Home Firewall

Posted on 2011-03-22
Medium Priority
Last Modified: 2012-06-27
I guess this is more of an opinion question, but is a true home firewall needed?  Is a Linksys/Netgear router enough?

I understand that a firewall is really only a portion of the defense in depth approach.  I know there is not a magic silver bullet.  I patch my PCs, encrypt/secure my wireless, put AV/Malware protection on my computers/smartphones.  Our home networks are becoming more sophisticated as time goes on and we store more sensitive data on that network than ever before.

I'm getting ready to revamp my home network infrastructure was just curious what other people think about this topic.
Question by:Kram80
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 15

Assisted Solution

DonConsolio earned 148 total points
ID: 35195240
If you do not intend to provide services like WWW/FTP/mail to the internet and you
secure your internal network you can be perfectly secure behind a NAT router.

Assisted Solution

siht earned 148 total points
ID: 35195241
I'd have a think about what I keep on my home network. Are you keeping banking details on your network? Do you bring work data home or work from home? How valuable to potential data thieves is it and how paranoid are you?

Some SOHO routers have a pretty good feature set, I have a Billion 7800N which I find more than adequate and far better than the general Linksys/Netgear ones I have used n the past. There are also dedicated firewall systems available for free such as pfsense and smoothwall which will happily run on most old hardware, both of these offer many advanced options.

To directly answer your question, you'll probably be OK with a basic Linksys/Netgear home router in combination with the other good practices you are implementing. For some though, myself included, probably isn't good enough and implementing something stronger is neither expensive or too difficult.


LVL 17

Assisted Solution

Steve earned 552 total points
ID: 35196956
If you have an internet connection with a provider then it is their responsibility to a point to provide hardware that is fit for purpose to protect you and themselves from unauthorised use.

Most companies from my experience offer either a Netgear/Linksys/D-Link/Sagem/Cisco solution on lines running from 0.5mb to 100mb the hardware provided is pretty much the same

Provided you have updated antivirus to stop any malicious software being installed and some anti-malware software handy (like malwarebytes anti-malware), given the scope of the internet itself and the amount of connected devices there is always safety in numbers.

There is only so much that cna be done, if you want to give yourself a project you can always install something like suggested by siht i.e. smoothwall (or clearos) however this has its own overheads and technical knowledge/it resources are needed.


Assisted Solution

FWeston earned 152 total points
ID: 35206646
It depends largely on the people who will be using the network.  If, for example, you have children, they are a huge risk vector because kids will download and run just about anything, so there's a big potential for them to get crapware on their systems.

One of the most overlooked areas of security in my opinion is securing outbound traffic.  Most routers/firewalls deny everything inbound by default, but I'd say that it's also a good idea to deny all outbound traffic by default as well.  For example, if you have a home NAS or media PC, chances are that it doesn't have any real need to talk to the Internet that much if at all, so a good first step would be to isolate devices such as that and make sure they cannot talk to anything other than the local LAN.

You could also further isolate at risk systems (kids PCs, etc) by placing them on a separate VLAN and placing a firewall between them and the main VLAN where your PC with your sensitive data sits.  Consumer level networking gear is getting better all the time, so I'd imagine there's probably something made by Linksys or Netgear that can accomplish this.  If not, there's tons of used Cisco gear that could do it very easily.  For example, you could probably pick up a used asa5505 for a couple hundred bucks.  There's definitely a learning curve if you're unfamiliar with Cisco equipment, but you can get a smartnet contract pretty inexpensively which will give you access to the Cisco TAC, where you can get configuration assistance.
LVL 17

Accepted Solution

Steve earned 552 total points
ID: 35252164
There are also routers on the market that offer a main and then a guest network as part of the configuration options of the router by default, i know some netgears do this.

This way you could seriously lock down and secure "your" devices and disable SSID so no one can even see the wireless then configure the guest settings and use that for everything else

Featured Post

Ransomware Attacks Keeping You Up at Night?

Will your organization be ransomware's next victim?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with our Ransomware Prevention Kit!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question