbie like me.
LVL 32

Accepted Solution

LucF earned 1200 total points
ID: 13517005
I never tried to imply a firewall could replace a virusscanner... but it will protect you from major outbreaks like Blaster & Sasser did.

>>Do I need s/w firewalls on each machines.<<
It's best to do so yes, see it as an extra layer of protection, also from within the network. And, a software firewall can be used to check and control outgoing traffic. So if something gets installed on your computer and it tries to "phone home", this request will be denied until you specifically say it's allowed to.


Author Comment

ID: 13517026
That's seems reasonable. Do you want some points?
LVL 32

Expert Comment

ID: 13517054
I don't care too much about the points :)
Award as you see fit.

Do you have any more questions on this subject?


Author Comment

ID: 13517105
Sorry mate, I got confused there. Your getting the lion's share anyway.
Many thanks.

Author Comment

ID: 13517132
...And I think Pseud was replying to GinEric, not you.


Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Suggested Courses
Course of the Month15 days, 8 hours left to enroll

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question